to
org.apache.catalina.filters.CSRF_NONCE. I'm guessing that I should see this
as an attribute of the session.
Cheers,
Matt
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, April 13, 2011 4:15 PM
To: Tomcat Users List
Subject: Re: Help
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mathew,
On 4/12/2011 3:51 PM, Mathew Samuel wrote:
We don't make use of JSTL so I can't access it that way.
We do use XSL that is run through a transform. And of course relevant
values are retrieved from the back end too.
Depending on how to
-Original Message-
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
Sent: Sunday, April 10, 2011 6:22 PM
To: Tomcat Users List
Subject: Re: Help with CsrfPreventionFilter
2011/4/11 Mathew Samuel mathew.sam...@entrust.com:
Hi Konstantin,
I will try to avoid mapping the filter
that is already called as a result of using the CsrfPreventionFilter?
Cheers,
Matt
-Original Message-
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
Sent: Friday, April 08, 2011 4:53 PM
To: Tomcat Users List
Subject: Re: Help with CsrfPreventionFilter
2011/4/8 Mathew Samuel
2011/4/11 Mathew Samuel mathew.sam...@entrust.com:
Hi Konstantin,
I will try to avoid mapping the filter to those paths as you have suggested
as yes that is another approach I can try.
You had mentioned that the filter works by providing its own implementation
of encodeURL(). Is this a
,
Matt
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Thursday, April 07, 2011 5:02 PM
To: Tomcat Users List
Subject: Re: Help with CsrfPreventionFilter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeff,
On 4/7/2011 12:08 PM, Mathew Samuel
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mathew,
On 4/8/2011 9:26 AM, Mathew Samuel wrote:
Yes the webapp works perfectly fine if I comment out the CSRFPreventionFilter.
Good.
Also tried with url-pattern/*/url-pattern but it produced the
same result in that what loads is basically a
, April 08, 2011 10:42 AM
To: Tomcat Users List
Subject: Re: Help with CsrfPreventionFilter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mathew,
On 4/8/2011 9:26 AM, Mathew Samuel wrote:
Yes the webapp works perfectly fine if I comment out the CSRFPreventionFilter.
Good.
Also tried with url
: Mathew Samuel [mailto:mathew.sam...@entrust.com]
Sent: Friday, April 08, 2011 12:20 PM
To: 'Tomcat Users List'
Subject: RE: Help with CsrfPreventionFilter
Hi Chris,
That was a good test suggestion, to compare the page source between when CSRF
is on and off. What surprised me is that the page source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mathew,
On 4/8/2011 12:19 PM, Mathew Samuel wrote:
That was a good test suggestion, to compare the page source between when
CSRF is on and off. What surprised me is that the page source between
the two is identical.
But still with the CSRF
really wrong meaning that I'm taking something that is
likely simple to use and over-complicating it?
Cheers,
Matt
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Friday, April 08, 2011 3:23 PM
To: Tomcat Users List
Subject: Re: Help
Mathew Samuel wrote:
Well so much for my last post with images. Essentially it was showing a
screenshot when the filter was on and there were no images, no theme, nothing.
And then the following one with it off which had everything in place. But HTML
source is identical.
Thanks for posting
2011/4/8 Mathew Samuel mathew.sam...@entrust.com:
Hi Chris,
Thanks for your patience. So I've got CSRF to work at least to a certain
degree that it actually displays the page in it's entirety. But I literally
had to explicitly state each css, js, gif that was going to be referenced as
Hi,
I'm trying to make use of the CsrfPreventionFilter using 7.0.12 so this is what
I have added to the relevant web.xml
!-- Csrf prevention filter --
filter
filter-nameCSRFPreventionFilter/filter-name
2011/4/7 Mathew Samuel mathew.sam...@entrust.com:
Just wondering if some one has had success using this particular filter and
could give me pointers or perhaps an example on how I can properly use it.
The manager and host-manager webapps bundled with Tomcat are using this filter.
Best
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeff,
On 4/7/2011 12:08 PM, Mathew Samuel wrote:
filter-mapping
filter-nameCSRFPreventionFilter/filter-name
url-pattern*/url-pattern
/filter-mapping
The javadoc for that class says that the filter should be mapped to /*
16 matches
Mail list logo