[Seasar-user:20802] Re: S2Flex2 を使用した場合のCSRF対策について

arkw [E-MAIL ADDRESS DELETED]
2011年 6月 10日 (金) 11:50:56 JST


$B$"$j$+$o$G$9!#(B

$B$h$[E-MAIL ADDRESS DELETED]$J<BAuJ}K!$H$O(BFlex$BB&$G$9$+!)(B Java$BB&$b4^$_$^$9$+!)(B


2011$BG/(B6$B7n(B8$BF|(B18:11 <[E-MAIL ADDRESS DELETED]>:

>
> $B$*@$OC$K$J$j$^$9!#(B
> $B>>K\$H?=$7$^$9!#(B
>
> S2Flex$B$r;HMQ$7$?%W%m%@%/%H$G$N(BCSRF$BBP:v$K$D$$$F!"0JA0!"<ALd$r$5$;$FD:$-$^$7$?$,!"(B
> $BFbMF$,B?>/6qBNE*$K$J$j$^$7$?$N$G!":FEY!"<ALd$5$;$FD:$-$^$9!#(B
> $B$4=u8@$rD:$1$^$7$?$i!"=u$+$j$^$9!#(B
>
>
> *$B!Z=$@5J}?K![(B*
>
> $B2<5-$N$h$&$J=$@5J}?K$rN)$F$^$7$?!#(B
> $B-!%5!<%PB&$N3F%a%=%C%I$N%Q%i%a!<%?$KG'>ZMQ%H!<%/%s$rDI2C!J0lHV:G8e!K(B
> $B-"%/%i%$%"%s%H$+$i$O!"G'>ZMQ%H!<%/%s$r%a%=%C%I%Q%i%a!<%?$H$7$FEO$9(B
> $B-#%5!<%PB&$O!"(BAOP$B$N(BIntercepter$B$G%H!<%/%s%A%'%C%/=hM}$r9T$&!#(B
>
>
> *$B!Z%3!<%I%5%s%W%k![(B*
> "token"$B$H$$$&%Q%i%a!<%?$,G'>ZMQ$N%H!<%/%s$G$9!#(B
>
> ===== Action Script =====
> $B!{(B XXX.as(Action Script)
> private function onXXX(params:Array):void {
> //$B%H!<%/%s$r<hF@$7$F!"%5!<%S%9%a%=%C%I$N%Q%i%a!<%?$KEO$9(B
>
>         var token:String;
>         token = getToken();
>
>         $B!A!A!A>JN,!A!A!A(B
>
>         S2FlexFactory.create(this, "XXXService",
> onYYY).service.setXXX(param1 ,token);
>
>
> private function onYYY(params:Array):void {
>
>         $B!A!A!A>JN,!A!A!A(B
>
> }
>
> ===== Java =====
> $B!{(B XXXServiceImpl.java
> @Aspect("xxxInterceptor")
> public RetBooleanDto setXXX(String param1, String token) {
>
>         $B!A!A!A>JN,!A!A!A(B
>
> }
>
> $B!{(B XXXInterceptor.java
> package aop;
>
>         $B!A!A!A>JN,!A!A!A(B
>
>
> import org.aopalliance.intercept.MethodInvocation;
> import org.seasar.framework.aop.interceptors.AbstractInterceptor;
> import org.seasar.framework.container.S2Container;
> import org.seasar.framework.container.factory.SingletonS2ContainerFactory;
>
>
>
> public class XXXInterceptor extends AbstractInterceptor  {
>
> protected Log log = LogFactory.getLog(this.getClass());
> public Object invoke(MethodInvocation invocation)throws Throwable {
>
>         $B!A!A!A>JN,!A!A!A(B
>
>         //$B%H!<%/%s$r%5!<%S%94X?t$N%Q%i%a!<%?$+$i<hF@$9$k(B
>         String token = (String)args[args.length - 1];
>
>         $B!A!A!A>JN,!A!A!A(B
>
>         //$B%H!<%/%s$r%A%'%C%/$9$k(B
>         }
> }
>
> ===== daicon =====
> $B!{(Bapp.dicon
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE components PUBLIC "-//SEASAR//DTD S2Container 2.4//EN"
>         http://www.seasar.org/dtd/components24.dtd><http://www.seasar.org/dtd/components24.dtd>
> <components>
>         $B!A!A!A>JN,!A!A!A(B
>         <include path="tokenCherkAop.dicon"/>
>         $B!A!A!A>JN,!A!A!A(B
> </components>
>
> $B!{(B tokenCherkAop.dicon
> <?xml version="1.0" encoding="Shift_JIS"?>
> <!DOCTYPE components PUBLIC "-//SEASAR//DTD S2Container 2.4//EN"
