0

We want to avoid multi-request sent via Ajax in struts 2 web based application.

The s:token can be used in regular request-response jsp pages, but it will not work for ajax requests.

Here is sample

The application has forms which uses the ajax post method to validate fields ( I am using struts jquery plugin and the jQuery post is generated on the fly).

<s:form id="formValidateCustom" action="login">
      <s:token/>
      <s:textfield  name="login" />
      <span id="loginError">
      <sj:submit button="true" validateFunction="customeValidation" />
</s:form>

The login action is as below:

@InterceptorRef("jsonValidationWorkflowStack")
@Validations(requiredStrings = {
    @RequiredStringValidator(fieldName = "loginuser", type = ValidatorType.FIELD, message = "Login User is required")

})
public class Login extends ActionSupport {

@Action(value = "/login", results = {
    @Result(location = "simpleecho.jsp", name = "success")
  })
  public String execute() throws Exception
  {
    echo = "Welcome " + login;
    log.info(echo);

    return SUCCESS;
  }
}

There is a custom js for handling errors. This function is called when Ajax call ends. It reads all errors and search html fields which named field'Error' and add the error text to it :

function customeValidation(form, errors) {

    if (errors.fieldErrors) {
        $.each(errors.fieldErrors, function(index, value) { 
            var elem = $('#'+index+'Error');
            if(elem)
            {
                elem.html(value[0]);
            }
        });
    }
}

The complete example is at http://struts.jgeppert.com/struts2-jquery-showcase/index.action. Please go to Ajax>Form>Form With Custom Validation

When user leaves login filed empty, the ajax request return errors but the token in the form is not updated with new token. It is because the does not executed again as only a ajax call was made, and the jsp is not completely loaded.

I can still use solution provided Unable to implement Struts 2 token interceptor with hyperlink. In I must update the s:token hidden field manualy by jQuery to new token

Is there better way!

I found this issue at HOWTO do CSRF protection in Struts2 application for AJAX requests but I wonder if there is any better way for that? (I think this is a very common issue which must have been managed in struts)

Community
  • 1
  • 1
Alireza Fattahi
  • 42,517
  • 14
  • 123
  • 173

0 Answers0