You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Aidan Monroe <km...@yahoo.com> on 2003/04/12 21:34:26 UTC
Examples Use Of Transaction Token
I've been doing some research on the use of
transaction tokens by reading the mailing list and
documentation, but have 1 question that I cannot
answer.
I'm trying to see where in the struts-example the
transaction token is used. I can find references to it
in the SaveRegistrationAction.java but cannot find
anywhere on the corresponding JSP where the token is
stored.
According to Action.isTokenValid (and the relevant
emails on this list), the token's value must be held
in a hidden field on the JSP form called
org.apache.struts.taglib.html.TOKEN and is then
retrieved from the request.getParameter using that
name.
However, I do not see in any JSP in struts-example a
hidden field called
org.apache.struts.taglib.html.TOKEN.
Can someone explain to me where I'm going wrong?
Thanks.
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: Examples Use Of Transaction Token
Posted by Claude Betancourt <cl...@comcast.net>.
There isn't really anything to define, besides adding the code to generate a
key prior to displaying the form ( saveToken(request); ) and the code to
validate it on submit ( isTokenValid(request) -- make sure to reset it with
resetToken(request); ).
Also see the API for Action:
http://jakarta.apache.org/struts/doc-1.0.2/api/org/apache/struts/action/Acti
on.html
----- Original Message -----
From: "Aidan Monroe" <km...@yahoo.com>
To: "Struts Users Mailing List" <st...@jakarta.apache.org>
Sent: Saturday, April 12, 2003 9:32 PM
Subject: Re: Examples Use Of Transaction Token
> I see, that's interesting. How does that happen? I
> checked struts-cofig.dtd and didn't see anything that
> can be defined there. It would be very useful to have
> Struts generate that field on all my forms so that my
> developers don't have to remember to code it.
>
> --- Claude Betancourt <cl...@comcast.net>
> wrote:
> > you are doing nothing wrong. If you execute that
> > action and look at the
> > resulting HTML you'll see the hidden field there.
> > It is not part of the
> > source code in the JSP though...
> >
> >
> > ----- Original Message -----
> > From: "Aidan Monroe" <km...@yahoo.com>
> > To: "list" <st...@jakarta.apache.org>
> > Sent: Saturday, April 12, 2003 3:34 PM
> > Subject: Examples Use Of Transaction Token
> >
> >
> > > I've been doing some research on the use of
> > > transaction tokens by reading the mailing list and
> > > documentation, but have 1 question that I cannot
> > > answer.
> > >
> > > I'm trying to see where in the struts-example the
> > > transaction token is used. I can find references
> > to it
> > > in the SaveRegistrationAction.java but cannot find
> > > anywhere on the corresponding JSP where the token
> > is
> > > stored.
> > >
> > > According to Action.isTokenValid (and the relevant
> > > emails on this list), the token's value must be
> > held
> > > in a hidden field on the JSP form called
> > > org.apache.struts.taglib.html.TOKEN and is then
> > > retrieved from the request.getParameter using that
> > > name.
> > >
> > > However, I do not see in any JSP in struts-example
> > a
> > > hidden field called
> > > org.apache.struts.taglib.html.TOKEN.
> > >
> > > Can someone explain to me where I'm going wrong?
> > >
> > > Thanks.
> > >
> > > __________________________________________________
> > > Do you Yahoo!?
> > > Yahoo! Tax Center - File online, calculators,
> > forms, and more
> > > http://tax.yahoo.com
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
> > struts-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> > struts-user-help@jakarta.apache.org
> > >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > struts-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> > struts-user-help@jakarta.apache.org
> >
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - File online, calculators, forms, and more
> http://tax.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: Examples Use Of Transaction Token
Posted by Aidan Monroe <km...@yahoo.com>.
I see, that's interesting. How does that happen? I
checked struts-cofig.dtd and didn't see anything that
can be defined there. It would be very useful to have
Struts generate that field on all my forms so that my
developers don't have to remember to code it.
--- Claude Betancourt <cl...@comcast.net>
wrote:
> you are doing nothing wrong. If you execute that
> action and look at the
> resulting HTML you'll see the hidden field there.
> It is not part of the
> source code in the JSP though...
>
>
> ----- Original Message -----
> From: "Aidan Monroe" <km...@yahoo.com>
> To: "list" <st...@jakarta.apache.org>
> Sent: Saturday, April 12, 2003 3:34 PM
> Subject: Examples Use Of Transaction Token
>
>
> > I've been doing some research on the use of
> > transaction tokens by reading the mailing list and
> > documentation, but have 1 question that I cannot
> > answer.
> >
> > I'm trying to see where in the struts-example the
> > transaction token is used. I can find references
> to it
> > in the SaveRegistrationAction.java but cannot find
> > anywhere on the corresponding JSP where the token
> is
> > stored.
> >
> > According to Action.isTokenValid (and the relevant
> > emails on this list), the token's value must be
> held
> > in a hidden field on the JSP form called
> > org.apache.struts.taglib.html.TOKEN and is then
> > retrieved from the request.getParameter using that
> > name.
> >
> > However, I do not see in any JSP in struts-example
> a
> > hidden field called
> > org.apache.struts.taglib.html.TOKEN.
> >
> > Can someone explain to me where I'm going wrong?
> >
> > Thanks.
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Tax Center - File online, calculators,
> forms, and more
> > http://tax.yahoo.com
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> struts-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> struts-user-help@jakarta.apache.org
> >
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> struts-user-help@jakarta.apache.org
>
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: Examples Use Of Transaction Token
Posted by Claude Betancourt <cl...@comcast.net>.
you are doing nothing wrong. If you execute that action and look at the
resulting HTML you'll see the hidden field there. It is not part of the
source code in the JSP though...
----- Original Message -----
From: "Aidan Monroe" <km...@yahoo.com>
To: "list" <st...@jakarta.apache.org>
Sent: Saturday, April 12, 2003 3:34 PM
Subject: Examples Use Of Transaction Token
> I've been doing some research on the use of
> transaction tokens by reading the mailing list and
> documentation, but have 1 question that I cannot
> answer.
>
> I'm trying to see where in the struts-example the
> transaction token is used. I can find references to it
> in the SaveRegistrationAction.java but cannot find
> anywhere on the corresponding JSP where the token is
> stored.
>
> According to Action.isTokenValid (and the relevant
> emails on this list), the token's value must be held
> in a hidden field on the JSP form called
> org.apache.struts.taglib.html.TOKEN and is then
> retrieved from the request.getParameter using that
> name.
>
> However, I do not see in any JSP in struts-example a
> hidden field called
> org.apache.struts.taglib.html.TOKEN.
>
> Can someone explain to me where I'm going wrong?
>
> Thanks.
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - File online, calculators, forms, and more
> http://tax.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org