<div><span style="font-family:'Courier New',courier,monaco,monospace,sans-serif;font-size:16px">        <init-param></span><br style="font-family:'Courier New',courier,monaco,monospace,sans-serif;font-size:16px">
<span style="font-family:'Courier New',courier,monaco,monospace,sans-serif;font-size:16px">          <param-name>referer-pattern</</span><span style="font-family:'Courier New',courier,monaco,monospace,sans-serif;font-size:16px">param-name></span><br style="font-family:'Courier New',courier,monaco,monospace,sans-serif;font-size:16px">
<span style="font-family:'Courier New',courier,monaco,monospace,sans-serif;font-size:16px">          <param-value>.*</param-value></span><br style="font-family:'Courier New',courier,monaco,monospace,sans-serif;font-size:16px">
<span style="font-family:'Courier New',courier,monaco,monospace,sans-serif;font-size:16px">        </init-param></span></div><div><br></div>Quick question on the referer-pattern value...<div>This is used by the JavascriptServlet to do what?  The value you have here as an example is very encompassing, so I would like to understand it a bit better.</div>
<div><br></div><div>Thanks,</div><div><br></div><div>- Paul<br><br><div class="gmail_quote">On Tue, Dec 11, 2012 at 10:50 AM, P Manchanda <span dir="ltr"><<a href="mailto:manchandap@yahoo.com" target="_blank">manchandap@yahoo.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-size:12pt;font-family:Courier New,courier,monaco,monospace,sans-serif"><div><span>Hi,</span></div>
<div style="font-style:normal;font-size:16px;background-color:transparent;font-family:Courier New,courier,monaco,monospace,sans-serif"><br><span></span></div><div style="font-style:normal;font-size:16px;background-color:transparent;font-family:Courier New,courier,monaco,monospace,sans-serif">
<span>Please check your web.xml for the entries related to JavascriptServlet. Probably you are missing a init parameter. The entries should look like this:</span></div><div style="font-style:normal;font-size:16px;background-color:transparent;font-family:Courier New,courier,monaco,monospace,sans-serif">
<br><span></span></div><div style="font-style:normal;font-size:16px;background-color:transparent;font-family:Courier New,courier,monaco,monospace,sans-serif"><span> <servlet><br>      <servlet-name>JavaScriptServlet</servlet-name><br>
      <servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class><br>        <init-param><br>          <param-name>source-file</param-name><br>          <param-value>WEB-INF/Owasp.CsrfGuard.js</param-value><br>
        </init-param><br>        <init-param><br>          <param-name>inject-into-forms</param-name><br>         
 <param-value>true</param-value><br>        </init-param><br>        <init-param><br>          <param-name>inject-into-attributes</param-name><br>          <param-value>true</param-value><br>
        </init-param><br>        <init-param><br>          <param-name>domain-strict</param-name><br>          <param-value>true</param-value><br>        </init-param><br>        <init-param><br>
         
 <param-name>referer-pattern</param-name><br>          <param-value>.*</param-value><br>        </init-param><br>        <init-param><br>          <param-name>x-requested-with</param-name><br>
          <param-value>OWASP CSRFGuard Project</param-value><br>        </init-param><br>     </servlet></span></div><div> </div><div><div><div>___________________ <br>Thks & brgds <br>P Manchanda</div>
<div>Mobile: <a href="tel:%2B91-9811210374" value="+919811210374" target="_blank">+91-9811210374</a> <a rel="nofollow" href="http://geocities.com/manchandap/" target="_blank"></a><br></div></div></div><div><br></div>  <div style="font-family:Courier New,courier,monaco,monospace,sans-serif;font-size:12pt">
 <div style="font-family:times new roman,new york,times,serif;font-size:12pt"> <div dir="ltr"> <font face="Arial"> <hr size="1">  <b><span style="font-weight:bold">From:</span></b> sravani chukka <<a href="mailto:sravs63@gmail.com" target="_blank">sravs63@gmail.com</a>><br>
 <b><span style="font-weight:bold">To:</span></b> <a href="mailto:owasp-csrfguard@lists.owasp.org" target="_blank">owasp-csrfguard@lists.owasp.org</a> <br> <b><span style="font-weight:bold">Sent:</span></b> Tuesday, 11 December 2012, 18:19<br>
 <b><span style="font-weight:bold">Subject:</span></b> [Owasp-csrfguard] Error while using Owasp.CsrfGuard.jar<br> </font> </div><div><div class="h5"> <br><div><div style="direction:ltr;font-size:10pt;font-family:Tahoma">

