2
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

Spring Securityで403 forbiddenが発生する

Posted at

Spring Securityを導入した環境でセッションタイムアウト後にアクセスしようとすると以下のエラーが発生する

403.jpg

これはSpring SecurityのCSRF対策でCSRFトークンチェックをする際にCSRFトークンの保存先としてHttpセッションを使用しているために発生する。

これを防ぐためには、以下のコードのようにinvalueSessionUrl()にセッションタイムアウト時の遷移先を指定することで可能。

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().invalidSessionUrl("/timeout");
  }

}
2
2
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
2
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?