I have Tomcat 8, Spring 4.2 and Spring security 4.0 on server. I try implement payments integration. After successful payment process payments service request to my server using GET to http://www.example.com/p/paysera/callback?data=cHJvamVjdGlkPTIzMTY0Jm9yZGVyaWQ...
and wait "OK" from me but my server return Expected CSRF token not found. Has your session expired?
Expected CSRF token not found. Has your session expired?
. But if I copy/paste this url directly to browser everything works ok.
Spring security config:
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers(..,"/p/**",..).permitAll()
.anyRequest().authenticated().and()
.csrf().csrfTokenRepository(csrfTokenRepository()).and()
.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
controller:
...
@RequestMapping(value = "/p/paysera/callback", method = RequestMethod.GET)
public @ResponseBody String paysera_callback(@RequestParam("data") String data,@RequestParam("ss1") String ss1){ ...
我在Spring安全性配置中添加了.csrf().ignoringAntMatchers("/p/paysera/callback")
。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.