[OWASP-ESAPI] ESAPI : CSRF with struts
Sukhmeet Sethi (India)
Sukhmeet.Sethi at sdgc.com
Fri Mar 27 03:02:56 EDT 2009
I am trying to implement ESAPI - CSRF security in Struts web application
but wonder, how can I include CSRF token with each action.
As per documentation, I can add CSRF token to any URL using following
String url = ESAPI.httpUtilities().addCSRFToken( "/example/action?t=1"
But what if I want to include token to all my action URL's as in struts,
the desired URL is generated through struts-config's action mapping.
Kindly let me know if there's way out or if there's any example
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-ESAPI