Hi Chris, Thanks for your suggestion.
Yes the webapp works perfectly fine if I comment out the CSRFPreventionFilter. Also tried with "<url-pattern>/*</url-pattern>" but it produced the same result in that what loads is basically a text-based page with no images, no functionality behind buttons. So basically tried with this: <!-- Csrf prevention filter --> <filter> <filter-name>CSRFPreventionFilter</filter-name> <filter-class>org.apache.catalina.filters.CsrfPreventionFilter</filter-class> <init-param> <param-name>entryPoints</param-name> <param-value>/do/Start</param-value> </init-param> </filter> <filter-mapping> <filter-name>CSRFPreventionFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> i.e. used "/*" instead of "*" but still the same resulting webpage without my images etc. Any other ideas that I can try? Cheers, Matt -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, April 07, 2011 5:02 PM To: Tomcat Users List Subject: Re: Help with CsrfPreventionFilter -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff, On 4/7/2011 12:08 PM, Mathew Samuel wrote: > <filter-mapping> > <filter-name>CSRFPreventionFilter</filter-name> > <url-pattern>*</url-pattern> > </filter-mapping> The javadoc for that class says that the filter should be mapped to "/*" not "*". > Notice that as an entry point I have specified '/do/Start' which is > fine up to a point. Meaning that the Start page does load. Trouble is > that what loads is basically what looks like a text-based page. No > images, no functionality behind buttons. Just wondering if some one > has had success using this particular filter and could give me > pointers or perhaps an example on how I can properly use it. Does the webapp work properly when the CsrfPreventionListener is not enabled? If so, I'll bet that invalid URL pattern is somehow involved. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2eJlIACgkQ9CaO5/Lv0PCGRgCfTTI5f8lIdMkAlh/Jp9NvNnn6 pfEAn2xMFcXmD9ANtTIGoNm0Kc2YHzsF =Y2Jb -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org