Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/ExtServerManagementController.java
===================================================================
diff -u -r7bab4cf8a0eab2795022a136e55d1f64fa3721b8 -r1840d1ada2e0a7dc494e83ed0c183f6c98b6da92
--- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/ExtServerManagementController.java	(.../ExtServerManagementController.java)	(revision 7bab4cf8a0eab2795022a136e55d1f64fa3721b8)
+++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/ExtServerManagementController.java	(.../ExtServerManagementController.java)	(revision 1840d1ada2e0a7dc494e83ed0c183f6c98b6da92)
@@ -44,6 +44,7 @@
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 
 /**
  * @author <a href="mailto:fyang@melcoe.mq.edu.au">Fei Yang</a>
@@ -158,7 +159,7 @@
 	}
     }
 
-    @RequestMapping(path = "/disable")
+    @RequestMapping(path = "/disable", method = RequestMethod.POST)
     public String disable(HttpServletRequest request) throws Exception {
 	Integer sid = WebUtil.readIntParam(request, "sid", false);
 	ExtServer map = integrationService.getExtServer(sid);
@@ -167,7 +168,7 @@
 	return "redirect:/extserver/serverlist.do";
     }
 
-    @RequestMapping(path = "/enable")
+    @RequestMapping(path = "/enable", method = RequestMethod.POST)
     public String enable(HttpServletRequest request) throws Exception {
 	Integer sid = WebUtil.readIntParam(request, "sid", false);
 	ExtServer map = integrationService.getExtServer(sid);
@@ -176,7 +177,7 @@
 	return "redirect:/extserver/serverlist.do";
     }
 
-    @RequestMapping(path = "/delete")
+    @RequestMapping(path = "/delete", method = RequestMethod.POST)
     public String delete(HttpServletRequest request) throws Exception {
 	Integer sid = WebUtil.readIntParam(request, "sid", false);
 	userManagementService.deleteById(ExtServer.class, sid);
Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/LtiConsumerManagementController.java
===================================================================
diff -u -rccc788f07597ad3fde52adb6ff13e964b552c35d -r1840d1ada2e0a7dc494e83ed0c183f6c98b6da92
--- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/LtiConsumerManagementController.java	(.../LtiConsumerManagementController.java)	(revision ccc788f07597ad3fde52adb6ff13e964b552c35d)
+++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/LtiConsumerManagementController.java	(.../LtiConsumerManagementController.java)	(revision 1840d1ada2e0a7dc494e83ed0c183f6c98b6da92)
@@ -79,7 +79,7 @@
     /**
      * Disables or enables (depending on "disable" parameter) specified LTI tool consumer
      */
-    @RequestMapping(path = "/disable")
+    @RequestMapping(path = "/disable", method = RequestMethod.POST)
     public String disable(HttpServletRequest request) throws Exception {
 	Integer sid = WebUtil.readIntParam(request, "sid", true);
 	boolean disable = WebUtil.readBooleanParam(request, "disable");
@@ -93,7 +93,7 @@
     /**
      * Removes specified LTI tool consumer
      */
-    @RequestMapping(path = "/delete")
+    @RequestMapping(path = "/delete", method = RequestMethod.POST)
     public String delete(HttpServletRequest request) throws Exception {
 	Integer sid = WebUtil.readIntParam(request, "sid", true);
 	userManagementService.deleteById(ExtServer.class, sid);
Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/SignupManagementController.java
===================================================================
diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -r1840d1ada2e0a7dc494e83ed0c183f6c98b6da92
--- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/SignupManagementController.java	(.../SignupManagementController.java)	(revision f2ad75cef0c507a64877942631fee13efbc6ed50)
+++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/SignupManagementController.java	(.../SignupManagementController.java)	(revision 1840d1ada2e0a7dc494e83ed0c183f6c98b6da92)
@@ -22,6 +22,7 @@
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 
 @Controller
 @RequestMapping("/signupManagement")
@@ -134,7 +135,7 @@
 	return "signupmanagement/add";
     }
 
-    @RequestMapping(path = "/delete")
+    @RequestMapping(path = "/delete", method = RequestMethod.POST)
     public String delete(HttpServletRequest request) throws Exception {
 	Integer soid = WebUtil.readIntParam(request, "soid");
 
