Index: lams_central/conf/security/Owasp.CsrfGuard.properties
===================================================================
diff -u -reacf8690251ab940327df77e457801bbe436476f -r8a0116b9f105c1a090bd8adbac814e54f32673e3
--- lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision eacf8690251ab940327df77e457801bbe436476f)
+++ lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision 8a0116b9f105c1a090bd8adbac814e54f32673e3)
@@ -19,6 +19,7 @@
 org.owasp.csrfguard.protected.imageToggleVisibility=/lams/tool/laimag10/monitoring/toggleImageVisibility.do
 org.owasp.csrfguard.protected.lamcSubmissionDeadline=/lams/tool/lamc11/monitoring/setSubmissionDeadline.do
 org.owasp.csrfguard.protected.lamcSaveUserMark=/lams/tool/lamc11/monitoring/saveUserMark.do
+org.owasp.csrfguard.protected.leaderSaveLeaders=/lams/tool/lalead11/monitoring/saveLeaders.do
 org.owasp.csrfguard.protected.laqaSubmissionDeadline=/lams/tool/laqa11/monitoring/setSubmissionDeadline.do
 org.owasp.csrfguard.protected.mindmapSubmissionDeadline=/lams/tool/lamind10/monitoring/setSubmissionDeadline.do
 org.owasp.csrfguard.protected.notebookSubmissionDeadline=/lams/tool/lantbk11/monitoring/setSubmissionDeadline.do
Index: lams_tool_leader/src/java/org/lamsfoundation/lams/tool/leaderselection/web/controller/MonitoringController.java
===================================================================
diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -r8a0116b9f105c1a090bd8adbac814e54f32673e3
--- lams_tool_leader/src/java/org/lamsfoundation/lams/tool/leaderselection/web/controller/MonitoringController.java	(.../MonitoringController.java)	(revision f2ad75cef0c507a64877942631fee13efbc6ed50)
+++ lams_tool_leader/src/java/org/lamsfoundation/lams/tool/leaderselection/web/controller/MonitoringController.java	(.../MonitoringController.java)	(revision 8a0116b9f105c1a090bd8adbac814e54f32673e3)
@@ -39,6 +39,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 
 @Controller
 @RequestMapping("/monitoring")
@@ -104,7 +105,7 @@
      * @throws IOException
      * @throws JSONException
      */
-    @RequestMapping(value = "/saveLeaders")
+    @RequestMapping(path = "/saveLeaders", method = RequestMethod.POST)
     public String saveLeaders(HttpServletRequest request) throws IOException {
 	String sessionMapID = request.getParameter(LeaderselectionConstants.ATTR_SESSION_MAP_ID);
 	SessionMap<String, Object> sessionMap = (SessionMap<String, Object>) request.getSession()
Index: lams_tool_leader/web/WEB-INF/tlds/security/csrfguard.tld
===================================================================
diff -u
--- lams_tool_leader/web/WEB-INF/tlds/security/csrfguard.tld	(revision 0)
+++ lams_tool_leader/web/WEB-INF/tlds/security/csrfguard.tld	(revision 8a0116b9f105c1a090bd8adbac814e54f32673e3)
@@ -0,0 +1,70 @@
+<?xml version="1.0"?>
+<!--
+The OWASP CSRFGuard Project, BSD License
+Eric Sheridan (eric@infraredsecurity.com), Copyright (c) 2011 
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+   this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. Neither the name of OWASP nor the names of its contributors may be used
+   to endorse or promote products derived from this software without specific
+   prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ -->
+<taglib xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd" version="2.0">
+	<tlib-version>1.2</tlib-version>
+	<jsp-version>2.0</jsp-version>
+	<short-name>Owasp CsrfGuard Tag Library</short-name>
+	<uri>http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld</uri>
+	<tag>
+		<name>token</name>
+		<tag-class>org.owasp.csrfguard.tag.TokenTag</tag-class>
+		<body-content>empty</body-content>
+		<attribute>
+			<name>uri</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+	</tag>
+	<tag>
+		<name>tokenname</name>
+		<tag-class>org.owasp.csrfguard.tag.TokenNameTag</tag-class>
+		<body-content>empty</body-content>
+	</tag>
+	<tag>
+		<name>tokenvalue</name>
+		<tag-class>org.owasp.csrfguard.tag.TokenValueTag</tag-class>
+		<body-content>empty</body-content>
+		<attribute>
+			<name>uri</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+	</tag>
+	<tag>
+		<name>a</name>
+		<tag-class>org.owasp.csrfguard.tag.ATag</tag-class>
+		<dynamic-attributes>true</dynamic-attributes>
+	</tag>
+	<tag>
+		<name>form</name>
+		<tag-class>org.owasp.csrfguard.tag.FormTag</tag-class>
+		<dynamic-attributes>true</dynamic-attributes>
+	</tag>
+</taglib>
Index: lams_tool_leader/web/WEB-INF/web.xml
===================================================================
diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -r8a0116b9f105c1a090bd8adbac814e54f32673e3
--- lams_tool_leader/web/WEB-INF/web.xml	(.../web.xml)	(revision b935721d25817b83c29d3166a7fa9b4b9b7d3785)
+++ lams_tool_leader/web/WEB-INF/web.xml	(.../web.xml)	(revision 8a0116b9f105c1a090bd8adbac814e54f32673e3)
@@ -52,7 +52,11 @@
 	<filter-mapping>
 		<filter-name>hibernateFilter</filter-name>
 		<url-pattern>/*</url-pattern>
-	</filter-mapping>
+    </filter-mapping>
+    <filter-mapping>
+        <filter-name>CSRFGuard</filter-name>
+        <url-pattern>*.do</url-pattern>
+    </filter-mapping>    
 	<filter-mapping>
 		<filter-name>LocaleFilter</filter-name>
 		<url-pattern>/*</url-pattern>
@@ -62,7 +66,11 @@
 		<listener-class>
 			org.springframework.web.context.ContextLoaderListener
 		</listener-class>
-	</listener>
+    </listener>
+    <filter>
+        <filter-name>CSRFGuard</filter-name>
+        <filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
+    </filter>
 
