I am using Restlet 2.2.0 and CookieAuthentication with an embedded Jetty plugin. In my application, I have 2 sets of pages.
1) Pages that can be viewed by an unauthenticated user
2) Pages that can be viewed only by an authenticated user
In both cases, I want to prevent CSRF/XSRF attack. It seems that by default Restlet applications are vulnerable to CSRF/XSRF unless we do "something" to prevent this. I could not figure out what to do in my application to prevent such attacks. I have read about many solutions in the internet, but none of them are discussing in reference to Restlet applications.
I would appreciate if someone can guide me on how to prevent a Restlet application from CSRF/XSRF attacks.