Code: Select all
<blc:form action="/myform/datapost" method="POST">
Text1 <input type="text" name="data1" /><br/>
Text2 <input type="text" name="data2" /><br/>
num3 <input type="text" name="data3" /><br/>
<input type="submit" value="submit"/>
</blc:form>
The blc:form tag is a Thymeleaf processor that will automatically add a hidden csrfToken input field to your form, which is used by the CsrfFilter. The error that you got was likely related to a CSRF token being expired because the CsrfFilter operates on every single POST request. If you just use a raw form tag then that parameter does not get added and thus the CsrfFilter throws that exception.
The problem with excluding certain URLs from Spring Security is that none of the Broadleaf filters will be run. Spring Security has a filter chain (see springSecurityFilterChain) and all of the Broadleaf filters (including the CustomerStateFilters which looks up and adds a customer as a request attribute) are hooked up as apart of the Spring Security filter chain. You can see the referenced Broadleaf filters in applicationContext-filter.xml and you can see how and when they are hooked up into Spring Security by looking at applicationContext-security.xml.
org.thymeleaf.exceptions.TemplateProcessingException: Exception evaluating SpringEL expression: "customer.anonymous" (layout/partials/header:5)
This final error that you get is because since you excluded your URL from Spring Security completely, Broadleaf's CustomerStateFilter does not run and thus you get no Customer added as a request attribute (Thymeleaf exposes all request attributes as first-order citizens on the view layer without you explicitly adding them to the Model).
SO, all that said, here is what you need to do for all your stuff to work again:
1. Replace your <form> tag with <blc:form> (you should use this everywhere that you use the <form> tag)
2. Remove the exemption of /myform/** from Spring security (just delete that line)
and you should be good to go! Thanks for choosing Broadleaf and let us know if you have any other trouble getting things going!