Upgrading from CSRFGuard 3.1.0 to 4.0.0 - missing updateToken, getSessionKey APIs

1,177 views
Skip to first unread message

Srinivasa Murthy Jonnalagadda

unread,
May 6, 2021, 2:50:53 PM5/6/21
to CSRFGuard Project
Is there any CSRFGuard migration guide from 3.x to  4.0 ?
I'm encountering the following failures during the migration to 4.0.0 .

cannot find symbol [ERROR] symbol:   method updateToken(javax.servlet.http.HttpSession)
cannot find symbol [ERROR] symbol:   method getSessionKey()

How do we achieve the equivalent functionality(APIs) with 4.0.0 ?

Thanks in Advance,
Srini Murthy

Azzeddine Ramrami

unread,
May 6, 2021, 3:41:14 PM5/6/21
to Srinivasa Murthy Jonnalagadda, CSRFGuard Project
Hi
We don't have this guide. If you write a similar document please share it with us and we will credit your name in our website.

--
You received this message because you are subscribed to the Google Groups "CSRFGuard Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to csrfguard-proj...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/csrfguard-project/bbe3d7d1-b4eb-4062-b476-ec45529330ddn%40owasp.org.

Srinivasa Murthy Jonnalagadda

unread,
May 6, 2021, 3:47:17 PM5/6/21
to CSRFGuard Project, Azzeddine Ramrami, CSRFGuard Project, Srinivasa Murthy Jonnalagadda
Sure.

Do you have any comments/suggestions on the APIs removed from 4.0.0. What would be an equivalent APIs with v4.0.0.

Example:
updateTokens(javax.servlet.http.HttpServletRequest request)
updateToken(javax.servlet.http.HttpSession)
getSessionKey()

Thanks,
Srini Murthy

Ulf Dittmer

unread,
May 7, 2021, 2:31:43 AM5/7/21
to CSRFGuard Project, CSRFGuard Project
If there are no upgrade instructions, is there an introduction how to use 4.0, or a working example? I noticed that the unit test at https://github.com/aramrami/OWASP-CSRFGuard/tree/master/csrfguard-test does not reference any classes from the library, so I'm guessing that 4.0 works rather differently than 3.0?

Ulf Dittmer

unread,
May 19, 2021, 10:27:54 AM5/19/21
to CSRFGuard Project, CSRFGuard Project
I take it there is none. What, then,  is the best way to get started with CSRFGuard? 

Ulf Dittmer

unread,
Jun 7, 2021, 12:20:36 PM6/7/21
to CSRFGuard Project, CSRFGuard Project
So... the API changed in 4.0, and there is absolutely no documentation on how to use it now? I don't mean to bitch, I know how much work you all put into this release, and -maintaining an open source project myself- know that writing documentation is no fun and tends to get short shrift. But, being a library, surely there must be starting point somewhere?

CSRFGuard Project

unread,
May 20, 2022, 12:59:28 PM5/20/22
to CSRFGuard Project, Ulf Dittmer, CSRFGuard Project
I know it is an old thread, but since people seem to stumble upon it, I'll point out that GitHub Issues/Discussions are preferred over this group.

Please visit https://github.com/OWASP/www-project-csrfguard/discussions/ where I believe these questions are answered.
Reply all
Reply to author
Forward
0 new messages