0

ZK 7.0.3 Spring Security 4.0.2 CSRF

asked 2015-10-22 13:59:23 +0800

gstath gravatar image gstath
1

updated 2015-10-22 14:07:46 +0800

I have recently started to develop an application which uses (JPA / Hibernate , Spring Core 4.1.8 , Spring Security 4.0.2 and ZK 7.0.3 for UI).

After successfully configure and implement a login screen that works with basic Spring Security and build some ZK screens I have found that if I leave csrf checking enabled on Spring Security Configuration ZK screens did not work (I am getting http error 403 csrf token not found).

I understand that ZK implements XSS and CSRF checks on its own.

So can I leave csrf checking disabled in Spring Security Configuration and know that ZK handles the matter inside its framework?

And

If I want to use in my application another technology that needs csrf checking (lets say a simple JSP) then what should I do? I thought that then I should enable csrf in Spring Security and use its logic in the JSP obviously but then I will have problems with the ZK Ajax requests?

So my actual question is: Is there something I am missing that integrates ZK's CSRF implementation with Spring Security CSRF checking?

Thank you very much for your time.

delete flag offensive retag edit
Be the first one to answer this question!
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

Follow
3 followers

RSS

Stats

Asked: 2015-10-22 13:59:23 +0800

Seen: 40 times

Last updated: Oct 22 '15

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More