You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Jan Fröhlich <Ja...@infomotion.de> on 2012/11/07 13:37:17 UTC
[Struts2] SessionToken Interceptor used with json Result and
Javascript Calls
Hi...
I try to secure one of my web applications with tokens.
Everything works fine with basic jsp pages. But in one case, I call an action from javascript via jquery.ajax and return a json result.
To do that, I added two properties to the json result object (documenTable) with token and tokenName and populate them in the action with
documentTable.setTokenName(TokenHelper.getTokenName());
documentTable.setToken(TokenHelper.getToken());
The Javascript that gets the result object (data) looks like this:
var submitData = {
documentID : documentRow.documentID,
showMessage : true
};
submitData[data.tokenName] = data.token;
tdName.bind("click", function() {
$.ajax({
url : "view",
type: 'POST',
data : submitData,
success : function() {
...
}
});
When the click event is fired, the parameters struts.token.name and struts.token are submitted with the request but the action returns invalid.token.
Is that a way I can go? Is the TokenHelper the right thing to get a new valid token from?
Any hints welcome!
Regards
Jan
Re: [Struts2] SessionToken Interceptor used with json Result and
Javascript Calls
Posted by Ken McWilliams <ke...@gmail.com>.
Can you share the interceptor stack configuration for your normal JSP's and
the stack configuration for the json actions?
On Wed, Nov 7, 2012 at 5:37 AM, Jan Fröhlich <Ja...@infomotion.de>wrote:
> Hi...
>
> I try to secure one of my web applications with tokens.
> Everything works fine with basic jsp pages. But in one case, I call an
> action from javascript via jquery.ajax and return a json result.
>
> To do that, I added two properties to the json result object
> (documenTable) with token and tokenName and populate them in the action with
> documentTable.setTokenName(TokenHelper.getTokenName());
> documentTable.setToken(TokenHelper.getToken());
>
> The Javascript that gets the result object (data) looks like this:
> var submitData = {
> documentID : documentRow.documentID,
> showMessage : true
> };
> submitData[data.tokenName] = data.token;
> tdName.bind("click", function() {
> $.ajax({
> url : "view",
> type: 'POST',
> data : submitData,
> success : function() {
> ...
> }
> });
>
> When the click event is fired, the parameters struts.token.name and
> struts.token are submitted with the request but the action returns
> invalid.token.
>
> Is that a way I can go? Is the TokenHelper the right thing to get a new
> valid token from?
>
> Any hints welcome!
>
> Regards
> Jan
>
>