Hi, Thanks for all the help. Looks like I was able to find org.apache.catalina.filters.CSRF_NONCE. I was so happy I could have cried.
It was part of an HttpSession object that had an attribute of org.apache.catalina.filters.CSRF_NONCE. Not sure why I couldn't find it before but perhaps I was either checking the wrong HttpSession Object before or checking it at the wrong time or something. So now onto my next issue, I tried to so the following: String nonce = (String)session.getAttribute("org.apache.catalina.filters.CSRF_NONCE"); However the exception I received back was the following: java.lang.ClassCastException: org.apache.catalina.filters.CsrfPreventionFilter$LruCache cannot be cast to java.lang.String Ok, now I know that the org.apache.catalina.filters.CSRF_NONCE is not a String but something else. In the API description for org.apache.catalina.filters.CsrfPreventionFilter.LruCache<T> there is only two methods: add and contains. Neither of which would help me access the value of this CSRF_NONCE. And maybe I'm going about this all wrong, and how this works, but what I was thinking about doing was to grab what I had presumed to be a value from the Attribute org.apache.catalina.filters.CSRF_NONCE and ensure that value gets propagated so that when the XSLT does it's transformation it will be there included with the link (we don't use JSP). I am going about this correctly right? If so is there a value from org.apache.catalina.filters.CSRF_NONCE that I should be able to extract? Like the actual nonce value? Cheers, Matt --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org