Page 1 of 1
Request mapping
Posted: Tue May 13, 2014 2:41 am
by nanix84
Im not quite sure if this is related to spring or not
I have a form:
Code: Select all
<form class="csvForm" method="post" action="/admin/myentity/bulkUpload" style="display: none;">
</form>
and I have a controller:
Code: Select all
@RequestMapping("/" + AdminMyController.SECTION_KEY)
@Secured("PERMISSION_OTHER_DEFAULT")
public class AdminMyController extends AdminBasicEntityController {
protected static final String SECTION_KEY = "myentity";
@RequestMapping(value = "/bulkUpload", method = RequestMethod.POST)
public String showBulkUpload(HttpServletRequest request, HttpServletResponse response, Model model) throws IOException {
Map<String, Object> responseMap = new HashMap<String, Object>();
return "sts";
}
}
Im wondering why it wont get in showBulkUpload method
when I changed the method into GET.. it will get in the method.. Im wondering what did I miss
and btw, there's no issue with the controller bean coz it gets scanned 100%
Re: Request mapping
Posted: Tue May 13, 2014 12:08 pm
by phillipuniverse
Use blc:form instead:
Code: Select all
<blc:form class="csvForm" method="post" action="/admin/myentity/bulkUpload" style="display: none;">
</blc:form>
This Thymeleaf processor will add a new csrfToken input on the form suitable for getting past the CsrfFilter and passing the request along to the rest of Spring MVC. This is true for any POST requests in Broadleaf.
Re: Request mapping
Posted: Tue May 13, 2014 8:59 pm
by nanix84
Thanks! by the way, how can I get the csrfToken via javascript? Im generating this form in a js file when the user clicks on 'Bulk upload' button
and I can't see the error message being logged. I'll try to debug it on CsrfFilter
Re: Request mapping
Posted: Wed May 14, 2014 10:23 am
by phillipuniverse
You can output just the token itself somewhere in the HTML by using blExploitProtectionService:
Code: Select all
<input id="csrfToken" name="csrfToken" th:value="${@blExploitProtectionService.getCSRFToken()}" />
Alternatively, you might be able to grab one already output on another form on the page. This is actually what BLC.js does when you send a POST request through its ajax method:
Code: Select all
if (options.type.toUpperCase() == 'POST') {
if (typeof options.data == 'string') {
if (options.data.indexOf('csrfToken') < 0) {
var csrfToken = getCsrfToken();
if (csrfToken != null) {
if (options.data.indexOf('=') > 0) {
options.data += "&";
}
options.data += "csrfToken=" + csrfToken;
}
}
} else if (typeof options.data == 'object') {
if (options.data['csrfToken'] == null || options.data['csrfToken'] == '') {
var csrfToken = getCsrfToken();
if (csrfToken != null) {
options.data['csrfToken'] = csrfToken;
}
}
} else if (!options.data) {
var csrfToken = getCsrfToken();
if (csrfToken) {
options.data = { 'csrfToken': csrfToken }
}
}
}
Re: Request mapping
Posted: Wed May 14, 2014 10:24 am
by phillipuniverse
Where the getCsrfToken() function is:
Code: Select all
function getCsrfToken() {
var csrfTokenInput = $('input[name="csrfToken"]');
if (csrfTokenInput.length == 0) {
return null;
}
return csrfTokenInput.val();
}
Re: Request mapping
Posted: Wed May 14, 2014 9:35 pm
by nanix84
Thanks! I was able to get it from a form
