[SHIRO-31] Add support for easy protection against CSRF attacks - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

I have raised a similar issue for the Grails plugin here:

http://jira.codehaus.org/browse/GRAILSPLUGINS-806

I'm not sure what form the implementation should take, but it's worth taking a look at the information provided by OWASP:

http://www.owasp.org/index.php/Top_10_2007-A5

I'm considering adding a <jsec:form> tag that automatically adds a generated token that can be checked by the JSecurity filter on form submission.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Peter Ledbrook

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 23/Jan/09 16:02

Updated:: 03/Jul/09 04:32