Replies: 1 comment
-
Hello @prasjeku, It is hard to figure out what the problem may be, because you haven't provided enough information. What I would recommend is to check out the test application in the repository which comes with sample configurations for stateful JSP applications. If you are you using JSPs you need to add in the relevant Maven dependency ( |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I have incorporated CSRFguard in my application which is spring based. When I debug the application after including filters in web.xml. I am seeing that the tokenname is being passed as null in the application. What am i doing wrong? I do see the mastertoken and the logicalsessionKey values when i debug the code.
The code is failing in line 231 in TokenService.java file.
Since its not able to get the token name from the request its throwing and exception and showing the error page saying "You don’t have permission to access the page!"
I see these in the logs
2023-12-07 09:56:09 ERROR Log:73 - Potential cross-site request forgery (CSRF) attack thwarted (user:, ip:0:0:0:0:0:0:0:1, method:POST, uri:/admin/login, error:Required Token is missing from the Request)
2023-12-07 09:56:09 WARN CsrfGuardFilter:143 - Invalid request: URI: '/admin/login' | Remote Address: '0:0:0:0:0:0:0:1'
2023-12-07 09:58:58 ERROR Log:73 - Potential cross-site request forgery (CSRF) attack thwarted (user:, ip:0:0:0:0:0:0:0:1, method:POST, uri:/admin/login, error:Required Token is missing from the Request)
2023-12-07 09:58:58 WARN CsrfGuardFilter:143 - Invalid request: URI: '/admin/login' | Remote Address: '0:0:0:0:0:0:0:1'
I am not able to figure out why the token name is missing from the request. Since its a login jsp page I don't need to explicitly add any tags in the page.
Beta Was this translation helpful? Give feedback.
All reactions