[Esapi-user] CSRF JSF solutions

Sebastian smarichal at seciu.edu.uy
Tue Mar 22 10:32:14 EDT 2011

Hi Eric and Crhis,

some ago i sent an email asking for some help to configure CSRF Guard 
but there wasn't any reply.
Im pasting the mail here:


Some time ago I tried CSRF 2.2 and it worked well but it hadn't AJAX 
Support, so i decided to just wait some time and see if a new release 
was done with ajax support.

Now im trying CSRF Guard and i found that it has Ajax Support, 
great! The matter is that i couldn't configure it like the 2.2 version. 
In the version 2.2 i just modified the configuration file like this:



Configuring the JavaScriptHandler was enough to get the CSRF protection 
active and working well, but now i dont know how can i do to configure 
CSRF Guard along all the application!



Eric Sheridan wrote:
> Chris - thanks for the heads up.
> Sebastian - can you let me know what problems you had? I'm trying to
> elevate CSRFGuard 3.0 to BETA, thus the need to eliminate bugs and
> improve usability.
> -Eric
> On 3/21/11 6:57 PM, Chris Schmidt wrote:
>> Hi Sebastian - I am curious as to what kinds of issues you encountered when
>> trying to get CSRFGuard to work with JSF. I have also included Eric Sheridan
>> on this email, the maintainer of the CSRFGuard project.
>> -----Original Message-----
>> From: esapi-user-bounces at lists.owasp.org
>> [mailto:esapi-user-bounces at lists.owasp.org] On Behalf Of Sebastian
>> Sent: Monday, March 21, 2011 8:00 AM
>> To: esapi-user at lists.owasp.org
>> Subject: [Esapi-user] CSRF JSF solutions
>> Hi, some days ago i tried to configure CSRFGuard in a JSF proyect but i
>> couldn't do it successfully. So i found another solution here
>> http://blog.eisele.net/2011/02/preventing-csrf-with-jsf-20.html
>> It is much simpler than CSRFGuard, it hasn't advanced configuration options
>> but it seems to works fine!!
>> Cheers,
>> Sebastián
>> _______________________________________________
>> Esapi-user mailing list
>> Esapi-user at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/esapi-user

More information about the Esapi-user mailing list