myfaces and security

[Hampus Wingren <ca...@bredband.net>]

Hi all,

 

I´m just curious if you have any extensions regarding security related stuff
such as CSRF protection?

If not, do know of any such libraries?

 

 

Regards,

Hampus

Re: myfaces and security

[Leonardo Uribe <lu...@gmail.com>]

Hi

It is a topic that has been discussed on :

http://java.net/jira/browse/JAVASERVERFACES_SPEC_PUBLIC-869 Specify CSRF
Solution
http://java.net/jira/browse/JAVASERVERFACES_SPEC_PUBLIC-559 Support for the
"Synchronizer Token" pattern (avoiding double submits)

take a look at:

http://seamframework.org/Documentation/CrossSiteRequestForgery

I believe there is no any extension for csrf in myfaces land in this moment.

regards,

Leonardo Uribe

2011/9/1 Hampus Wingren <ca...@bredband.net>

> Hi all,
>
>
>
> I´m just curious if you have any extensions regarding security related
> stuff
> such as CSRF protection?
>
> If not, do know of any such libraries?
>
>
>
>
>
> Regards,
>
> Hampus
>
>

Re: myfaces and security

[Kito Mann <ki...@virtua.com>]

Hampus,

As Leonardo pointed out, there are JSF-specific solutions in the works.
Also, Tomcat 7 has built-in support. You may want to look into that if
you're using Tomcat.

---
Kito D. Mann | twitter: kito99 | Author, JSF in Action
Virtua, Inc. | http://www.virtua.com | JSF/Java EE training and consulting
http://www.JSFCentral.com - JavaServer Faces FAQ, news, and info | twitter:
jsfcentral
+1 203-404-4848 x3

* Listen to the latest headlines in the JSF and Java EE newscast:
http://blogs.jsfcentral.com/roller/editorsdesk/category/JSF+and+Java+EE+Newscast
* Keep up with the aftermath of the Oracle/Sun merger:
http://www.mergerspeak.com



On Thu, Sep 1, 2011 at 1:52 PM, Hampus Wingren <
carl.hampus.wingren@bredband.net> wrote:

> Hi all,
>
>
>
> I´m just curious if you have any extensions regarding security related
> stuff
> such as CSRF protection?
>
> If not, do know of any such libraries?
>
>
>
>
>
> Regards,
>
> Hampus
>
>