struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ken McWilliams <ken.mcwilli...@gmail.com>
Subject Re: [Struts2] SessionToken Interceptor used with json Result and Javascript Calls
Date Wed, 07 Nov 2012 22:39:13 GMT
Can you share the interceptor stack configuration for your normal JSP's and
the stack configuration for the json actions?


On Wed, Nov 7, 2012 at 5:37 AM, Jan Fröhlich <Jan.Froehlich@infomotion.de>wrote:

> Hi...
>
> I try to secure one of my web applications with tokens.
> Everything works fine with basic jsp pages. But in one case, I call an
> action from javascript via jquery.ajax and return a json result.
>
> To do that, I added two properties to the json result object
> (documenTable) with token and tokenName and populate them in the action with
> documentTable.setTokenName(TokenHelper.getTokenName());
> documentTable.setToken(TokenHelper.getToken());
>
> The Javascript that gets the result object (data) looks like this:
> var submitData = {
>     documentID : documentRow.documentID,
>     showMessage : true
> };
> submitData[data.tokenName] = data.token;
> tdName.bind("click", function() {
>     $.ajax({
>     url : "view",
>     type: 'POST',
>     data : submitData,
>     success : function() {
>         ...
>     }
> });
>
> When the click event is fired, the parameters struts.token.name and
> struts.token are submitted with the request but the action returns
> invalid.token.
>
> Is that a way I can go? Is the TokenHelper the right thing to get a new
> valid token from?
>
> Any hints welcome!
>
> Regards
> Jan
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message