List of usage examples for com.liferay.portal.kernel.security.auth AuthTokenUtil checkCSRFToken
public static void checkCSRFToken(HttpServletRequest httpServletRequest, String origin) throws PrincipalException
From source file:com.liferay.comment.taglib.internal.struts.EditDiscussionStrutsAction.java
License:Open Source License
@Override public String execute(HttpServletRequest request, HttpServletResponse response) throws Exception { AuthTokenUtil.checkCSRFToken(request, EditDiscussionStrutsAction.class.getName()); String namespace = ParamUtil.getString(request, "namespace"); HttpServletRequest namespacedRequest = new NamespaceServletRequest(request, StringPool.BLANK, namespace); String cmd = ParamUtil.getString(namespacedRequest, Constants.CMD); try {/*from ww w . ja va 2 s. co m*/ String redirect = _portal.escapeRedirect(ParamUtil.getString(request, "redirect")); if (cmd.equals(Constants.ADD) || cmd.equals(Constants.UPDATE)) { long commentId = updateComment(namespacedRequest); boolean ajax = ParamUtil.getBoolean(request, "ajax", true); if (ajax) { String randomNamespace = ParamUtil.getString(namespacedRequest, "randomNamespace"); JSONObject jsonObject = JSONFactoryUtil.createJSONObject(); jsonObject.put("commentId", commentId); jsonObject.put("randomNamespace", randomNamespace); writeJSON(namespacedRequest, response, jsonObject); return null; } } else if (cmd.equals(Constants.DELETE)) { deleteComment(namespacedRequest); } else if (cmd.equals(Constants.SUBSCRIBE_TO_COMMENTS)) { subscribeToComments(namespacedRequest, true); } else if (cmd.equals(Constants.UNSUBSCRIBE_FROM_COMMENTS)) { subscribeToComments(namespacedRequest, false); } if (Validator.isNotNull(redirect)) { response.sendRedirect(redirect); } } catch (DiscussionMaxCommentsException | MessageBodyException | NoSuchMessageException | PrincipalException | RequiredMessageException e) { JSONObject jsonObject = JSONFactoryUtil.createJSONObject(); jsonObject.putException(e); writeJSON(namespacedRequest, response, jsonObject); } return null; }