Enable CSRF Protection

In order to use HATS support for CSRF protection in projects migrated from HATS V8.0.x, V9.0.x, manually add the HatsCSRFValidationFilter, to the Web Deployment Descriptor file (web.xml). To add the filter to the web.xml file, follow the below steps:
  1. From the HATS Toolkit, switch to the Navigator view of the HATS perspective.
  2. Open the web.xml file located in the Web Content\WEB-INF folder of your project.
  3. Click the Source tab to view the source of this file.
  4. Copy the following statements after the last defined filter (search for the last </filter>). 
    <filter>
   <description>
								This filter will be invoked to validate CSRF attack
		</description>
   							<display-name>HatsCSRFValidationFilter</display-name>
   						  <filter-name>HatsCSRFValidationFilter</filter-name>
   <filter-class>com.ibm.hats.runtime.filters.HatsCSRFValidationFilter</filter-class>
								<async-supported>false</async-supported>
								<init-param>
										<param-name>source.origin</param-name>
										<param-value></param-value>
								</init-param>
</filter>
  5. Copy the following statements after the last defined filter mapping (search for the last </filter-mapping>). 
    <filter-mapping>
   <filter-name>HatsCSRFValidationFilter</filter-name>
   	<url-pattern>/entry</url-pattern>
</filter-mapping>
<filter-mapping>
   <filter-name>HatsCSRFValidationFilter</filter-name>
   	<url-pattern>/hatsadmin/admin</url-pattern>
</filter-mapping>
<filter-mapping>
   <filter-name>HatsCSRFValidationFilter</filter-name>
   	<url-pattern>/index.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
   <filter-name>HatsCSRFValidationFilter</filter-name>
   	<url-pattern>/</url-pattern>
</filter-mapping>
  6. Save the file.
Note:
If this project is already running on the server, republish the application so that the WebSphere Application Server can pick up the changes in the web.xml file.