Reputation: 4062
regarding CSRF Filter in Tomcat 7 url encoding
I work on a web application that is vulnerable to CSRF(Cross Site Request Forgery) attack. Tomcat 7 has a CSRF prevention filter. I went through the description to configure this filter. This filter expects that we call HttpServletResponse#encodeRedirectURL(String) or HttpServletResponse#encodeURL(String).
However, I see that in my application we are not using the above mentioned methods. We forward the response using mapping.findForward(target); without touching the request or response object. Can you please let me know how or where can I integrate encodeURL() or encodeRedirectURL() methods in my code?
Any help in this regard is appreciated.
Thanks,
Upvotes: 1
Views: 980
Answers (1)
Reputation: 177
You can Write a Servlet and map all urls (/*) to this servlet in your web.xml file. now you can use encodeUrl method through HttpServletResponse.
Upvotes: 1
Related Questions
- Tomcat 8.52 version CsrfPreventionFilter entryPoints param with regex pattern
- How to use Tomcat CSRF protection filter with session invalidation in Java
- Setting up CsrfPreventionFilter in Tomcat
- Tomcat 7 and CSRF filter
- Is it safe to use Tomcat CSRF filter which exposes token in the URL?
- Getting 403 error when using CSRF filter with tomcat 6.0.32
- Detect the URI encoding automatically in Tomcat
- CSRF protection in Tomcat
- What does a tomcat error about CsrfPreventionFilter mean?
- Handling Character Encoding in URI on Tomcat