Struts2 token interceptor: CSRF protection

Question

I am trying to protect my web application from CSRF attacks by using struts token interceptor.

The problem I am facing right now is our JSP pages makes more than one cal

Answer 1

You can use the code in my answer for Unable to implement Struts 2 token interceptor with hyperlink to create an action that returns a token. You can use any of the results stream or json or dispatcher to return a token as a Ajax success callback result. You can find an example in jQuery Ajax - issue returning JSON value. Now you can use the token to make your Ajax requests. Each time you need to make a new request you should call a token action to get a new token. Use the token as a parameter to your request and put the token interceptor in front of your actions.