You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@deltaspike.apache.org by "Gerhard Petracek (JIRA)" <ji...@apache.org> on 2014/04/11 10:47:14 UTC

[jira] [Comment Edited] (DELTASPIKE-564) optional double submit prevention

    [ https://issues.apache.org/jira/browse/DELTASPIKE-564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13962727#comment-13962727 ] 

Gerhard Petracek edited comment on DELTASPIKE-564 at 4/11/14 8:46 AM:
----------------------------------------------------------------------

first draft (without a special jsf-component)


was (Author: gpetracek):
first draft (without a special jsf-component)

usage:
#1 configure DoubleSubmitPreventionFilter in the web.xml
#2 add the following component to a form

{code}
 <h:inputHidden id="#{dsCurrentRequestToken.key}" value="#{dsCurrentRequestToken.value}"/>
{code}

or use
{code}
<h:inputHidden id="myPrefix_#{dsCurrentRequestToken.key}" value="#{dsCurrentRequestToken.value}"/>
{code}
if there are multiple forms on the same page which use prependId="false"

> optional double submit prevention
> ---------------------------------
>
>                 Key: DELTASPIKE-564
>                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-564
>             Project: DeltaSpike
>          Issue Type: New Feature
>          Components: JSF-Module
>    Affects Versions: 0.6
>            Reporter: Gerhard Petracek
>            Assignee: Gerhard Petracek
>             Fix For: 0.7
>
>         Attachments: DELTASPIKE-564.patch, DELTASPIKE-564_with_component.patch, DELTASPIKE-564_with_component_-_second_draft.patch
>
>
> duplicated post-requests shouldn't get processed
> without jsf:
> #1 post requests need to get synchronized (per session)
> #2 post requests need to consume an existing request-token
> #3 re-render the page in case of a duplicated post-requests (+ skip full processing)
> #4 in case of jsf: reset the previous request-token(s) per window in case of a get-request (because a new page isn't aware of them) 
> #5 reset the request-tokens in case of a duplicated post-requests >per window<, since the page will get re-rendered with a new token
> #6 don't create request-tokens in case of resource-requests
> #7 ignore duplicated jsf-ajax requests (they shouldn't happen, since the jsf-js implementation has to process them sequentially)
> with jsf2+ (and ds):
> #1 ignore jsf-ajax requests since they have to be queued according to the spec.
> #2 ignore get-requests since they >shouldn't< change the state (we couldn't support them at all)
> #3 browser-window-handling is done implicitly (window-scoped bean)
> -> only the handling of post-requests is needed



--
This message was sent by Atlassian JIRA
(v6.2#6252)