Spring Security 3.2.0.RC1 Highlights: CSRF Protection


This blog post is no longer maintained. Refer to the CSRF documentation for up to date information about Spring Security and CSRF protection.

On Monday I announced the release of Spring Security 3.2.0.RC1. This is the first of a two part blog series going over the new features found in Spring Security 3.2.0.RC1.

In this first entry, I will go over Spring Security's CSRF support. In the next post, I will go over the various security headers that have been added.

CSRF Attacks

Spring Security has added protection against Cross Site Request Forgery (CSRF) attacks. Great, but what is a CSRF attack and how can Spring Security protect me against it? Let's take a look at a concrete example to get a better understanding.