[JAVA] Spring Security causes 403 forbidden

The following error occurs when trying to access after session timeout in the environment where Spring Security is installed.

This occurs because the Http session is used as the save destination of the CSRF token when checking the CSRF token in the CSRF countermeasure of Spring Security.

To prevent this, it is possible to specify the transition destination at the time of session timeout in invalueSessionUrl () as shown in the following code.

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().invalidSessionUrl("/timeout");
  }

}

Recommended Posts

Spring Security causes 403 forbidden

About Spring Security authentication

Spring Security usage memo CSRF

Spring Security Usage memo Method security

Spring Security usage memo Remember-Me

[Spring Security] Spring Security on GAE (SE)

Try using Spring Boot Security

Spring Security usage memo CORS

Spring Security usage memo test

Spring Security usage memo Authentication / authorization

Implemented authentication function with Spring Security ②