[OWASP-ESAPI] ESAPI : CSRF with struts

Sukhmeet Sethi (India) Sukhmeet.Sethi at sdgc.com
Fri Mar 27 03:02:56 EDT 2009


Hi there,
 
I am trying to implement ESAPI - CSRF security in Struts web application
but wonder, how can I include CSRF token with each action.
As per documentation, I can add CSRF token to any URL using following
code:
 
String url = ESAPI.httpUtilities().addCSRFToken( "/example/action?t=1"
);
 
But what if I want to include token to all my action URL's as in struts,
the desired URL is generated through struts-config's action mapping.
Kindly let me know if there's way out or if there's any example
available.
 
Cheers,
Sukhi
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20090327/0ebb57f7/attachment.html 


More information about the OWASP-ESAPI mailing list