Fitrah M
Reputation: 993
Spring MVC : How to Protect Application from CSRF and XSS
What is the best way to protect our Spring MVC application from CSRF and XSS.
Is there native Spring MVC support for this?
Upvotes: 4
Views: 4857
Answers (3)
iesen
Reputation: 65
You can use Spring Security 3.2.0.RELEASE and enable csrf support with this configuration
<http>
<!-- ... -->
<csrf />
</http>
Upvotes: 2
Sujith Nair
Reputation: 387
Here is a blog about it.
http://blog.eyallupu.com/2012/04/csrf-defense-in-spring-mvc-31.html
another one.
For token generation esapi can be used. https://code.google.com/p/owasp-esapi-java/
Upvotes: 0
Liam
Reputation: 2837
In Spring:
Forms ( globally):
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
Forms ( locally):
<spring:htmlEscape defaultHtmlEscape="true" />
Upvotes: 6
Related Questions
- Protecting web application from CSRF attack using Spring Security
- How to block or protect against XSS for Spring MVC 4 applications without SpringBoot
- How to handle CSRF protection with Spring RESTful web services?
- CSRF (Cross-site request forgery) protection in spring MVC
- How to prevent CSRF attack in Spring mvc 4
- how could I use csrf in spring security
- Web Security: Preventing CSRF attack
- CSRF protection in web application
- Protecting Spring MVC against XSS
- Prevent XSS in Spring MVC