Index: lams_central/conf/security/Owasp.CsrfGuard.properties
===================================================================
diff -u -rf90d546554d75ad8f1058e5d47733d5703f1f411 -r82166d9c82b6d5ef5fd3f22db5174bbee8a286f4
--- lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision f90d546554d75ad8f1058e5d47733d5703f1f411)
+++ lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision 82166d9c82b6d5ef5fd3f22db5174bbee8a286f4)
@@ -10,6 +10,9 @@
 
 org.owasp.csrfguard.protected.assessmentDefineLater=/lams/tool/laasse10/authoring/definelater.do
 org.owasp.csrfguard.protected.assessmentSubmissionDeadline=/lams/tool/laasse10/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.assessmentSaveUserGrade=/lams/tool/laasse10/monitoring/saveUserGrade.do
+org.owasp.csrfguard.protected.assessmentDiscloseCorrectAnswers=/lams/tool/laasse10/monitoring/discloseCorrectAnswers.do
+org.owasp.csrfguard.protected.assessmentDiscloseGroupsAnswers=/lams/tool/laasse10/monitoring/discloseGroupsAnswers.do
 
 org.owasp.csrfguard.protected.chatDefineLater=/lams/tool/lachat11/authoring/definelater.do
 org.owasp.csrfguard.protected.chatSubmissionDeadline=/lams/tool/lachat11/monitoring/setSubmissionDeadline.do
Index: lams_tool_assessment/src/java/org/lamsfoundation/lams/tool/assessment/web/controller/MonitoringController.java
===================================================================
diff -u -r1beaa4cc5e224dd433297d543c5511234c0bfc10 -r82166d9c82b6d5ef5fd3f22db5174bbee8a286f4
--- lams_tool_assessment/src/java/org/lamsfoundation/lams/tool/assessment/web/controller/MonitoringController.java	(.../MonitoringController.java)	(revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
+++ lams_tool_assessment/src/java/org/lamsfoundation/lams/tool/assessment/web/controller/MonitoringController.java	(.../MonitoringController.java)	(revision 82166d9c82b6d5ef5fd3f22db5174bbee8a286f4)
@@ -197,7 +197,7 @@
 	return "pages/monitoring/parts/usersummary";
     }
 
-    @RequestMapping("/saveUserGrade")
+    @RequestMapping(path = "/saveUserGrade", method = RequestMethod.POST)
     public void saveUserGrade(HttpServletRequest request, HttpServletResponse response) {
 
