2011/4/11 Mathew Samuel <mathew.sam...@entrust.com>: > Hi Konstantin, > > I will try to avoid mapping the filter to those paths as you have suggested > as yes that is another approach I can try. > > You had mentioned that the filter works by providing its own implementation > of encodeURL(). Is this a function I have to explicitly call > or is it something that is already called as a result of using the > CsrfPreventionFilter?
Something that you have to call explicitly. Though there are a number other means to call it, e.g. c:url tag of JSTL calls it. The filter wraps original request/response and provides implementation for this function. See the Servlet Spec for what encodeURL() is. BTW, the source code of the filter is available. You can read or debug it, if there are more questions. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
