token-session does not work.

Sat, 03 Nov 2007 04:19:09 -0800 

Hi, I found the token-session interceptor does not work.

IE 6.0
Jetty-6.1.3 or Tomcat 6.0.14

You need to use IE but Firefox to evaluate this issue since FIrefox
itself seems to prevent submitting the same request more than once.

--- Action class ---
    public String execute() {
System.err.println("*** execute() ***");
try {Thread.sleep(3000);} catch (InterruptedException ex) {}
...

--- jsp ---
  <s:form action="helloWorld.action">
    <s:token/>
    <s:textfield name="name"/>
    <s:submit/>
  </s:form>

--- struts.xml ---
    <action name="helloWorld" class="hello.HelloAction">
      <interceptor-ref name="defaultStack"/>
      <interceptor-ref name="token-session"/>
      <result name="success">hello.jsp</result>
    </action>

You will get white screen if you hit the submit button more than once.

I digged into the Struts source code and found that the result in the
following line is null:

--- TokenSessionStoreInterceptor.java ---
    protected String handleInvalidToken(ActionInvocation invocation)
throws Exception {
...
                Result result = savedInvocation.getResult();

If the user hit the submit button more than once, the
handleInvalidToken method is called. If the action invoked by the
first submit is completed and there is a result already, this result
variable becomes non-null and everything goes well. I confirmed it by
using debugger to place break point at this line and wait 3 seconds
before proceeding. But if the action invoked by the first action is
not completed yet, the result variable becomes null and the subsequent
requests result in a blank, I mean the user get white out browser
screen if he or she hits the submit button more than once.

It should wait until the result becomes non-null value. But I don't
know how to do that but just polling like this:

Result result = null;
while (true) {
    result = savedInvocation.getResult();
    if (result != null) break;
    try {Thread.sleep(100);} catch (InterruptedException ex) {}
}

It is not smart at all and I am looking for more appropriate way. Any
suggestions?

-- 
Ruimo Uno
(Shisei Hanai)

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to