Spring Security causes 403 forbidden

The following error occurs when trying to access after session timeout in the environment where Spring Security is installed.

403.jpg

This occurs because the Http session is used as the save destination of the CSRF token when checking the CSRF token in the CSRF countermeasure of Spring Security.

To prevent this, it is possible to specify the transition destination at the time of session timeout in invalueSessionUrl () as shown in the following code.

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().invalidSessionUrl("/timeout");
  }

}

Recommended Posts

Spring Security causes 403 forbidden
About Spring Security authentication
Spring Security usage memo CSRF
Spring Security Usage memo Method security
Spring Security usage memo Remember-Me
Login function with Spring Security
[Spring Security] Spring Security on GAE (SE)
Try using Spring Boot Security
Spring Security usage memo CORS
Spring Security usage memo test
Spring Security usage memo Authentication / authorization
Implemented authentication function with Spring Security ②
Implemented authentication function with Spring Security ③
Spring Boot Tutorial Using Spring Security Authentication
Spring Security usage memo response header
Learn Spring Security authentication processing architecture
Spring Security usage memo session management
Spring Security usage memo Basic / mechanism
Authentication / authorization with Spring Security & Thymeleaf
Set Spring Security authentication result to JSON
Spring Security Usage Memo Domain Object Security (ACL)
DB authentication with Spring Security & hashing with BCrypt
Try Spring Security AES256 string encryption / decryption
Spring Boot @WebMvcTest test enables Spring Security default security
Use Spring Security JSP tags with FreeMarker
How Spring Security works with Hello World
Login function implementation by Spring Security (securityConfig)
Achieve BASIC authentication with Spring Boot + Spring Security