Spring Multipart/Form-data csrf issue

Question

i've been having issues with csrf validation with a multipart/form-data type of form, since it didnt let me authenticate nor upload my files, returning a 403 when trying to execute the call.

After some reseach i've found that supposedly, "multipart/form-data" forms have trouble with csrf, and thus i had to add the

<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />

annotation to each form in my .xhtml file. (Also tried the form action='', variation) And yet it kept returning that my csrf value was null

after some more research, i've tried adding the SpringMultipartFilter

<filter>
    <display-name>springMultipartFilter</display-name>
    <filter-name>springMultipartFilter</filter-name>
    <filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>springMultipartFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

and also stated the filterMultipartResolver bean in the application context of the presentation part:

<bean id="filterMultipartResolver" 
class="org.springframework.web.multipart.commons.CommonsMultipartResolver"> 
<property name="maxUploadSize" value="-1" />
</bean> 

and after doing that, Chrome did let me validate my user, and did let me press the upload button, returning a 200 (OK) code but, the file is not getting uploaded and debugging shows that my methods are not being called, consoles are not returning an error both Java nor Chrome Debug console, so im a little lost any help to solve or to get actual knowledge of what is happening would be appreciated, thanks.

Im using Spring+Primefaces+Maven.

Upload form in .xhtml:

<h:form id="uploadForm" enctype="multipart/form-data">
                <input type="hidden" name="${_csrf.parameterName}"
                value="${_csrf.token}" />
                <p:fieldset id="uploadBlock"
                    legend="#{message['cmb.title1.text.label']}">
                    <br />
                    <h:panelGroup layout="block"
                        style="float : left; margin-right : 10%;">

                        <h:panelGrid id="display1">

                            <p:fileUpload update=":tableForm:comparisonTable @this"
                                    fileUploadListener="#{ComparisonCSVController.upload}"
                                    allowTypes="/(\.|\/)(csv)$/i" mode="advanced" fileLimit="1"
                                    description="Select a csv file">

                                </p:fileUpload>

                            </h:panelGrid>

                        </h:panelGroup>
                    </p:fieldset>
                    <br />
    </h:form>

Im certain its not a problem with the actual methods of my beans or my beans, since everything was working till i enabled spring security, and if i turn it off, everything runs smooth, but i need it enabled, so im facing this problem.

Answer 1

Fixed after messing with the order of the filters in the web.xml. The order has to be: - Primefaces filter- (i did edit out a FORWARD tag) - MultiPart filter- - Spring Filter - - Prettyfaces filter, with ASYNC tag on-

Thank you.