Re: [Struts2] SessionToken Interceptor used with json Result and Javascript Calls
Can you share the interceptor stack configuration for your normal JSP's and the stack configuration for the json actions? On Wed, Nov 7, 2012 at 5:37 AM, Jan Fröhlich wrote: > Hi... > > I try to secure one of my web applications with tokens. > Everything works fine with basic jsp pages. But in one case, I call an > action from javascript via jquery.ajax and return a json result. > > To do that, I added two properties to the json result object > (documenTable) with token and tokenName and populate them in the action with > documentTable.setTokenName(TokenHelper.getTokenName()); > documentTable.setToken(TokenHelper.getToken()); > > The Javascript that gets the result object (data) looks like this: > var submitData = { > documentID : documentRow.documentID, > showMessage : true > }; > submitData[data.tokenName] = data.token; > tdName.bind("click", function() { > $.ajax({ > url : "view", > type: 'POST', > data : submitData, > success : function() { > ... > } > }); > > When the click event is fired, the parameters struts.token.name and > struts.token are submitted with the request but the action returns > invalid.token. > > Is that a way I can go? Is the TokenHelper the right thing to get a new > valid token from? > > Any hints welcome! > > Regards > Jan > >
Re: Getting request as null
If I had to guess, I'd say that the ServletActionContext hasn't been completely initialized when the Class is instantiated, so calling getServletRequest in an instance initializer isn't going to work. Either call ServletActionContext.getServletRequest() in the method body, or (better option) use the ServletRequestAware interface on your Action and have the ServletRequest injected into your Action. (*Chris*) On Wed, Nov 7, 2012 at 4:17 AM, Srineel Mazumdar wrote: > Hi, > > I am getting request object as null. Checked google..no help.. > > > *Class where I am getting null* > > package com.home.practice.shop; > > import javax.servlet.ServletContext; > import javax.servlet.http.HttpServletRequest; > > import org.apache.struts2.ServletActionContext; > import org.springframework.web.context.WebApplicationContext; > import org.springframework.web.context.support.WebApplicationContextUtils; > > import com.home.practice.shop.domain.logic.PetStoreFacade; > import com.opensymphony.xwork2.ActionSupport; > > public class BaseAction extends ActionSupport { > > private PetStoreFacade petStore; > HttpServletRequest request = ServletActionContext.getRequest(); > public void setServlet() { > > ServletContext context = ServletActionContext.getServletContext(); > WebApplicationContext wac = WebApplicationContextUtils > .getRequiredWebApplicationContext(context); > this.petStore = (PetStoreFacade) wac.getBean("petStore"); > > } > > protected PetStoreFacade getPetStore() { > return petStore; > } > > } > > But strangely in the following class the same code I have wriiten and I am > getting request object > > public class ViewCategoryAction extends BaseAction { > > public String execute() throws Exception { > HttpServletRequest request = ServletActionContext.getRequest(); > System.out.println("**" + request); > > > Why is it so ? ServletActionContext.getRequest() is returning null in base > class but not in child class. > > applicationContext.xml > > > > > http://www.springframework.org/schema/beans"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:aop=" > http://www.springframework.org/schema/aop"; > xmlns:tx="http://www.springframework.org/schema/tx"; > xsi:schemaLocation=" > http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans-2.5.xsd > http://www.springframework.org/schema/aop > http://www.springframework.org/schema/aop/spring-aop-2.5.xsd > http://www.springframework.org/schema/tx > http://www.springframework.org/schema/tx/spring-tx-2.5.xsd";> > > > "prototype" abstract="true"/> > > class="com.home.practice.shop.AddItemToCartAction" scope = "prototype" > parent = "baseAction"> > > > > > > > scope = "prototype" parent = "baseAction"/> > > class="com.home.practice.shop.EditAccountAction" scope = "prototype" parent > = "baseAction"> > > > > > > enlish > japanese > > > > > > > > > > > > class="com.home.practice.shop.EditAccountFormAction" scope = "prototype" > parent = "baseAction"/> > class="com.home.practice.shop.ListOrdersAction" scope = "prototype" parent > = "baseAction"/> > class="com.home.practice.shop.NewAccountAction" scope = "prototype" parent > = "baseAction"/> > > class="com.home.practice.shop.NewOrderFormAction" scope = "prototype" > parent = "baseAction"> > > > > > > Visa > MasterCard > American Express > > > > scope = "prototype" parent = "baseAction"> > > > > > > Visa > MasterCard > American Express > > > > > > class="com.home.practice.shop.NewOrderFormAction" scope = "prototype" > parent = "baseAction"> > > > > > > Visa > MasterCard > American Express > > > > class="com.home.practice.shop.RemoveItemFromCartAction" scope = "prototype" > parent = "baseAction"> > > > > > class="com.home.practice.shop.SearchProductsAction" scope = "prototype" > parent = "baseAction"/> > > > "prototype" parent = "baseAction"> > > > > > > enlish > japanese > > > > > > > > > > > > class="com.home.practice.shop.UpdateCartQuantitiesAction" scope = > "prototype" parent = "baseAction"> > > > > > > scope = "prototype" parent = "baseAction"> > > > > > > class="com.home.practice.shop.ViewCategoryAction" scope = "prototype" > parent = "baseAction"/> > > scope = "prototype" parent = "baseAction"/> > > scope = "prototype" parent = "baseAction"> > > > > > > > > enlish > japanese > > > > > > > > > > > > ref = "myPageList" /> > > > class="com.home.practice.shop.ViewProductAction" scope = "prototype" parent > = "baseAction"/> > scope = "prototype"/> > "prototype"/> > scope = "prototype"/> > scope = "prototype"/> > "prototype"/> > scope = "prototype"/> > "prototype"/> > scope = "prototype"/> > "org.springframework.beans.support.PagedListHolder" scope = "prototype"/> > > > > > > Regards, > Srineel >
[Struts2] SessionToken Interceptor used with json Result and Javascript Calls
Hi... I try to secure one of my web applications with tokens. Everything works fine with basic jsp pages. But in one case, I call an action from javascript via jquery.ajax and return a json result. To do that, I added two properties to the json result object (documenTable) with token and tokenName and populate them in the action with documentTable.setTokenName(TokenHelper.getTokenName()); documentTable.setToken(TokenHelper.getToken()); The Javascript that gets the result object (data) looks like this: var submitData = { documentID : documentRow.documentID, showMessage : true }; submitData[data.tokenName] = data.token; tdName.bind("click", function() { $.ajax({ url : "view", type: 'POST', data : submitData, success : function() { ... } }); When the click event is fired, the parameters struts.token.name and struts.token are submitted with the request but the action returns invalid.token. Is that a way I can go? Is the TokenHelper the right thing to get a new valid token from? Any hints welcome! Regards Jan
Re: Issue with maven archetypes - jetty plugin version 8 not refreshing JSPs
A follow-up on this. I was able to identify the root cause of this issue. While this is a bit specific to our use case, I share this with the community nonetheless. This was basically caused by the timestamps of the files. My work directory is an NFS mount of another server. For some strange reason* the clock on that server is delayed. This means that if it's 9:00 and I change the JSP file, the file will be timestamped with 8:40. There might have been a change in Jetty from 6 to 8 regarding the strategy used for JSP file reloading - while Jetty 6 does not seem to care about the file's timestamp and refreshes anyway, Jetty 8 is more sensitive and does not reload the file. So the "solution" here was simply to update the remote NFS server's clock. Why the NTP-aware server is having trouble with the time is another issue... Miguel Almeida On Tue, 2012-11-06 at 13:12 +0100, Lukasz Lenart wrote: > 2012/10/31 Miguel Almeida > > > Hey Lukasz, > > > > Does your jetty configuration match the ones I provided? More > > specifically, did you remove the element? With > > scanTargets you will see the JSP changes, but only after the automatic > > container reload (so, worse case scenario in 10 seconds, as defined in > > the element. > > > > If you remove scanTargets, the page will not be refreshed on JSP change > > in jetty 8 but will be refreshed in jetty 6! And reloading the entire > > container for every JSP change seems like an overkill (and slows down > > development process considerably when your webapp has session variables > > and security). > > > > Could you try the configuration without for jetty 6 and 8? > > > Yes, I did that and even committed the change [1], there was no Jetty > restarts when I've been changing jsp file. > > [1] https://issues.apache.org/jira/browse/WW-3916 > > > Regards