I am implementing a dwr reverse ajax example given here
http://wiki.netbeans.org/CreateReverseAjaxWebAppsWithDWR
below is the code
index.jsp fetches the values from StocksDemo.java
index.jsp
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>DWR StocksDemo</title>
<%-- This files are created in the runtime --%>
<script type='text/javascript' src='${pageContext.request.contextPath}/dwr/util.js'></script>
<script type='text/javascript' src='${pageContext.request.contextPath}/dwr/interface/StocksDemo.js'></script>
<script type='text/javascript' src='${pageContext.request.contextPath}/dwr/engine.js'></script>
<script type="text/javascript">
function getStocks() {
StocksDemo.sendStocks();
}
</script>
<link rel="stylesheet" type="text/css" href="generic.css" />
</head>
<body onload="dwr.engine.setActiveReverseAjax(true);">
<h1>Receiving Stock Rates using Reverse Ajax</h1>
<p>The following example illustrates how stock rates can be pushed from the server. Note: these are faked rates. A real application would use something like a Reuters live stockfeed at the back-end.</p>
<input type="button" value="Get Stocks" onclick="getStocks()"/>
<hr>
<table style="width:500px" border="0" cellpadding="0">
<tr>
<td class="headName" ><b>Name</b></td>
<td class="headValue" ><b>value</b></td>
</tr>
<tr><td>Allianz SE</td><td><div id="allianz">wait...</div></td></tr>
<tr><td>Bayer AG</td><td><div id="bayer">wait...</div></td></tr>
<tr><td>BMW AG St</td><td><div id="bmw">wait...</div></td></tr>
<tr><td>Commerzbank AG</td><td><div id="commerzbank">wait...</div></td></tr>
<tr><td>Daimler AG</td><td><div id="daimler">wait...</div></td></tr>
<tr><td>Deutsche Bank AG</td><td><div id="deutschebank">wait...</div></td></tr>
<tr><td>Deutsche Post AG</td><td><div id="deutschepost">wait...</div></td></tr>
<tr><td>Deutsche Telekom AG</td><td><div id="telekom">wait...</div></td></tr>
<tr><td>Hypo Real Estate Holding AG</td><td><div id="hypo">wait...</div></td></tr>
<tr><td>Infineon Technologies AG</td><td><div id="infineon">wait...</div></td></tr>
<tr><td>Linde AG</td><td><div id="linde">wait...</div></td></tr>
<tr><td>METRO AG St</td><td><div id="metro">wait...</div></td></tr>
<tr><td>RWE AG St</td><td><div id="rwe">wait...</div></td></tr>
<tr><td>SAP AG</td><td><div id="sap">wait...</div></td></tr>
<tr><td>Siemens AG</td><td><div id="siemens">wait...</div></td></tr>
<tr><td>TUI AG</td><td><div id="tui">wait...</div></td></tr>
<tr><td>Volkswagen AG St</td><td><div id="vw">wait...</div></td></tr>
</table>
<br>
</body>
</html>
my pojo classe
StocksDemo.java
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.directwebremoting.WebContext;
import org.directwebremoting.WebContextFactory;
import org.directwebremoting.proxy.dwr.Util;
import org.directwebremoting.util.Logger;
/**
* Reverse Ajax class.
*
* @author Siegfried Bolz (blog.jdevelop.eu)
*/
public class StocksDemo {
protected static final Logger log = Logger.getLogger(StocksDemo.class);
private List<StocksBean> stocks = new ArrayList<StocksBean>();
/**
* Initialize the stocklist with values.
*/
public StocksDemo() {
stocks.add(new StocksBean("bmw", "36.55"));
stocks.add(new StocksBean("linde", "91.01"));
stocks.add(new StocksBean("commerzbank", "22.59"));
stocks.add(new StocksBean("infineon", "5.07"));
stocks.add(new StocksBean("siemens", "71.77"));
stocks.add(new StocksBean("sap", "31.61"));
stocks.add(new StocksBean("bayer", "51.29"));
stocks.add(new StocksBean("metro", "52.70"));
stocks.add(new StocksBean("tui", "16.96"));
stocks.add(new StocksBean("daimler", "54.34"));
stocks.add(new StocksBean("vw", "178.48"));
stocks.add(new StocksBean("allianz", "134.48"));
stocks.add(new StocksBean("deutschebank", "76.32"));
stocks.add(new StocksBean("rwe", "80.63"));
stocks.add(new StocksBean("hypo", "18.79"));
stocks.add(new StocksBean("deutschepost", "20.19"));
stocks.add(new StocksBean("telekom", "11.13"));
}
/**
* Send the Stock-Values to the file "index.jsp"
*/
public void sendStocks() throws InterruptedException {
WebContext wctx = WebContextFactory.get();
String currentPage = wctx.getCurrentPage();
Collection sessions = wctx.getScriptSessionsByPage(currentPage);
Util utilAll = new Util(sessions);
for (int i = 0; i < stocks.size(); i++) {
Thread.sleep(1);
utilAll.setValue(stocks.get(i).getStock(), stocks.get(i).getValue());
log.info("Pushing stock: " + stocks.get(i).getStock() + " = " + stocks.get(i).getValue());
}
}
}
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>pollAndCometEnabled</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dwr-invoker</servlet-name>
<url-pattern>/dwr/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
dwr.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE dwr PUBLIC "-//GetAhead Limited//DTD Direct Web Remoting 2.0//EN"
"http://getahead.ltd.uk/dwr/dwr20.dtd">
<dwr>
<allow>
<create creator="new" javascript="StocksDemo">
<param name="class" value="eu.jdevelop.dwrstocksdemo.StocksDemo"/>
</create>
</allow>
</dwr>
I have added the dwr js engine.js and util.js files in webcontent folder.
when i run the project on tomcat and in firefox. On click the getStocks button which triggers the javascript getStock() method. I get a session error popup.
And the message in the tomcat console is
1020033 [http-bio-8080-exec-19] ERROR org.directwebremoting.dwrp.Batch -A request has been denied as a potential CSRF attack.
Can anyone please tell me why. Am I missing something?
below is StocksDemo.js created in the browser
// Provide a default path to dwr.engine
if (dwr == null) var dwr = {};
if (dwr.engine == null) dwr.engine = {};
if (DWREngine == null) var DWREngine = dwr.engine;
if (StocksDemo == null) var StocksDemo = {};
StocksDemo._path = '/ReverseAjax/dwr';
StocksDemo.sendStocks = function(callback) {
dwr.engine._execute(StocksDemo._path, 'StocksDemo', 'sendStocks', callback);
}
Add
to your web.xml .it will work fine.