Index: lams_admin/web/WEB-INF/tlds/security/csrfguard.tld
===================================================================
diff -u
--- lams_admin/web/WEB-INF/tlds/security/csrfguard.tld	(revision 0)
+++ lams_admin/web/WEB-INF/tlds/security/csrfguard.tld	(revision 1840d1ada2e0a7dc494e83ed0c183f6c98b6da92)
@@ -0,0 +1,70 @@
+<?xml version="1.0"?>
+<!--
+The OWASP CSRFGuard Project, BSD License
+Eric Sheridan (eric@infraredsecurity.com), Copyright (c) 2011 
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+   this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. Neither the name of OWASP nor the names of its contributors may be used
+   to endorse or promote products derived from this software without specific
+   prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ -->
+<taglib xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd" version="2.0">
+	<tlib-version>1.2</tlib-version>
+	<jsp-version>2.0</jsp-version>
+	<short-name>Owasp CsrfGuard Tag Library</short-name>
+	<uri>http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld</uri>
+	<tag>
+		<name>token</name>
+		<tag-class>org.owasp.csrfguard.tag.TokenTag</tag-class>
+		<body-content>empty</body-content>
+		<attribute>
+			<name>uri</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+	</tag>
+	<tag>
+		<name>tokenname</name>
+		<tag-class>org.owasp.csrfguard.tag.TokenNameTag</tag-class>
+		<body-content>empty</body-content>
+	</tag>
+	<tag>
+		<name>tokenvalue</name>
+		<tag-class>org.owasp.csrfguard.tag.TokenValueTag</tag-class>
+		<body-content>empty</body-content>
+		<attribute>
+			<name>uri</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+	</tag>
+	<tag>
+		<name>a</name>
+		<tag-class>org.owasp.csrfguard.tag.ATag</tag-class>
+		<dynamic-attributes>true</dynamic-attributes>
+	</tag>
+	<tag>
+		<name>form</name>
+		<tag-class>org.owasp.csrfguard.tag.FormTag</tag-class>
+		<dynamic-attributes>true</dynamic-attributes>
+	</tag>
+</taglib>
Index: lams_admin/web/WEB-INF/web.xml
===================================================================
diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -r1840d1ada2e0a7dc494e83ed0c183f6c98b6da92
--- lams_admin/web/WEB-INF/web.xml	(.../web.xml)	(revision b935721d25817b83c29d3166a7fa9b4b9b7d3785)
+++ lams_admin/web/WEB-INF/web.xml	(.../web.xml)	(revision 1840d1ada2e0a7dc494e83ed0c183f6c98b6da92)
@@ -73,7 +73,11 @@
 			<param-name>encoding</param-name>
 			<param-value>UTF-8</param-value>
 		</init-param>
-	</filter>
+    </filter>
+    <filter>
+        <filter-name>CSRFGuard</filter-name>
+        <filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
+    </filter>
 
 	<filter-mapping>
 		<filter-name>SystemSessionFilter</filter-name>
@@ -87,6 +91,10 @@
 		<filter-name>HibernateFilter</filter-name>
 		<url-pattern>/*</url-pattern>
 	</filter-mapping>
+    <filter-mapping>
+        <filter-name>CSRFGuard</filter-name>
+        <url-pattern>*.do</url-pattern>
+    </filter-mapping>
 
 	<listener>
 		<listener-class>org.lamsfoundation.lams.dbupdates.WebAppJNDIMigrationLauncherSynchronizer</listener-class>
@@ -180,8 +188,15 @@
 		<taglib>
 			<taglib-uri>tags-lams</taglib-uri>
 			<taglib-location>/WEB-INF/tlds/lams/lams.tld</taglib-location>
-		</taglib>
+        </taglib>
 
+        <!-- ======================================================== -->
+        <!-- CSRF Guard Tag Library -->
+        <!-- ======================================================== -->
+        <taglib>
+            <taglib-uri>csrfguard</taglib-uri>
+            <taglib-location>/WEB-INF/tlds/security/csrfguard.tld</taglib-location>
+        </taglib>
 	</jsp-config>
 
