Page 1 of 1

Update - Getting CSRF Token in Javascript

Posted: Sat Jul 27, 2013 9:41 am
by RapidTransit
If anyone finds this useful, I updated this to work with 3.0

Code: Select all

package com.mycompany.web.processor;

import org.broadleafcommerce.common.exception.ServiceException;
import org.broadleafcommerce.common.security.service.ExploitProtectionService;
import org.broadleafcommerce.common.web.dialect.AbstractModelVariableModifierProcessor;
import org.springframework.stereotype.Component;
import org.thymeleaf.Arguments;
import org.thymeleaf.dom.Element;


import javax.annotation.Resource;

@Component("blCsrfProcessor")
public class CsrfProcessor extends AbstractModelVariableModifierProcessor
{
    @Resource(name="blExploitProtectionService")
    protected ExploitProtectionService exploitProtectionService;

    public CsrfProcessor() {
        super("csrf");
    }

    @Override
    public int getPrecedence() {
        return 10020;
    }

    @Override
    protected void modifyModelAttributes(Arguments arguments, Element element) {
        try
        {
            String csrf =  exploitProtectionService.getCSRFToken();
            String key = "csrfToken";
            addToModel(arguments, key, csrf);
        } catch (ServiceException e)
        {
            throw new RuntimeException("Could not get a CSRF token for this session", e);
        }

    }

You must use it in the comment:
In template like this:

Code: Select all


 <script th:inline="text">
        //<blc:csrf /><![CDATA[
        function viewModel()
        {
            var self = this;
            self._csrfToken = "[[${csrfToken}]]";

.....


Make Sure your applicationContext has (if your just gonna copy and paste the code)

Code: Select all

 
<context:component-scan base-package="com.mycompany.web.processor"/>




and copy the blDialect and paste in your applicationContext and add the ref bean (as I don't think that gets merged), I did it this way just to be consistent.

Code: Select all

    <bean id="blDialect" class="org.broadleafcommerce.common.web.dialect.BLCDialect">
        <property name="processors">
            <set>
                <ref bean="blContentProcessor"/>
                <ref bean="blAddSortLinkProcessor" />
                <ref bean="blCategoriesProcessor" />
                <ref bean="blFormProcessor" />
                <ref bean="blGoogleAnalyticsProcessor" />
                <ref bean="blHeadProcessor" />
                <ref bean="blNamedOrderProcessor" />
                <ref bean="blPaginationPageLinkProcessor" />
                <ref bean="blPriceTextDisplayProcessor" />
                <ref bean="blProductOptionValueProcessor" />
                <ref bean="blProductOptionsProcessor" />
                <ref bean="blProductOptionDisplayProcessor" />
                <ref bean="blRatingsProcessor" />
                <ref bean="blRelatedProductProcessor" />
                <ref bean="blRemoveFacetValuesLinkProcessor" />
                <ref bean="blToggleFacetLinkProcessor" />
                <ref bean="blUrlRewriteProcessor" />
                <ref bean="blResourceBundleProcessor" />

                <ref bean="blCsrfProcessor" />

            </set>
        </property>
    </bean>