You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Alexander Staff <al...@gmx.de> on 2001/02/09 14:52:53 UTC
[Q] TRANSACTION_TOKEN_KEY
Hello,
does anyone here have any examples/explanations about using the
TRANSACTION_TOKEN_KEY feature in struts ?
I am not sure using the generateToken(), isTokenValid(), resetToken() and
saveToken() functions properly and in the right place.
Thanks in advance
Ciao
Alexander
--
Sent through GMX FreeMail - http://www.gmx.net
Re: [Q] TRANSACTION_TOKEN_KEY
Posted by Rob Leland <Ro...@freetocreate.org>.
Let me clean this up, and make it a little clearer.
Oleg V Alexeev wrote:
>
> Hello Rob,
>
> +1 to add it to the struts doc.
>
Re[2]: [Q] TRANSACTION_TOKEN_KEY
Posted by Oleg V Alexeev <go...@penza.net>.
Hello Rob,
+1 to add it to the struts doc.
Friday, February 09, 2001, 5:52:04 PM, you wrote:
RL> EditRegistrationAction.java SaveRegistrationAction.java
RL> provide examples.
RL> You would probably never use generateToken().
RL> It is used whenever you want to prevent the user
RL> from bookmarking a page, or from using the browser
RL> back arrow and then posting a second time.
RL> In the EditRegistrationAction, once the data is loaded
RL> from a database a call to saveToken() is made. It should
RL> probably be named 'setToken()' to be consistent with
RL> 'resetToken()'. This sets a variable in both the session
RL> and request scope of the app. Control is then forwarded
RL> to the edit jsp. When the user 'posts' the page the
RL> Token is validated in SaveRegistrationPage, then it is
RL> destroyed by the 'resetToken call. Then the next page is
RL> 'forwarded' to. If at this time the user hits the 'back'
RL> button and hits 'post' again, when SaveRegistrationAction
RL> checks to see if the token is valids it finds can find
RL> one of two things:
RL> 1) Either the 'Token' variable didn't exist in the session scope.
RL> This happen if 'resetToken' was the last method called
RL> 2) Or it will find that the "request" and "session" scope Token do not
RL> match.
RL> This happen if 'saveToken' was the last method called.
RL> Alexander Staff wrote:
>>
>> Hello,
>> does anyone here have any examples/explanations about using the
>> TRANSACTION_TOKEN_KEY feature in struts ?
>> I am not sure using the generateToken(), isTokenValid(), resetToken() and
>> saveToken() functions properly and in the right place.
>>
>> Thanks in advance
>> Ciao
>> Alexander
>>
>> --
>> Sent through GMX FreeMail - http://www.gmx.net
--
Best regards,
Oleg mailto:gonza@penza.net
RE: [Q] TRANSACTION_TOKEN_KEY - Multiple Page Forms
Posted by Neal Kaiser <ne...@makeastore.com>.
Thanks, that makes sense. I'm using that design pattern now. Do you have any
prefered
design patterns for multiple page forms. For example, if your Registration
example was spanned
over 3 different JSPs, where would you put the logic that knows what page to
validate, and what page to forward to? Would you use hidden tags? Would
you use different action paths? (ie saveRegistration.do would be
saveRegistration1.do, saveRegistration2.do, etc) Just wondering the best
way...
Thanks.
> -----Original Message-----
> From: Dan Malks [mailto:dan.malks@sun.com]
> Sent: Saturday, February 10, 2001 3:46 PM
> To: struts-user@jakarta.apache.org
> Subject: Re: [Q] TRANSACTION_TOKEN_KEY
>
>
>
>
> "Craig R. McClanahan" wrote:
>
> > Dan Malks wrote:
> >
> > > Craig,
> > >
> > > "Craig R. McClanahan" wrote:
> > >
> > > > Neal Kaiser wrote:
> > > >
> > > > > How does this work when they are registering for the
> first time, not
> > > > > editing. I can
> > > > > see that in EditRegistrationAction the token is
> set... but if they are
> > > > > registering
> > > > > for the first time where is the token set? It seems
> that it would fail when
> > > > > it hits
> > > > > the token check in SaveRegistrationAction, but I know
> it doesn't, so it must
> > > > > be set
> > > > > somewhere, right?
> > > > >
> > > >
> > > > You will note that the "Register with the MailReader
> Demonstration Application"
> > > > link (on index.jsp) goes through "EditRegistration.do"
> as well, so that the
> > > > token gets saved even in this case. The
> "?action=Create" request parameter is
> > > > used to distinguish this from the editing case ("?action=Edit").
> > >
> > > Would 'ModifyRegistration.do' or 'ProcessRegistration.do'
> be more clear, then?
> > >
> >
> > Or even something more generic like "StartRegistration.do"?
