使用 JQuery 提交表单时返回 struts2 invalid.token

发布于 2024-09-05 23:02:41 字数 1489 浏览 4 评论 0原文

我继承了一些代码，现在必须在其中添加 CSRF 预防，并尝试使用 struts2 tokenSession 拦截器来执行此操作。我使用 struts2 令牌标记向表单添加令牌，如下所示：

<form id="updateObject" name="updateObject" action="<%=request.getContextPath()%>/prv/updateObject.action" method="POST">
    <fieldset class="x-fieldset">
        <legend>Update object - Action Required</legend>
        <div>...</div>
        <s:token />
        <s:hidden name="id" id="objectId" />
            more stuff here...
        <input type="submit" value="Update Object" onclick="javascript:return doUpdateObject('myAction');"/>
    </fieldset>
</form>

在我的 javascript 函数中，我添加/删除一些验证规则（取决于所需的操作，并提交表单：

function doUpdateObject(action){
    actionPanel.registerAction(action); // this function places the action name in an in-scope variable
    doUpdateObjectValidationSetup(action); // this function adds/removes jquery validation rules depending upon the action

    if($("#updateObject").valid()){
        $("form#updateObject").submit();
    }
    return false;
}

我已拦截请求并且令牌是正在添加，但是 struts2 tokenSession 拦截器返回 invalid.token。如果没有此拦截器，代码将按预期工作（未发布 struts2 xml 文件 - 如果需要，我还会在其他页面中使用 tokenSession 拦截器）。使用基本的 html 提交按钮（即不通过 javascript 或 jquery），这也可以按预期工作。是什么使令牌无效？

注意我继承的项目使用了标准 html、struts2 标签、ExtJS 和 JQuery 的奇怪组合。我会在某个时候清理这个问题，但目前我只需要让 tokenSession 拦截器在代码中尽快按原样工作（因为我必须对数百页应用类似的修复...）

。 /提示/等非常感谢！

问候，

约翰

原文

I have inherited some code in which I now have to add CSRF prevention and am trying to use the struts2 tokenSession interceptor to do this. I am adding a token to my form using the struts2 token tag like so:

<form id="updateObject" name="updateObject" action="<%=request.getContextPath()%>/prv/updateObject.action" method="POST">
    <fieldset class="x-fieldset">
        <legend>Update object - Action Required</legend>
        <div>...</div>
        <s:token />
        <s:hidden name="id" id="objectId" />
            more stuff here...
        <input type="submit" value="Update Object" onclick="javascript:return doUpdateObject('myAction');"/>
    </fieldset>
</form>

In my javascript function, I am adding/removing some validation rules (depending upon the action required, and submitting the form:

function doUpdateObject(action){
    actionPanel.registerAction(action); // this function places the action name in an in-scope variable
    doUpdateObjectValidationSetup(action); // this function adds/removes jquery validation rules depending upon the action

    if($("#updateObject").valid()){
        $("form#updateObject").submit();
    }
    return false;
}

I have intercepted the request and a token is being added, however the struts2 tokenSession interceptor is returning invalid.token. The code works as expected without this interceptor. (struts2 xml file not posted - will post the relevant section if required). I have also used the tokenSession interceptor in other pages which use a basic html submit button (i.e. not going via javascript or jquery) and this also works as expected. What is making the token invalid?

N.B. The project I have inherited uses a strange mixture of standard html, struts2 tags, ExtJS and JQuery. I will clean this up at some point but at the moment I just need to get the tokenSession interceptor working asap in the code as-is (as I have to apply a similar fix to several hundred pages...).

Any help/pointers/tips/etc greatly appreciated!

Regards,

John

分享到QQ

分享到微博