RE: Found org.apache.catalina.filters.CSRF_NONCE

From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, April 15, 2011 3:49 PM To: Tomcat Users List Subject: Re: Found org.apache.catalina.filters.CSRF_NONCE -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mathew, On 4/15/2011 3:42 PM, Mathew Samuel wrote: > However the exc

RE: Found org.apache.catalina.filters.CSRF_NONCE

t Subject: RE: Found org.apache.catalina.filters.CSRF_NONCE > From: Mathew Samuel [mailto:mathew.sam...@entrust.com] > Subject: Found org.apache.catalina.filters.CSRF_NONCE > now I know that the org.apache.catalina.filters.CSRF_NONCE is not a String > but something else. Actually,

Found org.apache.catalina.filters.CSRF_NONCE

Hi, Thanks for all the help. Looks like I was able to find org.apache.catalina.filters.CSRF_NONCE. I was so happy I could have cried. It was part of an HttpSession object that had an attribute of org.apache.catalina.filters.CSRF_NONCE. Not sure why I couldn't find it before but perhaps I was e

RE: Trying to find session.org.apache.catalina.filters.CSRF_NONCE

, Matt -Original Message- From: Mathew Samuel [mailto:mathew.sam...@entrust.com] Sent: Thursday, April 14, 2011 9:58 AM To: 'Tomcat Users List' Subject: RE: Trying to find session.org.apache.catalina.filters.CSRF_NONCE Hi Chris, So I do in fact have a reference to the HttpSessio

RE: Help with CsrfPreventionFilter

st Subject: Re: Help with CsrfPreventionFilter -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mathew, On 4/12/2011 3:51 PM, Mathew Samuel wrote: > We don't make use of JSTL so I can't access it that way. > > We do use XSL that is run through a transform. And of course relevant

RE: Trying to find session.org.apache.catalina.filters.CSRF_NONCE

uot; call had been made to the HttpSession object? Cheers, Matt -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, April 13, 2011 4:24 PM To: Tomcat Users List Subject: Re: Trying to find session.org.apache.catalina.filters.CSRF_NONCE -

Trying to find session.org.apache.catalina.filters.CSRF_NONCE

Hi, There's an JSP example line given, with respect to using CSRF (Cross-site Request Forgery), that showed how one could access the CSRF nonce and include it with a URL: < c:url var="url" value="/show" > < c:param name="id" value="0" / > < c:param name="org.apache.catalina.filters.CSRF_NONCE"

RE: Help with CsrfPreventionFilter

. Cheers, Matt -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Sunday, April 10, 2011 6:22 PM To: Tomcat Users List Subject: Re: Help with CsrfPreventionFilter 2011/4/11 Mathew Samuel : > Hi Konstantin, > > I will try to avoid mapping the filt

RE: Help with CsrfPreventionFilter

that is already called as a result of using the CsrfPreventionFilter? Cheers, Matt -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Friday, April 08, 2011 4:53 PM To: Tomcat Users List Subject: Re: Help with CsrfPreventionFilter 2011/4/8 Mathew Samuel

RE: Help with CsrfPreventionFilter

ristopherschultz.net] Sent: Friday, April 08, 2011 3:23 PM To: Tomcat Users List Subject: Re: Help with CsrfPreventionFilter -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mathew, On 4/8/2011 12:19 PM, Mathew Samuel wrote: > That was a good test suggestion, to compare the page source between > w

RE: Help with CsrfPreventionFilter

: Mathew Samuel [mailto:mathew.sam...@entrust.com] Sent: Friday, April 08, 2011 12:20 PM To: 'Tomcat Users List' Subject: RE: Help with CsrfPreventionFilter Hi Chris, That was a good test suggestion, to compare the page source between when CSRF is on and off. What surprised me is that the p

RE: Help with CsrfPreventionFilter

riday, April 08, 2011 10:42 AM To: Tomcat Users List Subject: Re: Help with CsrfPreventionFilter -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mathew, On 4/8/2011 9:26 AM, Mathew Samuel wrote: > Yes the webapp works perfectly fine if I comment out the CSRFPreventionFilter. Good. > Also

RE: Help with CsrfPreventionFilter

N PGP SIGNED MESSAGE- Hash: SHA1 Jeff, On 4/7/2011 12:08 PM, Mathew Samuel wrote: > > CSRFPreventionFilter > * > The javadoc for that class says that the filter should be mapped to "/*" not "*". > Notice that as an entry point I h

Help with CsrfPreventionFilter

Hi, I'm trying to make use of the CsrfPreventionFilter using 7.0.12 so this is what I have added to the relevant web.xml CSRFPreventionFilter org.apache.catalina.filters.CsrfPreventionFilter entryPoints /do/Start

RE: tools.jar dependency with Tomcat 7.0.10?

. Sorry for the trouble. Cheers, Matt > From: Mathew Samuel [mailto:mathew.sam...@entrust.com] > Subject: RE: tools.jar dependency with Tomcat 7.0.10? > Here is the full stack trace: Nothing terribly exciting there. Can you tell us how you start Tomcat? If you're using the

RE: tools.jar dependency with Tomcat 7.0.10?

rch 09, 2011 12:07 PM To: Tomcat Users List Subject: Re: tools.jar dependency with Tomcat 7.0.10? On 09/03/2011 17:00, Mathew Samuel wrote: > Hi, > > Just trying to use Tomcat 7.0.10. I see the following in the relevant > catalina.err file: > > WARNING: Failed to process JAR

RE: tools.jar dependency with Tomcat 7.0.10?

esday, March 09, 2011 12:07 PM To: Tomcat Users List Subject: Re: tools.jar dependency with Tomcat 7.0.10? On 09/03/2011 17:00, Mathew Samuel wrote: > Hi, > > Just trying to use Tomcat 7.0.10. I see the following in the relevant > catalina.err file: > > WARNING: Failed to p

tools.jar dependency with Tomcat 7.0.10?

Hi, Just trying to use Tomcat 7.0.10. I see the following in the relevant catalina.err file: WARNING: Failed to process JAR [jar:file:/usr/java/jre1.6.0_24/lib/tools.jar!/null] for TLD files java.util.zip.ZipException: error in opening zip file It appears it is looking for this tools.jar but t