HOWTO do CSRF protection in Struts2 application for AJAX requests

Question

I have a struts2 webapp in which I need to implement CSRF protection. For statis forms it is pretty straight forward. I just need to activate the tokenSession i

Answer 1

Currently I have resolved the issue by generating tokens for AJAX requests and sending it with the normal response like so -

    Map tokenInfo = Maps.newHashMap();
    tokenInfo.put("struts.token.name", TokenHelper.getTokenName());
    tokenInfo.put(TokenHelper.getTokenName(), TokenHelper.setToken());

I will abstract out a util method out of this & have the Actions that are token-activated to return this as part of response for actions which will be executed repeatedly without refresh of the page.

I am still looking for an elegant solution to this though.