Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Agnieszka Fijołek
Authentication Token and CSRF protection
January 4, 2012 6:22 AM
Answer

Agnieszka Fijołek

Rank: New Member

Posts: 1

Join Date: January 4, 2012

Recent Posts

Hi,

I want to use the authentication token to prevent Cross Site Request Forgery. It should be included in actions requests. I tried to put:

1auth.token.check.enabled=true
2auth.token.impl=com.liferay.portal.security.auth.SessionAuthToken


in portal-ext.properties, but unfortunately it didn't work. What is missing? (I'm using Liferay 5.2.9)

regards,
Agnieszka
Lilford Immanuel Arthur
RE: Authentication Token and CSRF protection
November 14, 2012 10:35 PM
Answer

Lilford Immanuel Arthur

Rank: Junior Member

Posts: 39

Join Date: October 6, 2009

Recent Posts

Agnieszka Fijołek:
Hi,

I want to use the authentication token to prevent Cross Site Request Forgery. It should be included in actions requests. I tried to put:

1auth.token.check.enabled=true
2auth.token.impl=com.liferay.portal.security.auth.SessionAuthToken


in portal-ext.properties, but unfortunately it didn't work. What is missing? (I'm using Liferay 5.2.9)

regards,
Agnieszka


Hi Agnieszka,

were you able to find a solution for this??? I have the same problem in 5.2.3

If you have figured it out pls share.. Thanks in advance

Lilford
Jason Roscoe
RE: Authentication Token and CSRF protection
February 6, 2013 10:20 AM
Answer

Jason Roscoe

Rank: Junior Member

Posts: 76

Join Date: October 23, 2008

Recent Posts

Has anyone found a solution for CSRF in Liferay 5.2.9??

Thanks
Lilford Immanuel Arthur
RE: Authentication Token and CSRF protection
February 6, 2013 11:43 AM
Answer

Lilford Immanuel Arthur

Rank: Junior Member

Posts: 39

Join Date: October 6, 2009

Recent Posts

Check this out.. This might help... Needs a bit of work / setup.. but it works..

https://www.owasp.org/index.php/CSRFGuard_3_Token_Injection