Hi, There's an JSP example line given, with respect to using CSRF (Cross-site Request Forgery), that showed how one could access the CSRF nonce and include it with a URL:
< c:url var="url" value="/show" > < c:param name="id" value="0" / > < c:param name="org.apache.catalina.filters.CSRF_NONCE" value="${session.org.apache.catalina.filters.CSRF_NONCE}" / >< /c:url >< a href="${show}">Show< /a > How may I access this session.org.apache.catalina.filters.CSRF_NONCE value from within a pure Java context? Would it be part of some sort of Java Session object from which one of the attributes would be org.apache.catalina.filters.CSRF_NONCE? Might it depend on the configuration I have set up? In web.xml I do have the org.apache.catalina.filters.CsrfPreventionFilter defined and I have specified a filter-mapping. I've tried a few things and so far have been unsuccessful at retrieving this value. Any help would be appreciated. Cheers, Matt --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org