[Seasar-user:20815] Re: S2Flex2 を使用した場合のCSRF対策について

[[E-MAIL ADDRESS DELETED]]

$[E-MAIL ADDRESS DELETED]$5$s(B

$B$*@$OC$K$J$j$^$9!#(B
$B>>K\$G$9!#(B

$B$*K;$7$$$H$3$m!"JVEz$"$j$,$H$&$4$6$$$^$9!#(B

$B;d$,3NG'$7$?$+$C$?$N$O(BS2Flex2$B$G$7$?!#(B
S2Flex$B$O8m5-$G$9!#<:Ni$7$^$7$?!#(B

$B8=;~E@$NBP1~FbMF$OM}2r$G$-$^$7$?!#(B
$BBP1~J}K!$r8!F$$5$;$FD:$-!"I,MW$J;~E@$G8DJL$KAjCL$5$;$FD:$1$l$P$H;W$$$^$9!#(B

$B$"$j$,$H$&$4$6$^$9!#(B


$B>>K\(B





arkw <[E-MAIL ADDRESS DELETED]> 
$BAw?.<T(B: [E-MAIL ADDRESS DELETED]
2011/06/17 18:49
[E-MAIL ADDRESS DELETED] $B$X(B
$BJV?.$7$F$/$@$5$$(B


$[E-MAIL ADDRESS DELETED](B
[E-MAIL ADDRESS DELETED]
cc

$B7oL>(B
[Seasar-user:20804] Re: S2Flex2 $B$r;HMQ$7$?>l9g$N(BCSRF$BBP:v$K$D$$$F(B






$[E-MAIL ADDRESS DELETED]$G$9!#(B

$BB?$/$N%a%=%C%I$KBP$9$k=$@5$r9T$&$3$H$,8=<BE*$G$O$J$$$N$G$"$l$P!"(B
Flex$BB&$H(BJava$BB&$r3HD%$7$?$b$N$r:n$kI,MW$,$"$k$+$H;W$$$^$9!#(B
$B!&(BAMF$B%X%C%@!<$r;H$&(B
$B!&DL?.%a%C%;!<%8$r:[E-MAIL ADDRESS DELETED](B

$B$$$/$D$+J}K!$,$"$k$+$H;W$$$^$9!#(B
$B>\$7$$FbMF$O(BFlex$B$NItJ,$b$"$j$^$9$N$G!"8DJL$K$4AjCL$/$@$5$$!#(B


$B$^$?!"(BS2Flex$B$O$o$+$j$^$;$s$,!"(BS2Flex2$B$G$O!I(BCSRF$BBP:v!I$K3:Ev$9$k5!G=$OMQ0U(B
$B$7$F$$$^$;$s!#(B


$B0J>e$G$9!#(B


2011$BG/(B6$B7n(B10$BF|(B13:46 <[E-MAIL ADDRESS DELETED]>:

$B$"$j$+$o$5$s(B 

$B$*@$OC$K$J$j$^$9!#(B 
$B>>K\$G$9!#(B 

$BBP>]$O!"(BFlex$B$H(BJava$B$NN>J}$G$9!#(B 

$B:#9M$($F$$$kJ}<0$G$O!"%5!<%P$X$N%j%9%/%(%9%H$N%?%$%_%s%0$G!"(BFlex$B$+$i(BJava$BB&(B
$B$KG'>Z%H!<%/%s$rEO$9$?$a$K!"(B 
$B3F%a%=%C%I$N%Q%i(B-$B%a!<%?$H$7$FEO$7$F$$$^$9!#(B 

$B$=$N$?$a!"(BJava$BB&$N?tB?$/$N%a%=%C%I$KBP$9$kJQ99$r2C$($J$1$l$P$J$i$:!"(B 
$B$^$?(BFlex$BB&$N8F$S=P$7$b$=$NJQ99$K1~$8$F!"=$@5$9$kI,MW$,$"$k$H9M$($*$j$^$9!#(B 