 	<servlet>
 		<servlet-name>spring</servlet-name>
@@ -148,7 +156,14 @@
 		<taglib>
 			<taglib-uri>tags-lams</taglib-uri>
 			<taglib-location>/WEB-INF/tlds/lams/lams.tld</taglib-location>
-		</taglib>
+        </taglib>
+        <!-- ======================================================== -->
+        <!-- CSRF Guard Tag Library -->
+        <!-- ======================================================== -->
+        <taglib>
+            <taglib-uri>csrfguard</taglib-uri>
+            <taglib-location>/WEB-INF/tlds/security/csrfguard.tld</taglib-location>
+        </taglib>
 
 	</jsp-config>
 
@@ -246,4 +261,4 @@
 			<form-error-page>/login.jsp?failed=y</form-error-page>
 		</form-login-config>
 	</login-config>
-</web-app>
\ No newline at end of file
+</web-app>
Index: lams_tool_leader/web/common/taglibs.jsp
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r8a0116b9f105c1a090bd8adbac814e54f32673e3
--- lams_tool_leader/web/common/taglibs.jsp	(.../taglibs.jsp)	(revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_tool_leader/web/common/taglibs.jsp	(.../taglibs.jsp)	(revision 8a0116b9f105c1a090bd8adbac814e54f32673e3)
@@ -3,4 +3,5 @@
 <%@ taglib uri="tags-core" prefix="c"%>
 <%@ taglib uri="tags-fmt" prefix="fmt"%>
 <%@ taglib uri="tags-lams" prefix="lams"%>
-<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %> 
\ No newline at end of file
+<%@ taglib uri="csrfguard" prefix="csrf" %>
+<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %> 
Index: lams_tool_leader/web/pages/monitoring/manageLeaders.jsp
===================================================================
diff -u -r5a0c67fe7b338c1f3ad27b7e309d993feb90a0b5 -r8a0116b9f105c1a090bd8adbac814e54f32673e3
--- lams_tool_leader/web/pages/monitoring/manageLeaders.jsp	(.../manageLeaders.jsp)	(revision 5a0c67fe7b338c1f3ad27b7e309d993feb90a0b5)
+++ lams_tool_leader/web/pages/monitoring/manageLeaders.jsp	(.../manageLeaders.jsp)	(revision 8a0116b9f105c1a090bd8adbac814e54f32673e3)
@@ -32,8 +32,9 @@
 
 	<c:set var="title"><fmt:message key="label.plese.select.leaders" /></c:set>
 	<lams:Page type="learner" title="${title}">
-			
-		<form action="<c:url value='/monitoring/saveLeaders.do?sessionMapID=${sessionMapID}'/>" id="leaders">
+	<c:set var="csrfToken"><csrf:token/></c:set>		
+		<form action="<c:url value='/monitoring/saveLeaders.do?${csrfToken}'/>" method="post" id="leaders">
+                <input name="sessionMapID" type="hidden" value="${sessionMapID}"/>
 				<c:forEach var="session" items="${sessionMap.leaderselectionDT0.sessionDTOs}" varStatus="status">
 					<h1></h1>
 					<div style="padding-left: 30px; <c:if test='${! status.last}'>padding-bottom: 30px;</c:if><c:if test='${ status.last}'>padding-bottom: 15px;</c:if> ">