Code: Select all
package com.mycompany.web.processor;
import org.broadleafcommerce.common.exception.ServiceException;
import org.broadleafcommerce.common.security.service.ExploitProtectionService;
import org.broadleafcommerce.common.web.dialect.AbstractModelVariableModifierProcessor;
import org.springframework.stereotype.Component;
import org.thymeleaf.Arguments;
import org.thymeleaf.dom.Element;
import javax.annotation.Resource;
@Component("blCsrfProcessor")
public class CsrfProcessor extends AbstractModelVariableModifierProcessor
{
@Resource(name="blExploitProtectionService")
protected ExploitProtectionService exploitProtectionService;
public CsrfProcessor() {
super("csrf");
}
@Override
public int getPrecedence() {
return 10020;
}
@Override
protected void modifyModelAttributes(Arguments arguments, Element element) {
try
{
String csrf = exploitProtectionService.getCSRFToken();
String key = "csrfToken";
addToModel(arguments, key, csrf);
} catch (ServiceException e)
{
throw new RuntimeException("Could not get a CSRF token for this session", e);
}
}
You must use it in the comment:
In template like this:
Code: Select all
<script th:inline="text">
//<blc:csrf /><![CDATA[
function viewModel()
{
var self = this;
self._csrfToken = "[[${csrfToken}]]";
.....
Make Sure your applicationContext has (if your just gonna copy and paste the code)
Code: Select all
<context:component-scan base-package="com.mycompany.web.processor"/>
and copy the blDialect and paste in your applicationContext and add the ref bean (as I don't think that gets merged), I did it this way just to be consistent.
Code: Select all
<bean id="blDialect" class="org.broadleafcommerce.common.web.dialect.BLCDialect">
<property name="processors">
<set>
<ref bean="blContentProcessor"/>
<ref bean="blAddSortLinkProcessor" />
<ref bean="blCategoriesProcessor" />
<ref bean="blFormProcessor" />
<ref bean="blGoogleAnalyticsProcessor" />
<ref bean="blHeadProcessor" />
<ref bean="blNamedOrderProcessor" />
<ref bean="blPaginationPageLinkProcessor" />
<ref bean="blPriceTextDisplayProcessor" />
<ref bean="blProductOptionValueProcessor" />
<ref bean="blProductOptionsProcessor" />
<ref bean="blProductOptionDisplayProcessor" />
<ref bean="blRatingsProcessor" />
<ref bean="blRelatedProductProcessor" />
<ref bean="blRemoveFacetValuesLinkProcessor" />
<ref bean="blToggleFacetLinkProcessor" />
<ref bean="blUrlRewriteProcessor" />
<ref bean="blResourceBundleProcessor" />
<ref bean="blCsrfProcessor" />
</set>
</property>
</bean>