====================== 
token$B$,3:Ev2U=j$G$9!#(B 

$B!Z(BJava$BB&![(B 
public RetBooleanDto setXXX(String param1, String token) { 

$B!Z(BFlex$BB&$N8F$S=P$7![(B 
S2FlexFactory.create(this, "XXXService", onYYY).service.setXXX(param1 
,token); 
====================== 

$BMW$O!"(BAOP$B$N(BIntercepter$B$G%A%'%C%/$r9T$&$?$a$NG'>Z%H!<%/%s$r!"(B 
$B%a%=%C%I%Q%i%a!<%?$r;HMQ$;$:$K!"G'>Z%H!<%/%s$rEO$9J}K!$,CN$j$?$$$G$9!#(B 

$B$b$7$/$O!"(BCSRF$BBP:v$H$7$F!"(BS2Flex$B$N%U%l!<%`%o!<%/$G%5%]!<%H$5$l$F$$$k5!G=$,(B
$B$"$l$P!"(B 
$BMxMQ$5$;$FD:$-$?$$$H;W$C$F$*$j$^$9!#(B 


$B$4=u8@!"$h$m$7$/4j$$CW$7$^$9!#(B 


$B>>K\(B 




arkw <[E-MAIL ADDRESS DELETED]> 
$BAw?.<T(B: [E-MAIL ADDRESS DELETED] 
2011/06/10 11:53


[E-MAIL ADDRESS DELETED] $B$X(B
$BJV?.$7$F$/$@$5$$(B


$[E-MAIL ADDRESS DELETED](B
[E-MAIL ADDRESS DELETED] 
cc

$B7oL>(B
[Seasar-user:20802] Re:        S2Flex2 $B$r;HMQ$7$?>l9g$N(BCSRF$BBP:v$K$D$$$F(B








$B$"$j$+$o$G$9!#(B 

$B$h$[E-MAIL ADDRESS DELETED]$J<BAuJ}K!$H$O(BFlex$BB&$G$9$+!)(B Java$BB&$b4^$_$^$9$+!)(B 


2011$BG/(B6$B7n(B8$BF|(B18:11 <[E-MAIL ADDRESS DELETED]>: 

$B$*@$OC$K$J$j$^$9!#(B 
$B>>K\$H?=$7$^$9!#(B 

S2Flex$B$r;HMQ$7$?%W%m%@%/%H$G$N(BCSRF$BBP:v$K$D$$$F!"0JA0!"<ALd$r$5$;$FD:$-$^$7(B
$B$?$,!"(B 
$BFbMF$,B?>/6qBNE*$K$J$j$^$7$?$N$G!":FEY!"<ALd$5$;$FD:$-$^$9!#(B 
$B$4=u8@$rD:$1$^$7$?$i!"=u$+$j$^$9!#(B 


$B!Z=$@5J}?K![(B 

$B2<5-$N$h$&$J=$@5J}?K$rN)$F$^$7$?!#(B 
$B-!%5!<%PB&$N3F%a%=%C%I$N%Q%i%a!<%?$KG'>ZMQ%H!<%/%s$rDI2C!J0lHV:G8e!K(B 
$B-"%/%i%$%"%s%H$+$i$O!"G'>ZMQ%H!<%/%s$r%a%=%C%I%Q%i%a!<%?$H$7$FEO$9(B 
$B-#%5!<%PB&$O!"(BAOP$B$N(BIntercepter$B$G%H!<%/%s%A%'%C%/=hM}$r9T$&!#(B 


$B!Z%3!<%I%5%s%W%k![(B 
"token"$B$H$$$&%Q%i%a!<%?$,G'>ZMQ$N%H!<%/%s$G$9!#(B 

===== Action Script ===== 
$B!{!!(BXXX.as(Action Script) 
private function onXXX(params:Array):void { 
//$B%H!<%/%s$r<hF@$7$F!"%5!<%S%9%a%=%C%I$N%Q%i%a!<%?$KEO$9(B 

       var token:String; 
       token = getToken(); 

