If you're using Seam, read this: http://seamframework.org/Documentation/CrossSiteRequestForgery View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4238350#4238350 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4238350