<div>Hi,</div>
<div> </div>
<div>I have small problem using your jar and require some help using it. I was actually trying to deploy my EAR in jboss and when i host my weblauncher following exceptions are thrown showing these errors in <font></font></div>


<div>Owasp.CsrfGuard.jar.Below is the error </div>
<div> </div><font>
<div align="left">15:11:16,407 <b>INFO</b> [stdout] (http-/0.0.0.0:8081-1) [Tue Dec 11 15:11:16 IST 2012] [Info] CsrfGuard analyzing request /pf-weblauncher/loginRealm.jsp</div>
<div align="left"> </div>

<div align="left">15:11:16,498 <b>ERROR</b> [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/pf-system]] (http-/0.0.0.0:8081-2) <font style="BACKGROUND-COLOR:#ffff00">StandardWrapper.Throwable: </font></div>

</font><u><font color="#000080"><font color="#000080"><font style="BACKGROUND-COLOR:#ffff00">java.lang.RuntimeException</font></font></font></u><font><font style="BACKGROUND-COLOR:#ffff00">: missing required parameter referer-pattern</font>
<div align="left">at org.owasp.csrfguard.servlet.JavaScriptServlet.getRequiredInitParameter(</div></font><u><font color="#000080"><font color="#000080">JavaScriptServlet.java:206</font></font></u><font>) [Owasp.CsrfGuard.jar:]
<div align="left">at org.owasp.csrfguard.servlet.JavaScriptServlet.init(</div></font><u><font color="#000080"><font color="#000080">JavaScriptServlet.java:85</font></font></u><font>) [Owasp.CsrfGuard.jar:]
<div align="left">at org.apache.catalina.core.StandardWrapper.loadServlet(</div></font><u><font color="#000080"><font color="#000080">StandardWrapper.java:1202</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.catalina.core.StandardWrapper.allocate(</div></font><u><font color="#000080"><font color="#000080">StandardWrapper.java:952</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.catalina.core.StandardWrapperValve.invoke(</div></font><u><font color="#000080"><font color="#000080">StandardWrapperValve.java:188</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.catalina.core.StandardContextValve.invoke(</div></font><u><font color="#000080"><font color="#000080">StandardContextValve.java:161</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.catalina.authenticator.AuthenticatorBase.invoke(</div></font><u><font color="#000080"><font color="#000080">AuthenticatorBase.java:397</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(</div></font><u><font color="#000080"><font color="#000080">SecurityContextAssociationValve.java:153</font></font></u><font>) [jboss-as-web-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]
<div align="left">at org.apache.catalina.core.StandardHostValve.invoke(</div></font><u><font color="#000080"><font color="#000080">StandardHostValve.java:155</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.catalina.valves.ErrorReportValve.invoke(</div></font><u><font color="#000080"><font color="#000080">ErrorReportValve.java:102</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.catalina.core.StandardEngineValve.invoke(</div></font><u><font color="#000080"><font color="#000080">StandardEngineValve.java:109</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.catalina.connector.CoyoteAdapter.service(</div></font><u><font color="#000080"><font color="#000080">CoyoteAdapter.java:368</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.coyote.http11.Http11Processor.process(</div></font><u><font color="#000080"><font color="#000080">Http11Processor.java:877</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(</div></font><u><font color="#000080"><font color="#000080">Http11Protocol.java:679</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(</div></font><u><font color="#000080"><font color="#000080">JIoEndpoint.java:931</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at java.lang.Thread.run(Unknown Source) [rt.jar:1.7.0_04]</div>

<div align="left">15:11:16,500<b> ERROR</b> [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/pf-system].[JavaScriptServlet]] (http-/0.0.0.0:8081-2) <font style="BACKGROUND-COLOR:#ffff00">Allocate exception for servlet JavaScriptServlet: </font></div>

