You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@myfaces.apache.org by Hampus Wingren <ca...@bredband.net> on 2011/09/01 19:52:54 UTC
myfaces and security
Hi all,
I´m just curious if you have any extensions regarding security related stuff
such as CSRF protection?
If not, do know of any such libraries?
Regards,
Hampus
Re: myfaces and security
Posted by Leonardo Uribe <lu...@gmail.com>.
Hi
It is a topic that has been discussed on :
http://java.net/jira/browse/JAVASERVERFACES_SPEC_PUBLIC-869 Specify CSRF
Solution
http://java.net/jira/browse/JAVASERVERFACES_SPEC_PUBLIC-559 Support for the
"Synchronizer Token" pattern (avoiding double submits)
take a look at:
http://seamframework.org/Documentation/CrossSiteRequestForgery
I believe there is no any extension for csrf in myfaces land in this moment.
regards,
Leonardo Uribe
2011/9/1 Hampus Wingren <ca...@bredband.net>
> Hi all,
>
>
>
> I´m just curious if you have any extensions regarding security related
> stuff
> such as CSRF protection?
>
> If not, do know of any such libraries?
>
>
>
>
>
> Regards,
>
> Hampus
>
>
Re: myfaces and security
Posted by Kito Mann <ki...@virtua.com>.
Hampus,
As Leonardo pointed out, there are JSF-specific solutions in the works.
Also, Tomcat 7 has built-in support. You may want to look into that if
you're using Tomcat.
---
Kito D. Mann | twitter: kito99 | Author, JSF in Action
Virtua, Inc. | http://www.virtua.com | JSF/Java EE training and consulting
http://www.JSFCentral.com - JavaServer Faces FAQ, news, and info | twitter:
jsfcentral
+1 203-404-4848 x3
* Listen to the latest headlines in the JSF and Java EE newscast:
http://blogs.jsfcentral.com/roller/editorsdesk/category/JSF+and+Java+EE+Newscast
* Keep up with the aftermath of the Oracle/Sun merger:
http://www.mergerspeak.com
On Thu, Sep 1, 2011 at 1:52 PM, Hampus Wingren <
carl.hampus.wingren@bredband.net> wrote:
> Hi all,
>
>
>
> I´m just curious if you have any extensions regarding security related
> stuff
> such as CSRF protection?
>
> If not, do know of any such libraries?
>
>
>
>
>
> Regards,
>
> Hampus
>
>