 	<!-- Security Constraint -->
@@ -234,4 +249,4 @@
 		<description>LAMS System Adminstrator</description>
 		<role-name>SYSADMIN</role-name>
 	</security-role>
-</web-app>
\ No newline at end of file
+</web-app>
Index: lams_admin/web/config/editconfig.jsp
===================================================================
diff -u -r37bb2ae017713b44cdfd6a55cfceca28c3efab02 -r1840d1ada2e0a7dc494e83ed0c183f6c98b6da92
--- lams_admin/web/config/editconfig.jsp	(.../editconfig.jsp)	(revision 37bb2ae017713b44cdfd6a55cfceca28c3efab02)
+++ lams_admin/web/config/editconfig.jsp	(.../editconfig.jsp)	(revision 1840d1ada2e0a7dc494e83ed0c183f6c98b6da92)
@@ -27,9 +27,9 @@
 				<c:out value="${error}" />
 			</lams:Alert>
 		</c:if>
+		<c:set var="csrfToken"><csrf:token/></c:set>
+		<form:form action="config/save.do?${csrfToken}" modelAttribute="configForm" id="configForm" method="post">
 				
-		<form:form action="config/save.do" modelAttribute="configForm" id="configForm" method="post">
-				
 			<c:forEach items="${config}" var="group">
 				<div class="panel panel-default">
 					<div class="panel-heading">
Index: lams_admin/web/integration/ltiConsumer.jsp
===================================================================
diff -u -r63bee30ea13fab1267c0744f26929af1736a1cf9 -r1840d1ada2e0a7dc494e83ed0c183f6c98b6da92
--- lams_admin/web/integration/ltiConsumer.jsp	(.../ltiConsumer.jsp)	(revision 63bee30ea13fab1267c0744f26929af1736a1cf9)
+++ lams_admin/web/integration/ltiConsumer.jsp	(.../ltiConsumer.jsp)	(revision 1840d1ada2e0a7dc494e83ed0c183f6c98b6da92)
@@ -53,8 +53,8 @@
 		</p>
 					
 		<lams:errors path="*"/>
-				
-		<form:form action="save.do" id="ltiConsumerForm" modelAttribute="ltiConsumerForm" method="post">
+	<c:set var="csrfToken"><csrf:token/></c:set>			
+		<form:form action="save.do?${csrfToken}" id="ltiConsumerForm" modelAttribute="ltiConsumerForm" method="post">
 			<form:hidden path="sid" />
 						
