I need to implement CSRF attack prevention using token in application that uses ajax post requests (ExtJs library) to Struts actions. How can I implement token generation and validation in such case?
1
votes
what about OAuth 2.0 (oauth.net/2)? There are a lot of JAVA libraries out there which support it.
– oberbics
@oberbics I need to implement prevention only for few requests and I can not do anything with current authorization process.
– Александр Кель
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question.
– Roman C
1 Answers
0
votes
In ExtJS you can use this:
Ext.Ajax.setDefaultHeaders({ token: 'xyz' })
This operation will add header to each request you will send to server.
In server side consider using Spring Security. I recommend this solution.
The second (and not the last option) - you can write your own servlet service and filters for - authentication(service generating token) - authorization(filter for request token validation).