       $B!A!A!A>JN,!A!A!A(B 

       S2FlexFactory.create(this, "XXXService", 
onYYY).service.setXXX(param1 ,token); 


private function onYYY(params:Array):void { 

       $B!A!A!A>JN,!A!A!A(B 

} 

===== Java ===== 
$B!{!!(BXXXServiceImpl.java 
@Aspect("xxxInterceptor") 
public RetBooleanDto setXXX(String param1, String token) { 

       $B!A!A!A>JN,!A!A!A(B 

} 

$B!{!!(BXXXInterceptor.java 
package aop; 

       $B!A!A!A>JN,!A!A!A(B 


import org.aopalliance.intercept.MethodInvocation; 
import org.seasar.framework.aop.interceptors.AbstractInterceptor; 
import org.seasar.framework.container.S2Container; 
import org.seasar.framework.container.factory.SingletonS2ContainerFactory; 


  
public class XXXInterceptor extends AbstractInterceptor  { 

protected Log log = LogFactory.getLog(this.getClass()); 
public Object invoke(MethodInvocation invocation)throws Throwable { 

       $B!A!A!A>JN,!A!A!A(B 

       //$B%H!<%/%s$r%5!<%S%94X?t$N%Q%i%a!<%?$+$i<hF@$9$k(B 
       String token = (String)args[args.length - 1]; 

       $B!A!A!A>JN,!A!A!A(B 

       //$B%H!<%/%s$r%A%'%C%/$9$k(B 
       } 
} 

===== daicon ===== 
$B!{(Bapp.dicon 
<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE components PUBLIC "-//SEASAR//DTD S2Container 2.4//EN" 
       http://www.seasar.org/dtd/components24.dtd> 
<components> 
       $B!A!A!A>JN,!A!A!A(B 
       <include path="tokenCherkAop.dicon"/> 
       $B!A!A!A>JN,!A!A!A(B 
</components> 

$B!{!!(BtokenCherkAop.dicon 
<?xml version="1.0" encoding="Shift_JIS"?>         
<!DOCTYPE components PUBLIC "-//SEASAR//DTD S2Container 2.4//EN"         
       http://www.seasar.org/dtd/components24.dtd> 
<components>         
       <component name="XXXInterceptor" instance="request" 
class="aop.XXXInterceptor"/> 
</components>         


$B!Z<ALdFbMF![(B 

$B%5!<%PB&$O(BAOP$B$G0l2U=j$G$N%A%'%C%/=hM}$G<B8=$G$-$^$9$,!"(B 
$B%/%i%$%"%s%H$+$i$NG'>ZMQ%H!<%/%s$NEO$7J}$H$7$F!"(B 
$B3F%a%=%C%I$N%Q%i%a!<%?$H$7$F%5!<%PB&$GEO$9<BAuJ}K!$K$J$j$^$7$?!#(B 

$B$b$C$[E-MAIL ADDRESS DELETED]$JJ}K!$,$J$$$+$H!"<+J,$J$j$KD4$Y$F$_$^$7$?$,!"$J$+$J$+NI$$J}K!$,(B
$B8+$D$+$j$^$;$s!#(B 

$B$h$[E-MAIL ADDRESS DELETED]$J<BAuJ}K!$r$4B8CN$NJ}$,$$$i$C$7$c$$$^$7$?$i!"$4=[E-MAIL ADDRESS DELETED]:$1$k$H=u$+$j(B
$B$^$9!#(B 


$B$h$m$7$/$*4j$$CW$7$^$9!#(B 


$B>>K\(B 



[E-MAIL ADDRESS DELETED] 
$BAw?.<T(B: [E-MAIL ADDRESS DELETED] 
2011/05/12 12:54 



[E-MAIL ADDRESS DELETED] $B$X(B
$BJV?.$7$F$/$@$5$$(B


$[E-MAIL ADDRESS DELETED](B
[E-MAIL ADDRESS DELETED] 
cc

$B7oL>(B
[Seasar-user:20745] S2Flex2 $B$r;HMQ$7$?>l9g$N(BCSRF$BBP:v$K$D$$$F(B











$B$O$8$a$^$7$F!#>>K\$H?=$7$^$9!#(B 

S2Flex$B$r;HMQ$7$F%7%9%F%`$r9=C[$7$F$*$j$^$9!#(B 
$B8=:_!"(BCSRF($B%/%m%9%5%$%H!&%j%/%(%9%H!&%U%)!<%8%'%j!<(B)$BBP:v$N<BAuJ}K!$r8!F$$7(B
$B$F$*$jG:$s$G$*$j$^$9!#(B 

