How can I prevent CSRF protection using Tomcat 7 ? I have heard that tomcat 7 provides CSRF filter http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters/CsrfPreventionFilter.html
But is it thread safe ? Or shall we do a custom protection in our spring 3 application ?