The FacesServlet that is part of the JSF libraries is susceptible to Cross Site Reference Forgery (CSRF). The Java ADF makes use of the JSF libraries. The Java ADF does not include an ESRI specific JSF library. CSRF characteristics can:
- involve sites that rely on a user's identity
- exploit the site's trust in that identity
- trick the user's browser into sending HTTP requests to a target site, and
- involve HTTP requests that have side effects.
The two articles in the Related Information below explain the issue and how to work around the issue.