You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Yaroslav Novytskyy <sp...@n-ix.com.ua> on 2005/07/12 11:02:27 UTC

synchronization strategies

Hello!

OK, first try failed :) Am I allowed to start it over? :)

Would you like (in your web application) to add a value to a list (eg a 
row to a table in a DB)?

If yes, then......
Your create a Page and an Action. Page contains a html:form with a field 
- html:text. Action takes this field and calles something like 
myDB.theTable.add(field). This works! supper! but... what if user is 
going to press Refresh? Shit! ...field is added once more. User presses 
F5 again and field is added once again! Is this an undesired functionality?

(*if _enyone_ knowes of _any_ alternatives, _please_ let me know!*)

If yes, then.......
I use this method : I create two actions (editPrepare and editSubmit) 
and a jsp page (for showing the form). (This my solutionis based on 
MappipngDispatchAction.) So the process lookes like this editPrepare 
calls saveToken(), then the page is displayed (with additional hidden 
field in the form with a value of token) and editSubmit action checks 
and resets the token with isTokenValid(request, true). If the token is 
valid myDB.theTable.add(field) is executed else nothing (or error of 
synchronization, if you would like) This workes good, but in a closer 
look there is a problem of hiding results of a "submit"-action on form 
repost. And... this concept does not work for "delete"-actions, couse 
they do not have "prepare"-action. Would you like to make this strategy 
problemless and make a standard automated synchronization pattern of it?

(*I see automation in writing the same execute (named other way) method, 
but not bothering that it will be executed more then once if this is 
undesirable*)

If yes, then.........
There is a solution (even ready-made) described (and coded) here 
http://www.javaworld.com/javaworld/javatips/jw-javatip136.html (look at 
code in attachment not in the article, though the concept is the same). 
With some changes and modifications this can be used with my strategy. I 
do like this: I extend my own SynchroMappingDispatchAction on top of 
changed and adopted SynchroAction and at the moment am playing with it 
(testing, debugging, modifying, rewriting) and would appriciate _any_ 
comments or thoughts about the whole of this....

(*In the case someone is interested I will post here info about my 
further experimets.*)

With best regards
Yaroslav Novytskyy

Yaroslav Novytskyy wrote:
> Hello!
> 
> Iwanted to implement a token protection in my app and first found 
> http://www.jguru.com/faq/view.jsp?EID=779112 from Ted Husted.
> 
> Then I wnted to automate the precess, so I programmed myself a little, 
> but then looking over the internet once more for token-based flow 
> controll protection automation and came across 
> http://www.javaworld.com/javaworld/javatips/jw-javatip136.html article 
> about SynchroAction (P.S. the code in the article is outdated, but it 
> has a link to an "up-to-date" code in resources section). And I liked 
> the idea of it, but I'm working with MappingDispatchAction so I succeded 
> in creating SynchroMappingDispatchAction. But here I've got a problem: 
> in such an architecture an infinite loop can happen finishing in 
> StackOverwlow.
> 
> Can you please comment... maybe there is an ready to use decision... 
> pattern... code... ?
> 
> With best regard
> Yaroslav Novytskyy
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: synchronization strategies

Posted by ichy <ic...@gmail.com>.

 hi, Yaroslav.
 i don't have any sample codes to post.
but this is what i usually care.
 webapps i build are most of the time e-commerce 
apps and i have the same problem when a user
submit the final order ( that is the transaction i
need to protect ).
 there are two things i care.
 1. i wanna protect honest customers from accidental multiple submits
 2. i wanna protect database integrity from
malicious users.
 so, i use javascript to prevent multiple submits
as client-side solution. for server-side, i use
Post-Redirect- Get-like solution as you mentioned.
( two actions for setup and submit). and also
token.
 i think this is pretty much enough to protect honest
users. and for malicious users, i don't care as long
as database integrity is not broken.
 so, i prefer forwarding to error page explaining possible reasons why error 
page showed up 
to showing success page or for delete,
error page saying "no such entity with id X" on 
second submit. 
 in those cases, users cannot see the result of the 
first submit. but most of the time customers can
understand what happend ( if they are the 
malicious, truely they knew ).
 i hope this wil cover some of your interest.
 regards
ichy
 and for the sychronization, i wonder if that leads to
DoS attack or not..