Bean named 'requestDataValueProcessor' must be of type [org.springframework.web.servlet.support.RequestDataValueProcessor]

Question

Servlet.service() for servlet [springmvc] in context with path [] 
threw exception [Request processing failed; nested exception is 
org.springframework.beans.factory.BeanNotOfRequiredTypeExcepti
on: Bean named 'requestDataValueProcessor' must be of type [org.springframework.web.servlet.support.RequestDataValueProcessor], 
but was actually of type [org.springframework.security.web.servlet.suppo
rt.csrf.CsrfRequestDataValueProcessor]] 
with root cause
org.springframework.beans.factory.BeanNotOfRequiredTypeException: Bean named 
'requestDataValueProcessor' must be of type 
[org.springframework.web.servlet.support.RequestDataValueProcessor], but was actually of type 
[org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor]

I am getting this error.

Answer 1

Make sure you have spring-security-web installed and located with your spring-webmvc.

My situation that cause the same error message was that I have spring-webmvc coming out of the WAR but spring-security-web coming out of the EAR lib folder. This causes a class loading issue.

A hack was to clone the contents of CsrfRequestDataValueProcessor into my own class. Then add this to your security configuration.

<beans:bean name="requestDataValueProcessor"
        class="com.pa.web.internal2.tools.spring.csrf.ClonedCsrfRequestDataValueProcessor" />

Answer 2

This issue was caused when upgrading from Spring Security 3.x to 4.x. In Spring Security 4, CSRF is now enabled by default.

Add the follow to the login page

<csrf disabled="true"/>

Spring Security 3 to 4 Migration guide http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-xml.html#m3to4-xmlnamespace-csrf