 			<table class="table table-no-border">
Index: lams_admin/web/integration/ltiConsumerList.jsp
===================================================================
diff -u -rccc788f07597ad3fde52adb6ff13e964b552c35d -r1840d1ada2e0a7dc494e83ed0c183f6c98b6da92
--- lams_admin/web/integration/ltiConsumerList.jsp	(.../ltiConsumerList.jsp)	(revision ccc788f07597ad3fde52adb6ff13e964b552c35d)
+++ lams_admin/web/integration/ltiConsumerList.jsp	(.../ltiConsumerList.jsp)	(revision 1840d1ada2e0a7dc494e83ed0c183f6c98b6da92)
@@ -51,26 +51,20 @@
 								</c:choose>
 							</td>
 							<td>
-								<a href="../ltiConsumerManagement/edit.do?sid=<c:out value='${ltiConsumer.sid}' />">
+								<a class="btn btn-default btn-xs" id="edit_${ltiConsumer.sid}" href="../ltiConsumerManagement/edit.do?sid=<c:out value='${ltiConsumer.sid}' />">
 									<fmt:message key="admin.edit" />
 								</a>
 								&nbsp;
 								<c:choose>
 									<c:when test="${ltiConsumer.disabled}">
-										<a href="<lams:LAMSURL/>admin/ltiConsumerManagement/disable.do?disable=false&sid=<c:out value='${ltiConsumer.sid}' />">
-											<fmt:message key="admin.enable" />
-										</a>
+                                        <csrf:form style="display: inline-block;" id="enable_${ltiConsumer.sid}" method="post" action="/lams/admin/ltiConsumerManagement/disable.do"><input type="hidden" name="sid" value="${ltiConsumer.sid}"/><input type="hidden" name="disable" value="false"/><input type="submit" class="btn btn-primary btn-xs" value="<fmt:message key="admin.enable" />"/></csrf:form>
 									</c:when>
 									<c:otherwise>
-										<a href="<lams:LAMSURL/>admin/ltiConsumerManagement/disable.do?disable=true&sid=<c:out value='${ltiConsumer.sid}' />">
-											<fmt:message key="admin.disable" />
-										</a>
+                                        <csrf:form style="display: inline-block;" id="disable_${ltiConsumer.sid}" method="post" action="/lams/admin/ltiConsumerManagement/disable.do"><input type="hidden" name="sid" value="${ltiConsumer.sid}"/><input type="hidden" name="disable" value="true"/><input type="submit" class="btn btn-primary btn-xs" value="<fmt:message key="admin.disable" />"/></csrf:form>
 									</c:otherwise>
 								</c:choose>
 								&nbsp;
-								<a href="<lams:LAMSURL/>admin/ltiConsumerManagement/delete.do?sid=<c:out value='${ltiConsumer.sid}' />">
-									<fmt:message key="admin.delete" />
-								</a>
+                                <csrf:form style="display: inline-block;" id="delete_${ltiConsumer.sid}" method="post" action="/lams/admin/ltiConsumerManagement/delete.do"><input type="hidden" name="sid" value="${ltiConsumer.sid}"/><input type="submit" class="btn btn-danger btn-xs" value="<fmt:message key="admin.delete" />"/></csrf:form>
 							</td>
 						</tr>
 					</c:forEach>
Index: lams_admin/web/integration/serverlist.jsp
===================================================================
diff -u -rccc788f07597ad3fde52adb6ff13e964b552c35d -r1840d1ada2e0a7dc494e83ed0c183f6c98b6da92
--- lams_admin/web/integration/serverlist.jsp	(.../serverlist.jsp)	(revision ccc788f07597ad3fde52adb6ff13e964b552c35d)
+++ lams_admin/web/integration/serverlist.jsp	(.../serverlist.jsp)	(revision 1840d1ada2e0a7dc494e83ed0c183f6c98b6da92)
@@ -14,6 +14,7 @@
 </lams:head>
     
 <body class="stripes">
+    <c:set var="csrfToken"><csrf:token/></c:set>
 	<lams:Page type="admin" title="${title}">
 		<p>
 			<a href="<lams:LAMSURL/>admin/sysadminstart.do" class="btn btn-default"><fmt:message key="sysadmin.maintain" /></a>
@@ -47,18 +48,18 @@
 						</c:choose>
 					</td>
 					<td>
-						<a id="edit_<c:out value='${server.serverid}'/>" href="<lams:LAMSURL/>admin/extserver/edit.do?sid=${server.sid}"><fmt:message key="admin.edit" /></a>
+						<a style="display: inline-block;" class="btn btn-primary btn-xs" id="edit_<c:out value='${server.serverid}'/>" href="<lams:LAMSURL/>admin/extserver/edit.do?sid=${server.sid}"><fmt:message key="admin.edit" /></a>
 						&nbsp;
 						<c:choose>
 							<c:when test="${server.disabled}">
-								<a id="enable_<c:out value='${server.serverid}'/>" href="<lams:LAMSURL/>admin/extserver/enable.do?sid=${server.sid}"><fmt:message key="admin.enable" /></a>
+                                <csrf:form style="display: inline-block;" id="enable_${server.serverid}" method="post" action="/lams/admin/extserver/enable.do"><input type="hidden" name="sid" value="${server.sid}"/><input type="submit" class="btn btn-success btn-xs" value="<fmt:message key="admin.enable" />"/></csrf:form>
 							</c:when>
 							<c:otherwise>
-								<a id="disable_<c:out value='${server.serverid}'/>" href="<lams:LAMSURL/>admin/extserver/disable.do?sid=${server.sid}"><fmt:message key="admin.disable" /></a>
+                                <csrf:form style="display: inline-block;" id="disable_${server.serverid}" method="post" action="/lams/admin/extserver/disable.do"><input type="hidden" name="sid" value="${server.sid}"/><input type="submit" class="btn btn-primary btn-xs" value="<fmt:message key="admin.disable" />"/></csrf:form>
 							</c:otherwise>
 						</c:choose>
 						&nbsp;
-						<a id="delete_<c:out value='${server.serverid}'/>" href="<lams:LAMSURL/>admin/extserver/delete.do?sid=${server.sid}"><fmt:message key="admin.delete" /></a>
+                        <csrf:form id="delete_${server.serverid}" style="display: inline-block;" method="post" action="/lams/admin/extserver/delete.do"><input type="hidden" name="sid" value="${server.sid}"/><input type="submit" class="btn btn-danger btn-xs" value="<fmt:message key="admin.delete" />"/></csrf:form>
 					</td>
 				</tr>
 				</c:forEach>
Index: lams_admin/web/integration/servermaintain.jsp
===================================================================
diff -u -rf0924238dddb80210e0e088cda5fe967f66ef979 -r1840d1ada2e0a7dc494e83ed0c183f6c98b6da92
--- lams_admin/web/integration/servermaintain.jsp	(.../servermaintain.jsp)	(revision f0924238dddb80210e0e088cda5fe967f66ef979)
+++ lams_admin/web/integration/servermaintain.jsp	(.../servermaintain.jsp)	(revision 1840d1ada2e0a7dc494e83ed0c183f6c98b6da92)
@@ -71,8 +71,8 @@
 	</p>
 	
