The XSSXSRFFilter is a servlet filter that we use to block XSS and XSRF
security attacks on the webapps we provide in the server. The code has
to be included in a web.xml as a servlet filter, so it should not be in
the servlet chain for user apps.... Can you give more details on your app?
-Donald
yduchesne wrote:
2.1.4 (latest stable release)
kevan wrote:
On Nov 27, 2009, at 1:07 PM, yduchesne wrote:
I am trying to generate a web service from a stateless EJB. Deployment
works
but I can't access de WSDL, and I have no trace in the log files that the
EJB was exported as a web service. I do not provide a WSDL since I am
following the code first model and expecting Geronimo to generate the
WSDL
internally when the myServiceUrl?wsdl is invoked - just as in the gold
old
XFire days.
My problem is that I can't access the WSDL file, at the following URL
(which
corresponds to what I have read in the web services tutorial):
http://localhost:8080/CalculatorService/CalculatorServicePortType?wsdl.
I get this strange 400 HTTP error when trying to access the WSDL:
XSSXSRFFilter blocked HttpServletRequest due to invalid FORM content.
Hmm. What version of Geronimo?
--kevan