> Can you tell that I wrote
> > the "edit" use case first? :-)
> >
> > I had a Comp Sci prof that said the most critical design
> decision you will ever make
> > is naming things.
>
> And often, surprisingly, one of the harder ones.
>
>
> > And, even when you get the initial name correct, it is important to
> > review your names after the program has evolved a bit.
>
> Amen ;-)
>
> Thanks,
> -dm
>
>
> > Sounds like it is time to do
> > that exercise on the example app.
> >
> > >
> > > -dm
> > >
> >
> > Craig
>
> --
> Dan Malks Sun Java Center
> Enterprise Java Architect 703.208.5794
>
>
Re: [Q] TRANSACTION_TOKEN_KEY
Posted by Dan Malks <da...@sun.com>.
"Craig R. McClanahan" wrote:
> Dan Malks wrote:
>
> > Craig,
> >
> > "Craig R. McClanahan" wrote:
> >
> > > Neal Kaiser wrote:
> > >
> > > > How does this work when they are registering for the first time, not
> > > > editing. I can
> > > > see that in EditRegistrationAction the token is set... but if they are
> > > > registering
> > > > for the first time where is the token set? It seems that it would fail when
> > > > it hits
> > > > the token check in SaveRegistrationAction, but I know it doesn't, so it must
> > > > be set
> > > > somewhere, right?
> > > >
> > >
> > > You will note that the "Register with the MailReader Demonstration Application"
> > > link (on index.jsp) goes through "EditRegistration.do" as well, so that the
> > > token gets saved even in this case. The "?action=Create" request parameter is
> > > used to distinguish this from the editing case ("?action=Edit").
> >
> > Would 'ModifyRegistration.do' or 'ProcessRegistration.do' be more clear, then?
> >
>
> Or even something more generic like "StartRegistration.do"? Can you tell that I wrote
> the "edit" use case first? :-)
>
> I had a Comp Sci prof that said the most critical design decision you will ever make
> is naming things.
And often, surprisingly, one of the harder ones.
> And, even when you get the initial name correct, it is important to
> review your names after the program has evolved a bit.
Amen ;-)
Thanks,
-dm
> Sounds like it is time to do
> that exercise on the example app.
>
> >
> > -dm
> >
>
> Craig
--
Dan Malks Sun Java Center
Enterprise Java Architect 703.208.5794
Re: [Q] TRANSACTION_TOKEN_KEY
Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.
Dan Malks wrote:
> Craig,
>
> "Craig R. McClanahan" wrote:
>
> > Neal Kaiser wrote:
> >
> > > How does this work when they are registering for the first time, not
> > > editing. I can
> > > see that in EditRegistrationAction the token is set... but if they are
> > > registering
> > > for the first time where is the token set? It seems that it would fail when
> > > it hits
> > > the token check in SaveRegistrationAction, but I know it doesn't, so it must
> > > be set
> > > somewhere, right?
> > >
> >
> > You will note that the "Register with the MailReader Demonstration Application"
> > link (on index.jsp) goes through "EditRegistration.do" as well, so that the
> > token gets saved even in this case. The "?action=Create" request parameter is
> > used to distinguish this from the editing case ("?action=Edit").
>
> Would 'ModifyRegistration.do' or 'ProcessRegistration.do' be more clear, then?
>
Or even something more generic like "StartRegistration.do"? Can you tell that I wrote
the "edit" use case first? :-)
I had a Comp Sci prof that said the most critical design decision you will ever make
is naming things. And, even when you get the initial name correct, it is important to
review your names after the program has evolved a bit. Sounds like it is time to do
that exercise on the example app.
>
> -dm
>
Craig
Re: [Q] TRANSACTION_TOKEN_KEY
Posted by Dan Malks <da...@sun.com>.
Craig,
"Craig R. McClanahan" wrote:
> Neal Kaiser wrote:
>
> > How does this work when they are registering for the first time, not
> > editing. I can
> > see that in EditRegistrationAction the token is set... but if they are
> > registering
> > for the first time where is the token set? It seems that it would fail when
> > it hits
> > the token check in SaveRegistrationAction, but I know it doesn't, so it must
> > be set
> > somewhere, right?
> >
>
> You will note that the "Register with the MailReader Demonstration Application"
> link (on index.jsp) goes through "EditRegistration.do" as well, so that the
> token gets saved even in this case. The "?action=Create" request parameter is
> used to distinguish this from the editing case ("?action=Edit").
Would 'ModifyRegistration.do' or 'ProcessRegistration.do' be more clear, then?
-dm
>
>
> This is a design pattern that I like a lot -- use the same Action to initialize
> the input form when you are creating a new record or when editing an existing
> one, and use a request parameter to define which type of transaction is
> occurring. You will also find that the "action" request parameter gets included
> as a property of the form bean, and is passed in (as a hidden variable) on the
> input form so that SaveRegistrationAction knows what to do as well.
