You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Michael McGrady <mi...@michaelmcgrady.com> on 2004/08/22 06:07:34 UTC
Re: Can I generate a token without Action class?
Ping Cheung Leung wrote:
>I have a web page presented by JSP only.
>No data to input. It contains several links only.
>
>If I click one of the links on the web page,
>It will go to another web page with a form to input
>data.
>If I want the form to have a token generated
>when the form first appears.
>How can I code it?
>
>The procedure saveToken() is inside an Action class.
>However the JSP file does not have a
>corresponding ValidatorForm class and Action class.
>
>How can a token be generated in a form when the form
>first appears?
>For instance, when the form is re-directed from a JSP
>file or others?
>
>
You need to do a little reading or a little research into the code on
how these work. Essentially the idea is that a token is saved in request
and in session scopes and the logic is determined by those two being
compared against each other to allow us to determine whether or not a
person should be able to access the Action class at all. So, you need to
understand that the basic idea is saving, resetting, etc. tokens to
compare against each other.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Can I generate a token without Action class?
Posted by Erik Weber <er...@mindspring.com>.
The documentation on this confuses me, so I cannot tell you whether this
pattern is "correct", but it does seem to work:
public class EditARecordAction extends SomeBaseAction {
public static String VIEW = "viewEditForm";
public static final String UPDATE = "processEditForm";
public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response {
//determine whether this is a setup action or a form submittal
String command = mapping.getParameter();
if (VIEW.equals(command)) {
//gather data and populate form
. . .
//store a new synchronizer token for this form in user's session
saveToken(request);
return mapping.findForward("success");
}
else if (UPDATE.equals(command)) {
//make sure submitted form is not stale
if (!isTokenValid(request)) throw new Exception("expired form");
//form is OK, continue
resetToken(request);
. . .
//
}
}
}
In my opinion, the documentation for each relevant method -- saveToken,
resetToken, generateToken, isTokenValid etc. -- should:
1) Tell you something about when, if and how a new token is generated
2) Tell you exactly what request and session attributes (name the key
constants) are set or removed and when
3) Tell you clearly what the purpose of the method is
4) Tell you when/where/how (by example) the method should be invoked
5) Tell you how/when Struts determines if a form is valid (which
attribute is compared with what parameter and when)
The answer your first question is, use an Action to set up the form,
even if all you do in the action is invoke saveToken.
Erik
Ping Cheung Leung wrote:
>My attention is to prevention duplicated submission.
>I have refered to the struts-example.
>It checks the valid of token by IsValidToken().
>However when a form is displayed at the first time,
>it always is invalid.
>
>Moreover, according to the struts-example, it
>saveToken when it finds error.
>
>The behavior becomes very strange.
>
>When a form is displayed at the first time, it is
>invalid. It leads to error message displaying on web
>page. Next time user clicks the submit button, it
>becomes valid. Then it cannot avoid duplicated
>submission.
>
>All I want is very simple. When user clicks a submit
>button. It saves record if data checking is ok.
>If user goes back and re-click the submit button.
>Duplicated submission can be detected.
>
>Any coding example can be provided?
>Or can u point out my mistakes if I provide my
>codings?
>
>
> --- Michael McGrady <mi...@michaelmcgrady.com> 內容:
>
>
>>Ping Cheung Leung wrote:
>>
>>
>>
>>>I have a web page presented by JSP only.
>>>No data to input. It contains several links only.
>>>
>>>If I click one of the links on the web page,
>>>It will go to another web page with a form to input
>>>data.
>>>If I want the form to have a token generated
>>>when the form first appears.
>>>How can I code it?
>>>
>>>The procedure saveToken() is inside an Action
>>>
>>>
>>class.
>>
>>
>>>However the JSP file does not have a
>>>corresponding ValidatorForm class and Action class.
>>>
>>>How can a token be generated in a form when the
>>>
>>>
>>form
>>
>>
>>>first appears?
>>>For instance, when the form is re-directed from a
>>>
>>>
>>JSP
>>
>>
>>>file or others?
>>>
>>>
>>>
>>>
>>You need to do a little reading or a little research
>>into the code on
>>how these work. Essentially the idea is that a token
>>is saved in request
>>and in session scopes and the logic is determined by
>>those two being
>>compared against each other to allow us to determine
>>whether or not a
>>person should be able to access the Action class at
>>all. So, you need to
>>understand that the basic idea is saving, resetting,
>>etc. tokens to
>>compare against each other.
>>
>>
>>
>>
>>
>---------------------------------------------------------------------
>
>
>>To unsubscribe, e-mail:
>>user-unsubscribe@struts.apache.org
>>For additional commands, e-mail:
>>user-help@struts.apache.org
>>
>>
>>
>>
>
>_________________________________________________________
>必殺技、飲歌、小星星...
>浪漫鈴聲 情心連繫
>http://us.rd.yahoo.com/evt=22281/*http://ringtone.yahoo.com.hk/
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>
>
>
Re: Can I generate a token without Action class?
Posted by Ping Cheung Leung <le...@yahoo.com.hk>.
My attention is to prevention duplicated submission.
I have refered to the struts-example.
It checks the valid of token by IsValidToken().
However when a form is displayed at the first time,
it always is invalid.
Moreover, according to the struts-example, it
saveToken when it finds error.
The behavior becomes very strange.
When a form is displayed at the first time, it is
invalid. It leads to error message displaying on web
page. Next time user clicks the submit button, it
becomes valid. Then it cannot avoid duplicated
submission.
All I want is very simple. When user clicks a submit
button. It saves record if data checking is ok.
If user goes back and re-click the submit button.
Duplicated submission can be detected.
Any coding example can be provided?
Or can u point out my mistakes if I provide my
codings?
--- Michael McGrady <mi...@michaelmcgrady.com> 內容:
> Ping Cheung Leung wrote:
>
> >I have a web page presented by JSP only.
> >No data to input. It contains several links only.
> >
> >If I click one of the links on the web page,
> >It will go to another web page with a form to input
> >data.
> >If I want the form to have a token generated
> >when the form first appears.
> >How can I code it?
> >
> >The procedure saveToken() is inside an Action
> class.
> >However the JSP file does not have a
> >corresponding ValidatorForm class and Action class.
> >
> >How can a token be generated in a form when the
> form
> >first appears?
> >For instance, when the form is re-directed from a
> JSP
> >file or others?
> >
> >
>
> You need to do a little reading or a little research
> into the code on
> how these work. Essentially the idea is that a token
> is saved in request
> and in session scopes and the logic is determined by
> those two being
> compared against each other to allow us to determine
> whether or not a
> person should be able to access the Action class at
> all. So, you need to
> understand that the basic idea is saving, resetting,
> etc. tokens to
> compare against each other.
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> user-unsubscribe@struts.apache.org
> For additional commands, e-mail:
> user-help@struts.apache.org
>
>
_________________________________________________________
必殺技、飲歌、小星星...
浪漫鈴聲 情心連繫
http://us.rd.yahoo.com/evt=22281/*http://ringtone.yahoo.com.hk/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org