[Owasp-csrfguard] New to CSRFGuard 3 - problems - JSF1.2

Lucas Schmidt lucastschmidt.dev at gmail.com
Mon Jun 27 19:12:07 EDT 2011


Hey, I am trying to set up my application to add CSRFGuard as a filter, but
I am encountering a few problems.

 using the JSP tag csrf:form into the
authentication page ( /faces/index.html )

<filter-mapping>
<filter-name>CSRFGuard</filter-name>
<url-pattern>/faces/restricted/*</url-pattern>
</filter-mapping>

If I do this filter configuration into web.xml, when the login page opens,
and it tries to get the token to put into the form, it throws a null
exception, since CsrfGuard isnt instanciated.

And if I do a

<filter-mapping>
<filter-name>CSRFGuard</filter-name>
  <url-pattern>/faces/*</url-pattern>
</filter-mapping>

basically it tries to filter the authentication page, even when I config
into .properties as a public page.

Anyone can give me a little help? Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20110627/2cc75a30/attachment.html 


More information about the Owasp-csrfguard mailing list