Protect your old web application from CSRF without adding hidden input in all forms

. . . SetCsrfTokenFilter. doFilter .

HttpServletRequest httpReq = (HttpServletRequest) request;
    HttpServletResponse httpRes = (HttpServletResponse) response;
    String randomLong = ""+random.nextLong();
    Cookie cookie = new Cookie("csrfToken", randomLong);        
    httpRes.addCookie(cookie);
    next.doFilter(request, response);   

VerifyCsrfTokenFilter. doFilter :

String csrfToken = httpReq.getParameter("csrfToken");
        String tokenFromCookie = getCsrfTokenFromCookie(httpReq);
        if (WmUtil.isEmpty(csrfToken) || !csrfToken.equals(tokenFromCookie)) {
            httpRes.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        }           
        else {
            next.doFilter(request, response);
        }

URL- web.xml. , , jsp-, jquery .

<input type="hidden" name="csrfToken" value="readFromCookieThroughJavascript"/>

, - csrf. , javascript- , git. https://github.com/anilpank/oldWebAppCsrfProtection