问题
I need to implement CSRF attack prevention using token in application that uses ajax post requests (ExtJs library) to Struts actions. How can I implement token generation and validation in such case?
回答1:
In ExtJS you can use this:
Ext.Ajax.setDefaultHeaders({ token: 'xyz' })
This operation will add header to each request you will send to server.
In server side consider using Spring Security. I recommend this solution.
The second (and not the last option) - you can write your own servlet service and filters for - authentication(service generating token) - authorization(filter for request token validation).
来源:https://stackoverflow.com/questions/38871578/csrf-prevention-for-ajax-call-from-extjs-to-struts-action