Can you share the interceptor stack configuration for your normal JSP's and
the stack configuration for the json actions?
On Wed, Nov 7, 2012 at 5:37 AM, Jan Fröhlich <jan.froehl...@infomotion.de>wrote:
> Hi...
>
> I try to secure one of my web applications with tokens.
> Everything works fine with basic jsp pages. But in one case, I call an
> action from javascript via jquery.ajax and return a json result.
>
> To do that, I added two properties to the json result object
> (documenTable) with token and tokenName and populate them in the action with
> documentTable.setTokenName(TokenHelper.getTokenName());
> documentTable.setToken(TokenHelper.getToken());
>
> The Javascript that gets the result object (data) looks like this:
> var submitData = {
> documentID : documentRow.documentID,
> showMessage : true
> };
> submitData[data.tokenName] = data.token;
> tdName.bind("click", function() {
> $.ajax({
> url : "view",
> type: 'POST',
> data : submitData,
> success : function() {
> ...
> }
> });
>
> When the click event is fired, the parameters struts.token.name and
> struts.token are submitted with the request but the action returns
> invalid.token.
>
> Is that a way I can go? Is the TokenHelper the right thing to get a new
> valid token from?
>
> Any hints welcome!
>
> Regards
> Jan
>
>