>
> Craig
--
Dan Malks Sun Java Center
Enterprise Java Architect 703.208.5794
Re: [Q] TRANSACTION_TOKEN_KEY
Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.
Neal Kaiser wrote:
> How does this work when they are registering for the first time, not
> editing. I can
> see that in EditRegistrationAction the token is set... but if they are
> registering
> for the first time where is the token set? It seems that it would fail when
> it hits
> the token check in SaveRegistrationAction, but I know it doesn't, so it must
> be set
> somewhere, right?
>
You will note that the "Register with the MailReader Demonstration Application"
link (on index.jsp) goes through "EditRegistration.do" as well, so that the
token gets saved even in this case. The "?action=Create" request parameter is
used to distinguish this from the editing case ("?action=Edit").
This is a design pattern that I like a lot -- use the same Action to initialize
the input form when you are creating a new record or when editing an existing
one, and use a request parameter to define which type of transaction is
occurring. You will also find that the "action" request parameter gets included
as a property of the form bean, and is passed in (as a hidden variable) on the
input form so that SaveRegistrationAction knows what to do as well.
Craig
RE: [Q] TRANSACTION_TOKEN_KEY
Posted by Neal Kaiser <ne...@makeastore.com>.
How does this work when they are registering for the first time, not
editing. I can
see that in EditRegistrationAction the token is set... but if they are
registering
for the first time where is the token set? It seems that it would fail when
it hits
the token check in SaveRegistrationAction, but I know it doesn't, so it must
be set
somewhere, right?
> -----Original Message-----
> From: Rob Leland [mailto:Robert@freetocreate.org]
> Sent: Friday, February 09, 2001 9:52 AM
> To: struts-user@jakarta.apache.org
> Subject: Re: [Q] TRANSACTION_TOKEN_KEY
>
>
> EditRegistrationAction.java SaveRegistrationAction.java
> provide examples.
>
> You would probably never use generateToken().
>
> It is used whenever you want to prevent the user
> from bookmarking a page, or from using the browser
> back arrow and then posting a second time.
>
> In the EditRegistrationAction, once the data is loaded
> from a database a call to saveToken() is made. It should
> probably be named 'setToken()' to be consistent with
> 'resetToken()'. This sets a variable in both the session
> and request scope of the app. Control is then forwarded
> to the edit jsp. When the user 'posts' the page the
> Token is validated in SaveRegistrationPage, then it is
> destroyed by the 'resetToken call. Then the next page is
> 'forwarded' to. If at this time the user hits the 'back'
> button and hits 'post' again, when SaveRegistrationAction
> checks to see if the token is valids it finds can find
> one of two things:
> 1) Either the 'Token' variable didn't exist in the session scope.
> This happen if 'resetToken' was the last method called
> 2) Or it will find that the "request" and "session" scope
> Token do not
> match.
> This happen if 'saveToken' was the last method called.
>
>
> Alexander Staff wrote:
> >
> > Hello,
> > does anyone here have any examples/explanations about using the
> > TRANSACTION_TOKEN_KEY feature in struts ?
> > I am not sure using the generateToken(), isTokenValid(),
> resetToken() and
> > saveToken() functions properly and in the right place.
> >
> > Thanks in advance
> > Ciao
> > Alexander
> >
> > --
> > Sent through GMX FreeMail - http://www.gmx.net
Re: [Q] TRANSACTION_TOKEN_KEY
Posted by Rob Leland <Ro...@freetocreate.org>.
EditRegistrationAction.java SaveRegistrationAction.java
provide examples.
You would probably never use generateToken().
It is used whenever you want to prevent the user
from bookmarking a page, or from using the browser
back arrow and then posting a second time.
In the EditRegistrationAction, once the data is loaded
from a database a call to saveToken() is made. It should
probably be named 'setToken()' to be consistent with
'resetToken()'. This sets a variable in both the session
and request scope of the app. Control is then forwarded
to the edit jsp. When the user 'posts' the page the
Token is validated in SaveRegistrationPage, then it is
destroyed by the 'resetToken call. Then the next page is
'forwarded' to. If at this time the user hits the 'back'
button and hits 'post' again, when SaveRegistrationAction
checks to see if the token is valids it finds can find
one of two things:
1) Either the 'Token' variable didn't exist in the session scope.
This happen if 'resetToken' was the last method called
2) Or it will find that the "request" and "session" scope Token do not
match.
This happen if 'saveToken' was the last method called.
Alexander Staff wrote:
>
> Hello,
> does anyone here have any examples/explanations about using the
> TRANSACTION_TOKEN_KEY feature in struts ?
> I am not sure using the generateToken(), isTokenValid(), resetToken() and
> saveToken() functions properly and in the right place.
>
> Thanks in advance
> Ciao
> Alexander
>
> --
> Sent through GMX FreeMail - http://www.gmx.net