You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Dominique de Waleffe <dd...@missioncriticalit.com> on 2004/01/13 17:59:27 UTC
Transaction tokens
I have a problem understanding how to use those....
I have jsp pages using <html:forms>
Ted's book says that "a hidden field is automatically added when the
form sees that a tokens are being used"
but I fail to see how the forms sees that. In other wods, what do I
have to put as attribute to get the behaviour?
I do not see anything in rendered html form that looks like the
transaction token...
Then, in the action done on submit for those forms, I want to check for
double submit and react.
So I have this:
saveToken(request);
if ( ! isTokenValid(request)) {
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError("error.multiple-submit"));
saveErrors(request,errors);
resetToken(request);
return mapping.findForward("multi-submit");
} // end of if ()
This always takes me into the error branch... Is this a consequence of
the first problem (not having tokens sent)?
Thanks for any hint or example.
--
Dominique de Waleffe Email: ddw@missioncriticalit.com [No HTML please]
Mission Critical, Drève Richelle 161 Bât N, B-1410 Waterloo, Belgium
Phone: +32 2 757 10 15 Fax: +32 2 759 27 60
ICQ: 289-306-495
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: Transaction tokens
Posted by Dominique de Waleffe <dd...@missioncriticalit.com>.
Richard Hightower wrote:
>Here is a scaled down excerpt....
>
>To use a transaction token, follow these steps:
> 1. Before you load the JavaServer Pages (JSP) page that has the html:form
>tag on it, call saveToken inside an action.
> 2. When the user submits the form, call isTokenValid and handle the form
>only if the token is valid.
>
>The first step is to call saveToken inside an action. To do this, you have
>to make sure an action is called before the JSP page loads.
>
>
>
Thanks for this info. I'll try it today.
D.
--
Dominique de Waleffe Email: ddw@missioncriticalit.com [No HTML please]
Mission Critical, Drève Richelle 161 Bât N, B-1410 Waterloo, Belgium
Phone: +32 2 757 10 15 Fax: +32 2 759 27 60
ICQ: 289-306-495
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
RE: Transaction tokens
Posted by Richard Hightower <rh...@arc-mind.com>.
OK this is a bit of an Obligatory plug but....
The "Professional Struts" book written by myself and James Goodwill covers
this step by step.
First it lists the steps. Then it breaks the code down by each step.
You will want to have you saveToken called just before the form loads for
the first time.
Here is a scaled down excerpt....
To use a transaction token, follow these steps:
1. Before you load the JavaServer Pages (JSP) page that has the html:form
tag on it, call saveToken inside an action.
2. When the user submits the form, call isTokenValid and handle the form
only if the token is valid.
The first step is to call saveToken inside an action. To do this, you have
to make sure an action is called before the JSP page loads.
Lets say you had an action mapping that was associated with the user
registration page as
<action path="/userRegForm" forward="/userRegistration.jsp" />
The above just associated a JSP page with an action. Then any JSP page that
links to the input form would link to it like this:
<html:link action="/userRegForm">User Registration</html:link>
Therefore, no JSP links directly to /userRegistration.jsp. If this is the
case, you have been following the rules in the MVC chapter and it is easy to
start using transaction tokens.
Now lets say that you want to make sure that the user cannot hit the back
button in the browser and submit the form twice. To do this, you must change
the action mapping associated with the input form to map to an action that
will call the saveToken method of Action:
<action path="/userRegForm"
type="strutsTutorial.UserRegistrationAction"
parameter="load">
<forward name="success"
path="/userRegistration.jsp" />
</action>
Actions saveToken method generates and saves a transaction token and puts
it in session scope under the key Globals.TRANSACTION_TOKEN_KEY. Think of a
transaction token as a unique string.
Notice that the action mapping for userRegForm sets the parameter to load.
The action will use the parameter to load the form.
We already have this action defined. Thus, we need to modify the
UserRegistrationAction so that it can handle loading the form by calling
saveToken:
public class UserRegistrationAction extends
LookupDispatchAction {
private static Log log =
LogFactory.getLog(UserRegistrationAction.class);
public ActionForward execute(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
log.trace("UserRegistrationAction.execute");
if ("load".equals(mapping.getParameter())){
return load(mapping, form, request, response);
}else{
return super.execute(mapping, form,
request, response);
}
}
private ActionForward load(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception{
log.debug("In LOAD Method");
saveToken(request);
return mapping.findForward("success");
}
Let me know if this helps.
Rick Hightower
Developer
Struts/J2EE training -- http://www.arc-mind.com/strutsCourse.htm
Struts/J2EE consulting --
http://www.arc-mind.com/consulting.htm#StrutsMentoring
-----Original Message-----
From: Dominique de Waleffe [mailto:ddw@missioncriticalit.com]
Sent: Tuesday, January 13, 2004 9:59 AM
To: Struts Users Mailing List
Subject: Transaction tokens
I have a problem understanding how to use those....
I have jsp pages using <html:forms>
Ted's book says that "a hidden field is automatically added when the
form sees that a tokens are being used"
but I fail to see how the forms sees that. In other wods, what do I
have to put as attribute to get the behaviour?
I do not see anything in rendered html form that looks like the
transaction token...
Then, in the action done on submit for those forms, I want to check for
double submit and react.
So I have this:
saveToken(request);
if ( ! isTokenValid(request)) {
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError("error.multiple-submit"));
saveErrors(request,errors);
resetToken(request);
return mapping.findForward("multi-submit");
} // end of if ()
This always takes me into the error branch... Is this a consequence of
the first problem (not having tokens sent)?
Thanks for any hint or example.
--
Dominique de Waleffe Email: ddw@missioncriticalit.com [No HTML please]
Mission Critical, Drève Richelle 161 Bât N, B-1410 Waterloo, Belgium
Phone: +32 2 757 10 15 Fax: +32 2 759 27 60
ICQ: 289-306-495
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org