[Owasp-csrfguard] Newbie question

Amol Kulkarni amolk112k at gmail.com
Thu May 2 11:44:32 UTC 2013


Hi,

I've a simple Email application in servlets. I want to secure email sending
using the csrfguard. The Compose and Send servlets are differerent. The
compose servlet just displays the compose page and the send page is invoked
to send the mail.


I've installed and configured it according to the document.

For protecting the send page, I've added it in filter like :
    <filter-mapping>
                <filter-name>CSRFGuard</filter-name>
                <url-pattern>/servlet/Send</url-pattern>
        </filter-mapping>


When any user logs in and sends mail, he gets error from csrf. In log it
shows :

[Thu May 02 17:02:27 IST 2013] [Info] CsrfGuard analyzing request
/baya/servlet/Send
[Thu May 02 17:02:27 IST 2013] [Error] potential cross-site request forgery
(CSRF) attack thwarted (user:abuse at test.int, ip:192.168.0.17,
uri:/baya/servlet/Send, error:required token is missing from the request
org.owasp.csrfguard.CsrfGuardException: required token is missing from the
request)


I think I'm missing something here.
Can anyone help me out ?

Thanks,
Amol.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20130502/a8b728c6/attachment.html>


More information about the Owasp-csrfguard mailing list