 	if ((request.getParameter(AssessmentConstants.PARAM_NOT_A_NUMBER) == null)
@@ -568,7 +568,7 @@
     /**
      * Allows displaying correct answers to learners
      */
-    @RequestMapping("/discloseCorrectAnswers")
+    @RequestMapping(path = "/discloseCorrectAnswers", method = RequestMethod.POST)
     public void discloseCorrectAnswers(HttpServletRequest request, HttpServletResponse response) {
 	Long questionUid = WebUtil.readLongParam(request, "questionUid");
 	Long toolContentId = WebUtil.readLongParam(request, AssessmentConstants.PARAM_TOOL_CONTENT_ID);
@@ -588,7 +588,7 @@
     /**
      * Allows displaying other groups' answers to learners
      */
-    @RequestMapping("/discloseGroupsAnswers")
+    @RequestMapping(path = "/discloseGroupsAnswers", method = RequestMethod.POST)
     public void discloseGroupsAnswers(HttpServletRequest request, HttpServletResponse response) {
 	Long questionUid = WebUtil.readLongParam(request, "questionUid");
 	Long toolContentId = WebUtil.readLongParam(request, AssessmentConstants.PARAM_TOOL_CONTENT_ID);
Index: lams_tool_assessment/web/pages/monitoring/parts/questionsummary.jsp
===================================================================
diff -u -rb745384874257ea8327d82156fec0455e4232ad6 -r82166d9c82b6d5ef5fd3f22db5174bbee8a286f4
--- lams_tool_assessment/web/pages/monitoring/parts/questionsummary.jsp	(.../questionsummary.jsp)	(revision b745384874257ea8327d82156fec0455e4232ad6)
+++ lams_tool_assessment/web/pages/monitoring/parts/questionsummary.jsp	(.../questionsummary.jsp)	(revision 82166d9c82b6d5ef5fd3f22db5174bbee8a286f4)
@@ -60,7 +60,7 @@
 	  				   	],
 	  				   	multiselect: false,
 	  				   	caption: "${sessionDto.sessionName}",
-	  				  	cellurl: '<c:url value="/monitoring/saveUserGrade.do?sessionMapID=${sessionMapID}"/>',
+	  				  	cellurl: '<c:url value="/monitoring/saveUserGrade.do?sessionMapID=${sessionMapID}"/>&<csrf:token/>',
 	  				  	cellEdit: true,
 	  				  	beforeEditCell: function (rowid,name,val,iRow,iCol){
 	  				  		previousCellValue = val;
Index: lams_tool_assessment/web/pages/monitoring/parts/usersummary.jsp
===================================================================
diff -u -rb745384874257ea8327d82156fec0455e4232ad6 -r82166d9c82b6d5ef5fd3f22db5174bbee8a286f4
--- lams_tool_assessment/web/pages/monitoring/parts/usersummary.jsp	(.../usersummary.jsp)	(revision b745384874257ea8327d82156fec0455e4232ad6)
+++ lams_tool_assessment/web/pages/monitoring/parts/usersummary.jsp	(.../usersummary.jsp)	(revision 82166d9c82b6d5ef5fd3f22db5174bbee8a286f4)
@@ -50,7 +50,7 @@
 	  				   		{name:'grade', index:'grade', width:80, sorttype:"float", editable:true, editoptions: {size:4, maxlength: 4}, align:"right", classes: 'vertical-align' }		
 	  				   	],
 	  				   	multiselect: false,
-	  				  	cellurl: '<c:url value="/monitoring/saveUserGrade.do?sessionMapID=${sessionMapID}"/>',
+	  				  	cellurl: '<c:url value="/monitoring/saveUserGrade.do?sessionMapID=${sessionMapID}"/>&<csrf:token/>',
 	  				  	cellEdit: true,
 	  				  	beforeEditCell: function (rowid,name,val,iRow,iCol){
   				  			previousCellValue = val;
Index: lams_tool_assessment/web/pages/monitoring/summary.jsp
===================================================================
diff -u -r1ba75f43a383fb925aae69975d748d0a8dfdf9a5 -r82166d9c82b6d5ef5fd3f22db5174bbee8a286f4
--- lams_tool_assessment/web/pages/monitoring/summary.jsp	(.../summary.jsp)	(revision 1ba75f43a383fb925aae69975d748d0a8dfdf9a5)
+++ lams_tool_assessment/web/pages/monitoring/summary.jsp	(.../summary.jsp)	(revision 82166d9c82b6d5ef5fd3f22db5174bbee8a286f4)
@@ -112,7 +112,7 @@
 			   	],
 			   	multiselect: false,
 
-				cellurl: '<c:url value="/monitoring/saveUserGrade.do?sessionMapID=${sessionMapID}"/>',
+				cellurl: '<c:url value="/monitoring/saveUserGrade.do?sessionMapID=${sessionMapID}"/>&<csrf:token/>',
   				cellEdit: true,
   				afterEditCell: function (rowid,name,val,iRow,iCol){
   					oldValue = eval(val);
@@ -213,7 +213,8 @@
 		// ajax calls to disclose correct/groups answers
 	    correctButton.click(function(){
 			$.ajax({
-				'url'  : '<lams:WebAppURL />monitoring/discloseCorrectAnswers.do',
+                type: 'POST',
+				'url'  : '<lams:WebAppURL />monitoring/discloseCorrectAnswers.do?<csrf:token/>',
 				'data' : {
 					'questionUid'   : questionUidSelect.val(),
 					'toolContentID' : '${sessionMap.assessment.contentId}'
@@ -226,7 +227,8 @@
 
 	    groupsButton.click(function(){
 			$.ajax({
-				'url'  : '<lams:WebAppURL />monitoring/discloseGroupsAnswers.do',
+                type: 'POST',
+				'url'  : '<lams:WebAppURL />monitoring/discloseGroupsAnswers.do?<csrf:token/>',
 				'data' : {
 					'questionUid'   : questionUidSelect.val(),
 					'toolContentID' : '${sessionMap.assessment.contentId}'
@@ -242,7 +244,8 @@
 			    var option = $(this),
 			    	questionUid = option.val();
 				$.ajax({
-					'url'  : '<lams:WebAppURL />monitoring/discloseCorrectAnswers.do',
+                    type: 'POST',
+					'url'  : '<lams:WebAppURL />monitoring/discloseCorrectAnswers.do?<csrf:token/>',
 					'data' : {
 						'questionUid'   : questionUid,
 						'toolContentID' : '${sessionMap.assessment.contentId}'
@@ -262,7 +265,8 @@
 			    var option = $(this),
 			    	questionUid = option.val();
 				$.ajax({
-					'url'  : '<lams:WebAppURL />monitoring/discloseGroupsAnswers.do',
+                    type: 'POST',
+					'url'  : '<lams:WebAppURL />monitoring/discloseGroupsAnswers.do?<csrf:token/>',
 					'data' : {
 						'questionUid'   : questionUid,
 						'toolContentID' : '${sessionMap.assessment.contentId}'