 	<lams:errors/>
-			
-	<form:form action="serversave.do" id="extServerForm" modelAttribute="extServerForm" method="post">
+    <c:set var="csrfToken"><csrf:token/></c:set>
+    <form:form action="serversave.do?${csrfToken}" id="extServerForm" modelAttribute="extServerForm" method="post">
 		<form:hidden path="sid" />
 		
 		<div class="form-group">
@@ -137,4 +137,4 @@
 </lams:Page>
 
 </body>
-</lams:html>
\ No newline at end of file
+</lams:html>
Index: lams_admin/web/loginmaintain.jsp
===================================================================
diff -u -r37bb2ae017713b44cdfd6a55cfceca28c3efab02 -r1840d1ada2e0a7dc494e83ed0c183f6c98b6da92
--- lams_admin/web/loginmaintain.jsp	(.../loginmaintain.jsp)	(revision 37bb2ae017713b44cdfd6a55cfceca28c3efab02)
+++ lams_admin/web/loginmaintain.jsp	(.../loginmaintain.jsp)	(revision 1840d1ada2e0a7dc494e83ed0c183f6c98b6da92)
@@ -21,8 +21,8 @@
 				<fmt:message key="sysadmin.maintain" />
 			</a>
 		</p>
-		
-		<form:form action="./loginsave.do" modelAttribute="loginMaintainForm" id="loginMaintainForm" enctype="multipart/form-data" method="post">
+	<c:set var="csrfToken"><csrf:token/></c:set>	
+		<form:form action="./loginsave.do?${csrfToken}" modelAttribute="loginMaintainForm" id="loginMaintainForm" enctype="multipart/form-data" method="post">
 			<c:set var="language"><lams:user property="localeLanguage"/></c:set>
 			<p class="help-block"><fmt:message key="sysadmin.login.text"/></p>
 			
