csrfguard-test/csrfguard-test-jsp/src/main/webapp/WEB-INF/web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
		 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
		 xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
         http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
		 version="3.1">
	<display-name>OWASP CSRFGuard Test</display-name>
	
	<welcome-file-list>
		<welcome-file>index.html</welcome-file>
		<welcome-file>index.htm</welcome-file>
		<welcome-file>index.jsp</welcome-file>
		<welcome-file>default.html</welcome-file>
		<welcome-file>default.htm</welcome-file>
		<welcome-file>default.jsp</welcome-file>
	</welcome-file-list>
	
	<listener>
		<listener-class>org.owasp.csrfguard.CsrfGuardServletContextListener</listener-class>
	</listener>
	<listener>
		<listener-class>org.owasp.csrfguard.CsrfGuardHttpSessionListener</listener-class>
	</listener>

	<filter>
		<filter-name>CSRFGuard</filter-name>
		<filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>CSRFGuard</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<servlet>
		<servlet-name>JavaScriptServlet</servlet-name>
		<servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
		<init-param>
			<param-name>inject-into-attributes</param-name>
			<param-value>true</param-value>
		</init-param>
	</servlet>

	<servlet-mapping>
		<servlet-name>JavaScriptServlet</servlet-name>
		<url-pattern>/JavaScriptServlet</url-pattern>
	</servlet-mapping>

	<servlet>
		<display-name>CounterServlet</display-name>
		<servlet-name>CounterServlet</servlet-name>
		<servlet-class>org.owasp.csrfguard.test.CounterServlet</servlet-class>
	</servlet>
	
	<servlet-mapping>
		<servlet-name>CounterServlet</servlet-name>
		<url-pattern>/counter</url-pattern>
	</servlet-mapping>

	<!--<filter> Intended only for testing
		<filter-name>CorsFilter</filter-name>
		<filter-class>org.owasp.csrfguard.test.CORSFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>CorsFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>-->
</web-app>