Can you share the interceptor stack configuration for your normal JSP's and the stack configuration for the json actions?
On Wed, Nov 7, 2012 at 5:37 AM, Jan Fröhlich <jan.froehl...@infomotion.de>wrote: > Hi... > > I try to secure one of my web applications with tokens. > Everything works fine with basic jsp pages. But in one case, I call an > action from javascript via jquery.ajax and return a json result. > > To do that, I added two properties to the json result object > (documenTable) with token and tokenName and populate them in the action with > documentTable.setTokenName(TokenHelper.getTokenName()); > documentTable.setToken(TokenHelper.getToken()); > > The Javascript that gets the result object (data) looks like this: > var submitData = { > documentID : documentRow.documentID, > showMessage : true > }; > submitData[data.tokenName] = data.token; > tdName.bind("click", function() { > $.ajax({ > url : "view", > type: 'POST', > data : submitData, > success : function() { > ... > } > }); > > When the click event is fired, the parameters struts.token.name and > struts.token are submitted with the request but the action returns > invalid.token. > > Is that a way I can go? Is the TokenHelper the right thing to get a new > valid token from? > > Any hints welcome! > > Regards > Jan > >