You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Jan Fröhlich <Ja...@infomotion.de> on 2012/11/07 13:37:17 UTC

[Struts2] SessionToken Interceptor used with json Result and Javascript Calls

Hi...

I try to secure one of my web applications with tokens.
Everything works fine with basic jsp pages. But in one case, I call an action from javascript via jquery.ajax and return a json result.

To do that, I added two properties to the json result object (documenTable) with token and tokenName and populate them in the action with
documentTable.setTokenName(TokenHelper.getTokenName());
documentTable.setToken(TokenHelper.getToken());

The Javascript that gets the result object (data) looks like this:
var submitData = {
    documentID : documentRow.documentID,
    showMessage : true
};
submitData[data.tokenName] = data.token;
tdName.bind("click", function() {
    $.ajax({
    url : "view",
    type: 'POST',
    data : submitData,
    success : function() {
        ...
    }
});

When the click event is fired, the parameters struts.token.name and struts.token are submitted with the request but the action returns invalid.token.

Is that a way I can go? Is the TokenHelper the right thing to get a new valid token from?

Any hints welcome!

Regards
Jan

Re: [Struts2] SessionToken Interceptor used with json Result and Javascript Calls

Posted by Ken McWilliams <ke...@gmail.com>.

Can you share the interceptor stack configuration for your normal JSP's and
the stack configuration for the json actions?


On Wed, Nov 7, 2012 at 5:37 AM, Jan Fröhlich <Ja...@infomotion.de>wrote:

> Hi...
>
> I try to secure one of my web applications with tokens.
> Everything works fine with basic jsp pages. But in one case, I call an
> action from javascript via jquery.ajax and return a json result.
>
> To do that, I added two properties to the json result object
> (documenTable) with token and tokenName and populate them in the action with
> documentTable.setTokenName(TokenHelper.getTokenName());
> documentTable.setToken(TokenHelper.getToken());
>
> The Javascript that gets the result object (data) looks like this:
> var submitData = {
>     documentID : documentRow.documentID,
>     showMessage : true
> };
> submitData[data.tokenName] = data.token;
> tdName.bind("click", function() {
>     $.ajax({
>     url : "view",
>     type: 'POST',
>     data : submitData,
>     success : function() {
>         ...
>     }
> });
>
> When the click event is fired, the parameters struts.token.name and
> struts.token are submitted with the request but the action returns
> invalid.token.
>
> Is that a way I can go? Is the TokenHelper the right thing to get a new
> valid token from?
>
> Any hints welcome!
>
> Regards
> Jan
>
>