</font><u><font color="#000080"><font color="#000080"><font style="BACKGROUND-COLOR:#ffff00">java.lang.RuntimeException</font></font></font></u><font><font style="BACKGROUND-COLOR:#ffff00">: missing required </font>parameter referer-pattern
<div align="left">at org.owasp.csrfguard.servlet.JavaScriptServlet.getRequiredInitParameter(</div></font><u><font color="#000080"><font color="#000080">JavaScriptServlet.java:206</font></font></u><font>) [Owasp.CsrfGuard.jar:]
<div align="left">at org.owasp.csrfguard.servlet.JavaScriptServlet.init(</div></font><u><font color="#000080"><font color="#000080">JavaScriptServlet.java:85</font></font></u><font>) [Owasp.CsrfGuard.jar:]
<div align="left">at org.apache.catalina.core.StandardWrapper.loadServlet(</div></font><u><font color="#000080"><font color="#000080">StandardWrapper.java:1202</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.catalina.core.StandardWrapper.allocate(</div></font><u><font color="#000080"><font color="#000080">StandardWrapper.java:952</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.catalina.core.StandardWrapperValve.invoke(</div></font><u><font color="#000080"><font color="#000080">StandardWrapperValve.java:188</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.catalina.core.StandardContextValve.invoke(</div></font><u><font color="#000080"><font color="#000080">StandardContextValve.java:161</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.catalina.authenticator.AuthenticatorBase.invoke(</div></font><u><font color="#000080"><font color="#000080">AuthenticatorBase.java:397</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(</div></font><u><font color="#000080"><font color="#000080">SecurityContextAssociationValve.java:153</font></font></u><font>) [jboss-as-web-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]
<div align="left">at org.apache.catalina.core.StandardHostValve.invoke(</div></font><u><font color="#000080"><font color="#000080">StandardHostValve.java:155</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.catalina.valves.ErrorReportValve.invoke(</div></font><u><font color="#000080"><font color="#000080">ErrorReportValve.java:102</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.catalina.core.StandardEngineValve.invoke(</div></font><u><font color="#000080"><font color="#000080">StandardEngineValve.java:109</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.catalina.connector.CoyoteAdapter.service(</div></font><u><font color="#000080"><font color="#000080">CoyoteAdapter.java:368</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.coyote.http11.Http11Processor.process(</div></font><u><font color="#000080"><font color="#000080">Http11Processor.java:877</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(</div></font><u><font color="#000080"><font color="#000080">Http11Protocol.java:679</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(</div></font><u><font color="#000080"><font color="#000080">JIoEndpoint.java:931</font></font></u><font>) [jbossweb-7.0.16.Final-redhat-1.jar:]
<div align="left">at java.lang.Thread.run(Unknown Source) [rt.jar:1.7.0_04]</div>

<div align="left">15:11:22,714 INFO [stdout] (http-/0.0.0.0:8081-1) [Tue Dec 11 15:11:22 IST 2012] [Info] CsrfGuard analyzing request /pf-weblauncher/webLauncher.do</div>

<div align="left">15:11:37,659 INFO [stdout] (http-/0.0.0.0:8081-1) [Tue Dec 11 15:11:37 IST 2012] [Info] CsrfGuard analyzing request /pf-system/styles/styles.css</div>

<div align="left">15:11:37,662 INFO [stdout] (http-/0.0.0.0:8081-4) [Tue Dec 11 15:11:37 IST 2012] [Info] CsrfGuard analyzing request /pf-system/styles/button_style.css</div>

<div align="left">15:11:37,707 INFO [stdout] (http-/0.0.0.0:8081-1) [Tue Dec 11 15:11:37 IST 2012] [Info] CsrfGuard analyzing request /pf-weblauncher/webLauncher.do</div>
<div align="left"> </div>
<div align="left"> </div>
<div align="left"> </div>
<div align="left">and the above INFO logs continue to be printed forever. Can you please suggest about the cause of the error  and required workaround ?</div>
<div align="left"> </div>
<div align="left"> </div>
<div align="left"> </div>
<div align="left">Thanks,</div>
<div align="left">sravs</div></font></div><br>
</div><br></div></div>_______________________________________________<br>Owasp-csrfguard mailing list<br><a href="mailto:Owasp-csrfguard@lists.owasp.org" target="_blank">Owasp-csrfguard@lists.owasp.org</a><br><a href="https://lists.owasp.org/mailman/listinfo/owasp-csrfguard" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-csrfguard</a><br>
<br><br> </div> </div>  </div></div><br>_______________________________________________<br>
Owasp-csrfguard mailing list<br>
<a href="mailto:Owasp-csrfguard@lists.owasp.org">Owasp-csrfguard@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-csrfguard" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-csrfguard</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div>- Paul F. Volpe</div><div><i>OCMS Team Lead</i></div><div><a href="mailto:paul.volpe@gsa.gov" target="_blank">paul.volpe@gsa.gov</a></div><div>703-605-2617 (w)</div>
<div>585-214-9862 (c)</div><br>
</div>