преди 10 години · 09f6210c73
--- a/itest/context/src/integration-test/resources/http-extra-fsi-app-context.xml
+++ b/itest/context/src/integration-test/resources/http-extra-fsi-app-context.xml
@@ -15,6 +15,7 @@
 
				         <sec:intercept-url pattern="/**" access="@fsi.getAccessDecisionManager() eq @accessDecisionManager" />
			
 
				         <sec:form-login />
			
 
				         <sec:custom-filter ref="fsi" after="FILTER_SECURITY_INTERCEPTOR " />
			
 
				+        <sec:csrf disabled="true"/>
			
 
				     </sec:http>
			
 
				 
			
 
				     <bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
			
--- a/itest/web/src/main/webapp/WEB-INF/http-security-concurrency.xml
+++ b/itest/web/src/main/webapp/WEB-INF/http-security-concurrency.xml
@@ -27,6 +27,8 @@
 
				         <session-management>
			
 
				             <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
			
 
				         </session-management>
			
 
				+
			
 
				+        <csrf disabled="true"/>
			
 
				     </http>
			
 
				 
			
 
				 </beans:beans>
			
--- a/itest/web/src/main/webapp/WEB-INF/http-security-custom-concurrency.xml
+++ b/itest/web/src/main/webapp/WEB-INF/http-security-custom-concurrency.xml
@@ -16,6 +16,8 @@
 
				 
			
 
				         <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
			
 
				         <custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" />
			
 
				+
			
 
				+        <csrf disabled="true"/>
			
 
				     </http>
			
 
				 
			
 
				     <beans:bean id="aep" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
			
--- a/itest/web/src/main/webapp/WEB-INF/http-security.xml
+++ b/itest/web/src/main/webapp/WEB-INF/http-security.xml
@@ -27,6 +27,8 @@
 
				         </session-management>
			
 
				 
			
 
				         <remember-me key="doesntmatter" token-repository-ref="tokenRepo"/>
			
 
				+
			
 
				+        <csrf disabled="true"/>
			
 
				     </http>
			
 
				 
			
 
				     <beans:bean name="tokenRepo" class="org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl"/>
			
--- a/samples/cas/sample-xml/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/samples/cas/sample-xml/src/main/webapp/WEB-INF/applicationContext-security.xml
@@ -24,6 +24,7 @@
 
				         <custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
			
 
				         <custom-filter ref="casFilter" position="CAS_FILTER" />
			
 
				         <logout logout-success-url="/cas-logout.jsp"/>
			
 
				+        <csrf disabled="true"/>
			
 
				     </http>
			
 
				 
			
 
				     <authentication-manager alias="authManager">
			
--- a/samples/cas/sample-xml/src/main/webapp/secure/extreme/index.jsp
+++ b/samples/cas/sample-xml/src/main/webapp/secure/extreme/index.jsp
@@ -7,5 +7,6 @@ This is a protected page. You can only see me if you are a supervisor.
 
				 <p><a href="../../secure/index.jsp">Secure page</a></p>
			
 
				 <p><a href="../../secure/ptSample">Proxy Ticket Sample page</a></p>
			
 
				 <p><a href="../../j_spring_security_logout">Logout</a>
			
 
				+<
			
 
				 </body>
			
 
				 </html>