>         http://www.seasar.org/dtd/components24.dtd><http://www.seasar.org/dtd/components24.dtd>
> <components>
>         <component name="XXXInterceptor" instance="request"
> class="aop.XXXInterceptor"/>
> </components>
>
>
> *$B!Z<ALdFbMF![(B*
>
> $B%5!<%PB&$O(BAOP$B$G0l2U=j$G$N%A%'%C%/=hM}$G<B8=$G$-$^$9$,!"(B
> $B%/%i%$%"%s%H$+$i$NG'>ZMQ%H!<%/%s$NEO$7J}$H$7$F!"(B
> $B3F%a%=%C%I$N%Q%i%a!<%?$H$7$F%5!<%PB&$GEO$9<BAuJ}K!$K$J$j$^$7$?!#(B
>
> $B$b$C$[E-MAIL ADDRESS DELETED]$JJ}K!$,$J$$$+$H!"<+J,$J$j$KD4$Y$F$_$^$7$?$,!"$J$+$J$+NI$$J}K!$,8+$D$+$j$^$;$s!#(B
>
> $B$h$[E-MAIL ADDRESS DELETED]$J<BAuJ}K!$r$4B8CN$NJ}$,$$$i$C$7$c$$$^$7$?$i!"$4=[E-MAIL ADDRESS DELETED]:$1$k$H=u$+$j$^$9!#(B
>
>
> $B$h$m$7$/$*4j$$CW$7$^$9!#(B
>
>
> $B>>K\(B
>
>
>
>  *[E-MAIL ADDRESS DELETED]*
> $BAw?.<T(B: [E-MAIL ADDRESS DELETED]
>
> 2011/05/12 12:54
>  [E-MAIL ADDRESS DELETED] $B$X(B
> $BJV?.$7$F$/$@$5$$(B
>
>   $[E-MAIL ADDRESS DELETED](B
> [E-MAIL ADDRESS DELETED]
> cc
>   $B7oL>(B
> [Seasar-user:20745] S2Flex2 $B$r;HMQ$7$?>l9g$N(BCSRF$BBP:v$K$D$$$F(B
>
>
>
>
>
> $B$O$8$a$^$7$F!#>>K\$H?=$7$^$9!#(B
>
> S2Flex$B$r;HMQ$7$F%7%9%F%`$r9=C[$7$F$*$j$^$9!#(B
> $B8=:_!"(BCSRF($B%/%m%9%5%$%H!&%j%/%(%9%H!&%U%)!<%8%'%j!<(B)$BBP:v$N<BAuJ}K!$r8!F$$7$F$*$jG:$s$G$*$j$^$9!#(B
>
> $B;d$NCN<1ITB-$@$H;W$$$^$9$,!"BP:v$r<B;\$5$l$?J}$d%R%s%H$r$*;}$A$NJ}$K$465<x$rD:$1$l$P9,$$$G$9!#(B
> *
> $B!ZA0Ds![(B*
> S2Flex$B!"6qBNE*$K$O(BS2Flex2Service$B$r;HMQ$7$F!"%5!<%P!<$KEPO?$5$l$?%5!<%S%9$r8F$S=P$7$F$$$k!#(B
>
> *
> $B!Z(BCSRF$BBP:v$K$D$$$F![(B*
> $B%5!<%S%98F$S=P$7$NA4$F$N2U=j$G(BCSRF$BBP:v$N<BAu$r9T$$$?$$$H9M$($F$$$^$9!#(B
> $BFbMF$r4JC1$K5-:\$9$k$H2<5-FbMF$G$9!#(B
>
> $B-!%5!<%P$O!"%o%s%?%$%`%H!<%/%s$r%j%/%(%9%H;~$K%l%9%]%s%9$H$7$FJV$9(B
> $B-"%/%i%$%"%s%H$O!"%5!<%S%98F$S=P$7;~$K!"-!$GH/9T$5$l$?%o%s%?%$%`%H!<%/%s$rEO$9(B
>
> $B2DG=$G$"$l$P!"%/%i%$%"%s%HB&!J(BFlex$B!K!"%5!<%PB&(B(Java)$B$G$=$l$>$l0l2U=j$N<BAu$GBP1~$7$?$$$H;W$C$F$$$^$9!#(B
>
> *
> $B!Z:$$C$F$$$k;v![(B*
> $B%o%s%?%$%`%H!<%/%s$N<u$1EO$7$N$?$a!"(BS2Flex2Service$B$N%j%/%(%9%H$H%l%9%]%s%9$NA42U=j$K(B
> $B$=$l$>$l<BAu$7$J$1$l$P$J$i$J$$$N$G$O$H;W$C$F$$$^$9!#(B
> $B$J$s$H$+%7%s%W%k$J<BAu$K:Q$^$;$?$$$G$9!#(B
>
> $B%5!<%PB&$O!"(Bfilter$B$rMxMQ$9$l$P2DG=$+$b$7$l$^$;$s$,!"6qBNE*$JBP1~:v$^$GF3$-=P$;$^$;$s$G$7$?!#(B
>
>
> $B4pK\E*$J<ALd$+$b$7$l$^$;$s$N$G!"62=L$G$4$6$$$^$9$,!"$I$&$>$h$m$7$/$*4j$$CW$7$^$9!#(B
>
>
> $B>>K\(B_______________________________________________
> Seasar-user mailing list
> [E-MAIL ADDRESS DELETED]
> https://ml.seasar.org/mailman/listinfo/seasar-user
>
>
> _______________________________________________
> Seasar-user mailing list
> [E-MAIL ADDRESS DELETED]
> https://ml.seasar.org/mailman/listinfo/seasar-user
>
>
-------------- next part --------------
HTML$B$NE:IU%U%!%$%k$rJ]4I$7$^$7$?(B...
URL: <http://ml.seasar.org/archives/seasar-user/attachments/20110610/0bf58aec/attachment.html>


Seasar-user メーリングリストの案内