Index: lams_admin/web/policies/editPolicy.jsp
===================================================================
diff -u -r37bb2ae017713b44cdfd6a55cfceca28c3efab02 -r1840d1ada2e0a7dc494e83ed0c183f6c98b6da92
--- lams_admin/web/policies/editPolicy.jsp	(.../editPolicy.jsp)	(revision 37bb2ae017713b44cdfd6a55cfceca28c3efab02)
+++ lams_admin/web/policies/editPolicy.jsp	(.../editPolicy.jsp)	(revision 1840d1ada2e0a7dc494e83ed0c183f6c98b6da92)
@@ -70,8 +70,8 @@
 				<fmt:message key="admin.policies.title" />
 			</a>
 		</div>
-		
-		<form:form action="../policyManagement/save.do" modelAttribute="policyForm" id="policy-form" cssClass="voffset20" method="post">
+	<c:set var="csrfToken"><csrf:token/></c:set>	
+    <form:form action="../policyManagement/save.do?${csrfToken}" modelAttribute="policyForm" id="policy-form" cssClass="voffset20" method="post">
 			<form:hidden path="policyUid" />
 			<form:hidden path="policyId" />
 			<table class="table table-condensed table-no-border">
@@ -157,4 +157,4 @@
 		</form:form>
 	</lams:Page>
 </body>
-</lams:html>
\ No newline at end of file
+</lams:html>
Index: lams_admin/web/signupmanagement/add.jsp
===================================================================
diff -u -r37bb2ae017713b44cdfd6a55cfceca28c3efab02 -r1840d1ada2e0a7dc494e83ed0c183f6c98b6da92
--- lams_admin/web/signupmanagement/add.jsp	(.../add.jsp)	(revision 37bb2ae017713b44cdfd6a55cfceca28c3efab02)
+++ lams_admin/web/signupmanagement/add.jsp	(.../add.jsp)	(revision 1840d1ada2e0a7dc494e83ed0c183f6c98b6da92)
@@ -20,8 +20,8 @@
 			<a href="<lams:LAMSURL/>admin/sysadminstart.do" class="btn btn-default"><fmt:message key="sysadmin.maintain" /></a>
 			<a href="<lams:LAMSURL/>admin/signupManagement/start.do" class="btn btn-default loffset5"><fmt:message key="admin.signup.title" /></a>
 		</div>
-			
-		<form:form action="add.do" modelAttribute="signupForm" id="signupForm" method="post">
+		<c:set var="csrfToken"><csrf:token/></c:set>	
+		<form:form action="add.do?${csrfToken}" modelAttribute="signupForm" id="signupForm" method="post">
 				<form:hidden path="signupOrganisationId" />
 				
 				<table class="table table-condensed table-no-border">
Index: lams_admin/web/signupmanagement/list.jsp
===================================================================
diff -u -r37bb2ae017713b44cdfd6a55cfceca28c3efab02 -r1840d1ada2e0a7dc494e83ed0c183f6c98b6da92
--- lams_admin/web/signupmanagement/list.jsp	(.../list.jsp)	(revision 37bb2ae017713b44cdfd6a55cfceca28c3efab02)
+++ lams_admin/web/signupmanagement/list.jsp	(.../list.jsp)	(revision 1840d1ada2e0a7dc494e83ed0c183f6c98b6da92)
@@ -66,9 +66,10 @@
 						<c:out value="${signupOrganisation.context}" />
 					</td>
 					<td>
-						<a href="<lams:LAMSURL/>admin/signupManagement/edit.do?soid=${signupOrganisation.signupOrganisationId}"><fmt:message key="admin.edit"/></a>
-						&nbsp;&nbsp;
+						<a id="edit" class="btn btn-default btn-xs" href="<lams:LAMSURL/>admin/signupManagement/edit.do?soid=${signupOrganisation.signupOrganisationId}"><fmt:message key="admin.edit"/></a>
+						&nbsp;
 						<a href="<lams:LAMSURL/>admin/signupManagement/delete.do?soid=${signupOrganisation.signupOrganisationId}"><fmt:message key="admin.delete"/></a>
+                        <csrf:form style="display: inline-block;" id="delete_${signupOrganisation.signupOrganisationId}" method="post" action="/lams/admin/signupManagement/delete.do"><input type="hidden" name="soid" value="${signupOrganisation.signupOrganisationId}"/><input type="submit" class="btn btn-danger btn-xs" value="<fmt:message key="admin.delete" />"/></csrf:form>
 					</td>
 				</tr>
 			</c:forEach>
@@ -79,4 +80,4 @@
 	</lams:Page>
 
