Details
-
New Feature
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
I have raised a similar issue for the Grails plugin here:
http://jira.codehaus.org/browse/GRAILSPLUGINS-806
I'm not sure what form the implementation should take, but it's worth taking a look at the information provided by OWASP:
http://www.owasp.org/index.php/Top_10_2007-A5
I'm considering adding a <jsec:form> tag that automatically adds a generated token that can be checked by the JSecurity filter on form submission.