我将应用程序从 Spring Security 3.2 升级到 5.8。 遵循 Spring Security XML 如果我没有
,我会得到 403<security:http security="none" pattern="/dologin" />
否则我会收到 404
<security:form-login
login-page="/login"
login-processing-url="/dologin"
default-target-url="/secure/user/dashboard"
always-use-default-target='true'
authentication-failure-url="/login?error" />
DEBUG: org.springframework.security.web.context.SecurityContextPersistenceFilter - Cleared SecurityContextHolder to complete request
DEBUG: org.springframework.security.web.FilterChainProxy - Securing POST /dologin
DEBUG: org.springframework.security.web.context.SecurityContextPersistenceFilter - Set SecurityContextHolder to empty SecurityContext
DEBUG: org.springframework.security.web.csrf.CsrfFilter - Invalid CSRF token found for http://localhost:8080/dologin
DEBUG: org.springframework.security.web.access.AccessDeniedHandlerImpl - Responding with 403 status code
DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - Did not store empty SecurityContext
需要禁用 CSRF