Good afternoon,
To test the Cross Site Request Forgery, you will need to do the following:
1) Publish a new service on the gateway with the URI: /csrf
2) Import the attached policy to the new service
3) Send a POST request to the service using soapUI with the following settings:
Target Address: http://<FWDN for the gateway>:8080/csrf?foo=bar
Header: Cookie, Value: foo=bar
First Request will look like
CSRF Token: bar
Cached Token:
Second Request will draw back the cached token
CSRF Token: bar
Cached Token: bar
4) Next change the Cookie value and parameter from foo=bar to foo=baz (This will cause the policy to fail as the CSRF token is invalid)
Note: This is a rudimentary example that will demonstrate how to create the workflow that can be incorporated into other services.
Sincerely,
Stephen Hughes
Broadcom Support