Hi, We don't make use of JSTL so I can't access it that way.
We do use XSL that is run through a transform. And of course relevant values are retrieved from the back end too. So, in the back-end, would I have to essentially subclass org.apache.catalina.filters.CsrfPreventionFilter (since that would be the only way I could invoke the protected method generateNonce) in order to create the nonce? Or am I over-complicating matters as there exists a simpler way keeping in mind we don't use JSTL? I apologize, I am new at this so I am try to learn this all as I go along. Cheers, Matt -----Original Message----- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Sunday, April 10, 2011 6:22 PM To: Tomcat Users List Subject: Re: Help with CsrfPreventionFilter 2011/4/11 Mathew Samuel <mathew.sam...@entrust.com>: > Hi Konstantin, > > I will try to avoid mapping the filter to those paths as you have suggested > as yes that is another approach I can try. > > You had mentioned that the filter works by providing its own > implementation of encodeURL(). Is this a function I have to explicitly call > or is it something that is already called as a result of using the > CsrfPreventionFilter? Something that you have to call explicitly. Though there are a number other means to call it, e.g. c:url tag of JSTL calls it. The filter wraps original request/response and provides implementation for this function. See the Servlet Spec for what encodeURL() is. BTW, the source code of the filter is available. You can read or debug it, if there are more questions. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
