发表新帖
发表新帖

Spring MVC : How to Protect Application from CSRF and XSS

后端 未结
关注
3 1980
难免孤独
难免孤独 2021-02-04 21:55

What is the best way to protect our Spring MVC application from CSRF and XSS.

Is there native Spring MVC support for this?

相关标签:
3条回答
  • 太阳男子
    2021-02-04 22:17

    In Spring:

    Forms ( globally):

    <context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>

    Forms ( locally):

    <spring:htmlEscape defaultHtmlEscape="true" />
    0 讨论(0)
  • 北恋
    2021-02-04 22:20

    You can use Spring Security 3.2.0.RELEASE and enable csrf support with this configuration

    <http>
    <!-- ... -->
    <csrf />
</http>
    0 讨论(0)
  • 名媛妹妹
    2021-02-04 22:23

    Here is a blog about it.

    http://blog.eyallupu.com/2012/04/csrf-defense-in-spring-mvc-31.html

    another one.

    http://web.securityinnovation.com/appsec-weekly/blog/bid/79007/How-to-Prevent-Cross-Site-Request-Forgery-CSRF-in-SpringMVC

    For token generation esapi can be used. https://code.google.com/p/owasp-esapi-java/

    0 讨论(0)
 看不清?
提交回复
热议问题