I inherited a clusterf*** of a mess disguised as a JSP/servlet-based
MVC-ish app without the benefit of using Spring or Struts or any sort of
framework. No web services, but lots of $.ajax() POST calls to servlet
methods. I need to get this stabilized before I can redo everything using
REST/Angular
ponse; meanwhile I never figured out how to extract those values after a
document was rendered in a traditional MVC app.
On Thu, Sep 8, 2016 at 11:22 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Joe,
>
> On 9/
All,
I inherited a codebase that calls HttpServletResponse.sendRedirect() to
another page after a user is successfully logged in. I want to be able to
insert a header value before that redirection is executed. I tried to
simply add a HttpServletResponse.addHeader()/.setHeader() to the response
obj
method and the
eventual destination. Is this normal? I also recall reading Tomcat is
supposed to cache the last five tokens for a given current session - the
change in token values shouldn't affect usage, correct?
On Fri, Sep 2, 2016 at 10:14 AM Joe Tseng
wrote:
> For my app I was *mostly* su
For my app I was *mostly* successful in securing it using Tomcat's
CsrfPreventionFilter tool. I can land on my unsecured login.jsp page and
get the app to still redirect based on login success.
My problem is regardless of login success I'm getting a 403 error; I may be
implementing the token check
I want to have my landing page be accessible without using a nonce but
right now I'm getting a 403. I do have a separate login page that works
without a nonce.
The pertinent section of my web.xml is as follows:
entryPoints
/, /login.jsp, /JS/MIST.js
I also tried "/*" without success. I
Hello,
I'm trying to use CsrfPreventionFilter with a POST form in a JSP page and
my understanding of its use is I need to use a hidden value field with the
value I've set to ${session['org.apache.catalina.filters.CSRF_NONCE']}.
Right now when I load the page the value is simply blank. As far as I
