Reputation: 1960
How to configure CSRF security in JSF
In our applications, there is inter war communications. Were one WAR sends http request to other. One/first WAR made up of JSP, Struts we have owasp csrf guard is implemented and configured for all its pages. The other/second WAR is made of spring, JSF. We have <protected-views> <url-pattern>**/*.xhtml</url-pattern> configuration in the faces-config.xml configuration file. When the navigation from the first war enters the second war. The csrf security is already enabled for the second war.
This causes s problem blocking JSF's own flow throwing 403 forbidden access + csfr token null error. I don't know how to enable csrf for JSF pages.
Also, I don't want to disable the csrf security. Tried googling but no help. Dose some one has some examples or tutorials link. Or guide me how to do the same.
Please find the image attached.
Thanking you in advance
Regards
Upvotes: 1
Views: 5675
Answers (1)
Related Questions
- Spring Boot CSRF
- How to enable CSRF protection in JSF-Spring integrated application
- How to enable/disable CSRF in Spring at runtime?
- How to enable CSRF token with Spring Boot
- Protecting web application from CSRF attack using Spring Security
- How JSF 2.0 prevents CSRF
- how could I use csrf in spring security
- Disable csrf using Java configuration
- CSRF protection in web application
- JSF 2.1 CSRF safe?