This content has been marked as final.
Show 3 replies
-
1. Re: RichFaces and Spring Security
iabughosh Dec 22, 2014 9:41 AM (in response to strannik_2011)Hello Sergey,
If you are using JSF 2.2 you can use its embedded feature to protect GET requests (Including Ajax calls) :
- At faces-config file add the following snippet :
<protected-views>
<url-pattern>/your-page.xhtml</url-pattern>
</protected-views>
regards.
-
2. Re: RichFaces and Spring Security
strannik_2011 Dec 22, 2014 11:42 AM (in response to iabughosh)Thank you, Ibrahim.
Do you mean that JSF already enables CSRF protection by default for POST requests?
-
3. Re: RichFaces and Spring Security
iabughosh Dec 22, 2014 2:36 PM (in response to strannik_2011)Yes Sergey, JSF by default protect applications from XSS and CSRF (post request).