$B;d$NCN<1ITB-$@$H;W$$$^$9$,!"BP:v$r<B;\$5$l$?J}$d%R%s%H$r$*;}$A$NJ}$K$465<x(B
$B$rD:$1$l$P9,$$$G$9!#(B 

$B!ZA0Ds![(B 
S2Flex$B!"6qBNE*$K$O(BS2Flex2Service$B$r;HMQ$7$F!"%5!<%P!<$KEPO?$5$l$?%5!<%S%9$r(B
$B8F$S=P$7$F$$$k!#(B 


$B!Z(BCSRF$BBP:v$K$D$$$F![(B 
$B%5!<%S%98F$S=P$7$NA4$F$N2U=j$G(BCSRF$BBP:v$N<BAu$r9T$$$?$$$H9M$($F$$$^$9!#(B 
$BFbMF$r4JC1$K5-:\$9$k$H2<5-FbMF$G$9!#(B 

$B-!%5!<%P$O!"%o%s%?%$%`%H!<%/%s$r%j%/%(%9%H;~$K%l%9%]%s%9$H$7$FJV$9(B 
$B-"%/%i%$%"%s%H$O!"%5!<%S%98F$S=P$7;~$K!"-!$GH/9T$5$l$?%o%s%?%$%`%H!<%/%s$r(B
$BEO$9(B 

$B2DG=$G$"$l$P!"%/%i%$%"%s%HB&!J(BFlex$B!K!"%5!<%PB&(B(Java)$B$G$=$l$>$l0l2U=j$N<BAu(B
$B$GBP1~$7$?$$$H;W$C$F$$$^$9!#(B 


$B!Z:$$C$F$$$k;v![(B 
$B%o%s%?%$%`%H!<%/%s$N<u$1EO$7$N$?$a!"(BS2Flex2Service$B$N%j%/%(%9%H$H%l%9%]%s%9(B
$B$NA42U=j$K(B 
$B$=$l$>$l<BAu$7$J$1$l$P$J$i$J$$$N$G$O$H;W$C$F$$$^$9!#(B 
$B$J$s$H$+%7%s%W%k$J<BAu$K:Q$^$;$?$$$G$9!#(B 

$B%5!<%PB&$O!"(Bfilter$B$rMxMQ$9$l$P2DG=$+$b$7$l$^$;$s$,!"6qBNE*$JBP1~:v$^$GF3$-(B
$B=P$;$^$;$s$G$7$?!#(B 


$B4pK\E*$J<ALd$+$b$7$l$^$;$s$N$G!"62=L$G$4$6$$$^$9$,!"$I$&$>$h$m$7$/$*4j$$CW(B
$B$7$^$9!#(B 


$B>>K\(B_______________________________________________
Seasar-user mailing list
[E-MAIL ADDRESS DELETED]
https://ml.seasar.org/mailman/listinfo/seasar-user


_______________________________________________
Seasar-user mailing list
[E-MAIL ADDRESS DELETED]
https://ml.seasar.org/mailman/listinfo/seasar-user

_______________________________________________
Seasar-user mailing list
[E-MAIL ADDRESS DELETED]
https://ml.seasar.org/mailman/listinfo/seasar-user


_______________________________________________
Seasar-user mailing list
[E-MAIL ADDRESS DELETED]
https://ml.seasar.org/mailman/listinfo/seasar-user

_______________________________________________
Seasar-user mailing list
[E-MAIL ADDRESS DELETED]
https://ml.seasar.org/mailman/listinfo/seasar-user

-------------- next part --------------
HTML$B$NE:IU%U%!%$%k$rJ]4I$7$^$7$?(B...
URL: <http://ml.seasar.org/archives/seasar-user/attachments/20110621/aacaa511/attachment.html>