Update - Getting CSRF Token in Javascript

Forum for questions and issues related to 3.0 migration.

Those wishing to upgrade should start by looking at the migration documents published on the Broadleaf Commerce documentation site.

Moderator: jocanas

RapidTransit
Intermediate
Intermediate
Posts: 79
Joined: Wed Feb 20, 2013 7:42 am

Update - Getting CSRF Token in Javascript

Postby RapidTransit » Sat Jul 27, 2013 9:41 am

If anyone finds this useful, I updated this to work with 3.0

Code: Select all

package com.mycompany.web.processor;

import org.broadleafcommerce.common.exception.ServiceException;
import org.broadleafcommerce.common.security.service.ExploitProtectionService;
import org.broadleafcommerce.common.web.dialect.AbstractModelVariableModifierProcessor;
import org.springframework.stereotype.Component;
import org.thymeleaf.Arguments;
import org.thymeleaf.dom.Element;


import javax.annotation.Resource;

@Component("blCsrfProcessor")
public class CsrfProcessor extends AbstractModelVariableModifierProcessor
{
    @Resource(name="blExploitProtectionService")
    protected ExploitProtectionService exploitProtectionService;

    public CsrfProcessor() {
        super("csrf");
    }

    @Override
    public int getPrecedence() {
        return 10020;
    }

    @Override
    protected void modifyModelAttributes(Arguments arguments, Element element) {
        try
        {
            String csrf =  exploitProtectionService.getCSRFToken();
            String key = "csrfToken";
            addToModel(arguments, key, csrf);
        } catch (ServiceException e)
        {
            throw new RuntimeException("Could not get a CSRF token for this session", e);
        }

    }

You must use it in the comment:
In template like this:

Code: Select all


 <script th:inline="text">
        //<blc:csrf /><![CDATA[
        function viewModel()
        {
            var self = this;
            self._csrfToken = "[[${csrfToken}]]";

.....


Make Sure your applicationContext has (if your just gonna copy and paste the code)

Code: Select all

 
<context:component-scan base-package="com.mycompany.web.processor"/>




and copy the blDialect and paste in your applicationContext and add the ref bean (as I don't think that gets merged), I did it this way just to be consistent.

Code: Select all

    <bean id="blDialect" class="org.broadleafcommerce.common.web.dialect.BLCDialect">
        <property name="processors">
            <set>
                <ref bean="blContentProcessor"/>
                <ref bean="blAddSortLinkProcessor" />
                <ref bean="blCategoriesProcessor" />
                <ref bean="blFormProcessor" />
                <ref bean="blGoogleAnalyticsProcessor" />
                <ref bean="blHeadProcessor" />
                <ref bean="blNamedOrderProcessor" />
                <ref bean="blPaginationPageLinkProcessor" />
                <ref bean="blPriceTextDisplayProcessor" />
                <ref bean="blProductOptionValueProcessor" />
                <ref bean="blProductOptionsProcessor" />
                <ref bean="blProductOptionDisplayProcessor" />
                <ref bean="blRatingsProcessor" />
                <ref bean="blRelatedProductProcessor" />
                <ref bean="blRemoveFacetValuesLinkProcessor" />
                <ref bean="blToggleFacetLinkProcessor" />
                <ref bean="blUrlRewriteProcessor" />
                <ref bean="blResourceBundleProcessor" />

                <ref bean="blCsrfProcessor" />

            </set>
        </property>
    </bean>

Return to “3.0 Upgrade and Migration”

Who is online

Users browsing this forum: No registered users and 1 guest