 </body>
-</lams:html>
\ No newline at end of file
+</lams:html>
Index: lams_admin/web/taglibs.jsp
===================================================================
diff -u -r9d51ed040508d8d5a10ee4033aded0c3784490a8 -r1840d1ada2e0a7dc494e83ed0c183f6c98b6da92
--- lams_admin/web/taglibs.jsp	(.../taglibs.jsp)	(revision 9d51ed040508d8d5a10ee4033aded0c3784490a8)
+++ lams_admin/web/taglibs.jsp	(.../taglibs.jsp)	(revision 1840d1ada2e0a7dc494e83ed0c183f6c98b6da92)
@@ -3,5 +3,6 @@
 <%@ taglib uri="tags-lams" prefix="lams" %>
 <%@ taglib uri="tags-core" prefix="c" %>
 <%@ taglib uri="tags-fmt" prefix="fmt" %>
+<%@ taglib uri="csrfguard" prefix="csrf" %>
 <%@ taglib uri="tags-function" prefix="fn" %>
 
Index: lams_admin/web/timezoneManagement.jsp
===================================================================
diff -u -r37bb2ae017713b44cdfd6a55cfceca28c3efab02 -r1840d1ada2e0a7dc494e83ed0c183f6c98b6da92
--- lams_admin/web/timezoneManagement.jsp	(.../timezoneManagement.jsp)	(revision 37bb2ae017713b44cdfd6a55cfceca28c3efab02)
+++ lams_admin/web/timezoneManagement.jsp	(.../timezoneManagement.jsp)	(revision 1840d1ada2e0a7dc494e83ed0c183f6c98b6da92)
@@ -49,8 +49,8 @@
 			</fmt:message>
 			
 			<lams:errors/>
-			
-			<form:form action="save.do" id="timezoneForm" modelAttribute="timezoneForm" method="post">
+		<c:set var="csrfToken"><csrf:token/></c:set>	
+        <form:form action="save.do?${csrfToken}" id="timezoneForm" modelAttribute="timezoneForm" method="post">
 				
 				<table class="table table-striped table-condensed">
 					<tr>
Index: lams_central/conf/security/Owasp.CsrfGuard.properties
===================================================================
diff -u -r82166d9c82b6d5ef5fd3f22db5174bbee8a286f4 -r1840d1ada2e0a7dc494e83ed0c183f6c98b6da92
--- lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision 82166d9c82b6d5ef5fd3f22db5174bbee8a286f4)
+++ lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision 1840d1ada2e0a7dc494e83ed0c183f6c98b6da92)
@@ -6,6 +6,23 @@
 # List of actions to check
 # Each key goes into a separate line prefixed with org.owasp.csrfguard.protected.
 # A key suffix must not contain a dot "." character
+
+# Admin forms
+org.owasp.csrfguard.protected.adminSaveConfigSettings=/lams/admin/config/save.do
+org.owasp.csrfguard.protected.adminSaveTimezone=/lams/admin/timezonemanagement/save.do
+org.owasp.csrfguard.protected.adminSaveLoginpage=/lams/admin/loginsave.do
+org.owasp.csrfguard.protected.adminSignupAdd=/lams/admin/signupManagement/add.do
+org.owasp.csrfguard.protected.adminSignupDelete=/lams/admin/signupManagement/delete.do
+org.owasp.csrfguard.protected.adminLtiConsumerSave=/lams/admin/ltiConsumerManagement/save.do
+org.owasp.csrfguard.protected.adminLtiConsumerDelete=/lams/admin/ltiConsumerManagement/delete.do
+org.owasp.csrfguard.protected.adminLtiConsumerToggleStatus=/lams/admin/ltiConsumerManagement/disable.do
+org.owasp.csrfguard.protected.adminPolicySave=/lams/admin/policyManagement/save.do
+org.owasp.csrfguard.protected.adminPolicyToggleStatus=/lams/admin/policyManagement/togglePolicyStatus.do
+org.owasp.csrfguard.protected.adminExtserverSave=/lams/admin/extserver/serversave.do
+org.owasp.csrfguard.protected.adminExtserverDelete=/lams/admin/extserver/delete.do
+org.owasp.csrfguard.protected.adminExtserverDisable=/lams/admin/extserver/disable.do
+org.owasp.csrfguard.protected.adminExtserverEnable=/lams/admin/extserver/enable.do
+
 org.owasp.csrfguard.protected.centralSaveUserProfile=/lams/saveprofile.do
 
 org.owasp.csrfguard.protected.assessmentDefineLater=/lams/tool/laasse10/authoring/definelater.do