Hi,
There's an JSP example line given, with respect to using CSRF (Cross-site
Request Forgery), that showed how one could access the CSRF nonce and include
it with a URL:
< c:url var="url" value="/show" > < c:param name="id" value="0" / > < c:param
name="org.apache.catalina.filters.CSRF_NONCE"
value="${session.org.apache.catalina.filters.CSRF_NONCE}" / >< /c:url >< a
href="${show}">Show< /a >
How may I access this session.org.apache.catalina.filters.CSRF_NONCE value from
within a pure Java context? Would it be part of some sort of Java Session
object from which one of the attributes would be
org.apache.catalina.filters.CSRF_NONCE?
Might it depend on the configuration I have set up? In web.xml I do have the
org.apache.catalina.filters.CsrfPreventionFilter defined and I have specified a
filter-mapping.
I've tried a few things and so far have been unsuccessful at retrieving this
value. Any help would be appreciated.
Cheers,
Matt
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
