How to login to a spring security login form using cURL?

Question

I am working on a springMVC project in which the user authentication is based on spring security. the idea is to have a mobile (android) application to be able to send some sort of data to backend. So before get my hand dirty into android developing I decided to mock the situation of login form using cURL. the login form

Accepted Answer

Use cURL like this: curl -d j_username=admin -d j_password=admin -L http://localhost:8080/app/j_spring_security_checkCSRFIf you get something like Expected CSRF token not found. Has your session expired? that means that CSRF token protection is enabled. To test it with cURL you need a cookie and a CSRF token itself.The following command will write all cookies to a file named cookie and print out the CSRF token. Spring Security default token parameter name is _csrf, if you&#8217;ve changed it then you need to change grep csrf also.curl --cookie-jar cookie -L http://localhost:8080/app/j_spring_security_check  | grep csrfThen you can execute next command which will pass all cookies from file. Don&#8217;t forget to replace |your_token_value| with an actual value which is printed out by the previous command (and _csrf parameter name if you&#8217;ve changed it).curl --cookie cookie -d "j_username=admin&j_password=admin&_csrf=|your_token_value|" -L http://localhost:8080/app/j_spring_security_checkFrom Spring Security 3.x to 4.xNote that in Spring Security 4.x default value for login-processing-url changed from /j_spring_security_check to POST /login, default value for username-parameter changed from j_username to username and default value for password-parameter changed from j_password to password. If an application explicitly provides these attributes, no action is required for the migration.

Advertisement

Answer

CSRF

From Spring Security 3.x to 4.x