Александр Кель Александр Кель - 1 month ago 22
Ajax Question

CSRF prevention for AJAX call from extjs to Struts action

I need to implement CSRF attack prevention using token in application that uses ajax post requests (ExtJs library) to Struts actions. How can I implement token generation and validation in such case?

Answer

In ExtJS you can use this:

Ext.Ajax.setDefaultHeaders({ token: 'xyz' })

This operation will add header to each request you will send to server.

In server side consider using Spring Security. I recommend this solution.

The second (and not the last option) - you can write your own servlet service and filters for - authentication(service generating token) - authorization(filter for request token validation).

Comments