Sunday 2 January 2011

XSRF protection using Struts 2

I was recently ferretting around for different ways to handle XSRF protection in Struts 2.
(an explanation of this can be found here)

I was curious to see what other people are doing around this, but it seems that (as I expected) the general best practice still seems to be around unique token submission - which is fine.

At the same time. it dawned on me that I've not come across too much on how to do this with Struts 2.
But, fear not faithful readers, this blog entry here http://nickcoblentz.blogspot.com/2008/11/csrf-prevention-in-struts-2.html sums it up nicely.

Incidently, this guy also deals with several other Struts 2 topics in his blog, worth a look.

1 comment: