Re: Transaction tokens
Richard Hightower wrote: Here is a scaled down excerpt To use a transaction token, follow these steps: 1. Before you load the JavaServer Pages (JSP) page that has the html:form tag on it, call saveToken inside an action. 2. When the user submits the form, call isTokenValid and handle the form only if the token is valid. The first step is to call saveToken inside an action. To do this, you have to make sure an action is called before the JSP page loads. Thanks for this info. I'll try it today. D. -- Dominique de Waleffe Email: [EMAIL PROTECTED] [No HTML please] Mission Critical, Drève Richelle 161 Bât N, B-1410 Waterloo, Belgium Phone: +32 2 757 10 15 Fax: +32 2 759 27 60 ICQ: 289-306-495 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Transaction tokens
I have a problem understanding how to use those
I have jsp pages using html:forms
Ted's book says that a hidden field is automatically added when the
form sees that a tokens are being used
but I fail to see how the forms sees that. In other wods, what do I
have to put as attribute to get the behaviour?
I do not see anything in rendered html form that looks like the
transaction token...
Then, in the action done on submit for those forms, I want to check for
double submit and react.
So I have this:
saveToken(request);
if ( ! isTokenValid(request)) {
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError(error.multiple-submit));
saveErrors(request,errors);
resetToken(request);
return mapping.findForward(multi-submit);
} // end of if ()
This always takes me into the error branch... Is this a consequence of
the first problem (not having tokens sent)?
Thanks for any hint or example.
--
Dominique de Waleffe Email: [EMAIL PROTECTED] [No HTML please]
Mission Critical, Drève Richelle 161 Bât N, B-1410 Waterloo, Belgium
Phone: +32 2 757 10 15 Fax: +32 2 759 27 60
ICQ: 289-306-495
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Transaction tokens
OK this is a bit of an Obligatory plug but
The Professional Struts book written by myself and James Goodwill covers
this step by step.
First it lists the steps. Then it breaks the code down by each step.
You will want to have you saveToken called just before the form loads for
the first time.
Here is a scaled down excerpt
To use a transaction token, follow these steps:
1. Before you load the JavaServer Pages (JSP) page that has the html:form
tag on it, call saveToken inside an action.
2. When the user submits the form, call isTokenValid and handle the form
only if the token is valid.
The first step is to call saveToken inside an action. To do this, you have
to make sure an action is called before the JSP page loads.
Lets say you had an action mapping that was associated with the user
registration page as
action path=/userRegForm forward=/userRegistration.jsp /
The above just associated a JSP page with an action. Then any JSP page that
links to the input form would link to it like this:
html:link action=/userRegFormUser Registration/html:link
Therefore, no JSP links directly to /userRegistration.jsp. If this is the
case, you have been following the rules in the MVC chapter and it is easy to
start using transaction tokens.
Now lets say that you want to make sure that the user cannot hit the back
button in the browser and submit the form twice. To do this, you must change
the action mapping associated with the input form to map to an action that
will call the saveToken method of Action:
action path=/userRegForm
type=strutsTutorial.UserRegistrationAction
parameter=load
forward name=success
path=/userRegistration.jsp /
/action
Actions saveToken method generates and saves a transaction token and puts
it in session scope under the key Globals.TRANSACTION_TOKEN_KEY. Think of a
transaction token as a unique string.
Notice that the action mapping for userRegForm sets the parameter to load.
The action will use the parameter to load the form.
We already have this action defined. Thus, we need to modify the
UserRegistrationAction so that it can handle loading the form by calling
saveToken:
public class UserRegistrationAction extends
LookupDispatchAction {
private static Log log =
LogFactory.getLog(UserRegistrationAction.class);
public ActionForward execute(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
log.trace(UserRegistrationAction.execute);
if (load.equals(mapping.getParameter())){
return load(mapping, form, request, response);
}else{
return super.execute(mapping, form,
request, response);
}
}
private ActionForward load(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception{
log.debug(In LOAD Method);
saveToken(request);
return mapping.findForward(success);
}
Let me know if this helps.
Rick Hightower
Developer
Struts/J2EE training -- http://www.arc-mind.com/strutsCourse.htm
Struts/J2EE consulting --
http://www.arc-mind.com/consulting.htm#StrutsMentoring
-Original Message-
From: Dominique de Waleffe [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 13, 2004 9:59 AM
To: Struts Users Mailing List
Subject: Transaction tokens
I have a problem understanding how to use those
I have jsp pages using html:forms
Ted's book says that a hidden field is automatically added when the
form sees that a tokens are being used
but I fail to see how the forms sees that. In other wods, what do I
have to put as attribute to get the behaviour?
I do not see anything in rendered html form that looks like the
transaction token...
Then, in the action done on submit for those forms, I want to check for
double submit and react.
So I have this:
saveToken(request);
if ( ! isTokenValid(request)) {
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError(error.multiple-submit));
saveErrors(request,errors);
resetToken(request);
return mapping.findForward(multi-submit);
} // end of if ()
This always takes me into the error branch... Is this a consequence of
the first problem (not having tokens sent)?
Thanks for any hint or example.
--
Dominique de Waleffe Email: [EMAIL PROTECTED] [No HTML please]
Mission Critical, Drève Richelle 161 Bât N, B-1410 Waterloo, Belgium
Phone: +32 2 757 10 15 Fax: +32 2 759 27 60
ICQ: 289-306-495
my version of the Tokens
Hi,
before knowing about tokens, I have implemented a way to deal with the refresh of a
POST form problem. Now that I know that tokens exist, I can't really use them for
several reasons, but mainly because it adds a field in the form which modifies my
current form validation with javascript.
Here is what I have done in my ActionBase class, that every Action I use derives from :
protected void setDBFlag(Object o, HttpServletRequest request) {
synchronized(session.getId()){
request.getSession(false).setAttribute(
Parametres.DB_FLAG + o,
Parametres.CHECKBOX_TRUE);
}
}
protected void clearDBFlag(Object o, HttpServletRequest request) {
synchronized(session.getId()){
request.getSession(false).removeAttribute(
Parametres.DB_FLAG + o);
}
}
protected boolean checkDBFlag(Object o, HttpServletRequest request) {
synchronized(session.getId()){
return (
request.getSession(false).getAttribute(
Parametres.DB_FLAG + o)
!= null);
}
}
These methods should be called from the class below this way :
public class MyAction extends ActionBase{
...
protected ActionForward executeUpdate(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
if (GET.equalsIgnoreCase(request.getMethod())) {
setDBFlag(this, request);
this.processBeforeUpdate(mapping, form, request, response);
return mapping.findForward(EDIT);
}
else {
HttpSession session = request.getSession(false);
ListResultCsv resultats =
(ListResultCsv) (session.getAttribute(attTable));
if(checkDBFlag(this, request)){
//update DB
processUpdate(...,form);
updateBeanConteneur();
clearDBFlag(this,request);
}}
}
.
}//end of class
As you can see I'm putting a flag on the session. This flag name is actually function
of the name of the Action instance itself (this).
The idea is to put the flag to true while preparing the form, then when the form is
submitted, I check if the flag is true then I do the updates and set the flag to
false. So when a user presses refresh, the form is not submitted 2 times.
The problem with this solution is that I must use the same Action to prepare and
submit the Form, but it's the case most of the times.
I was wondering if the solution I chose looks OK in a multi-user application. I know
that each user has its own Action instance, so it should not be a problem, but at the
same time, looking at Struts' implementation of the tokens which is more complicated,
I think there might be some issues with my approach.
Thanks in advance for the feedback!
Raphaël di Cicco
Re: my version of the Tokens
Hi Raphaël
what happens if the user has two browser windows open for two different
datasets which use the same action? He will be prevented from submitting
the second one.
Adam
On 12/01/2003 11:30 AM Raphaël di Cicco wrote:
Hi,
before knowing about tokens, I have implemented a way to deal with the refresh of a POST
form problem. Now that I know that tokens exist, I can't really use them for several reasons,
but mainly because it adds a field in the form which modifies my current form validation with
javascript.
Here is what I have done in my ActionBase class, that every Action I use derives from :
protected void setDBFlag(Object o, HttpServletRequest request) {
synchronized(session.getId()){
request.getSession(false).setAttribute(
Parametres.DB_FLAG + o,
Parametres.CHECKBOX_TRUE);
}
}
protected void clearDBFlag(Object o, HttpServletRequest request) {
synchronized(session.getId()){
request.getSession(false).removeAttribute(
Parametres.DB_FLAG + o);
}
}
protected boolean checkDBFlag(Object o, HttpServletRequest request) {
synchronized(session.getId()){
return (
request.getSession(false).getAttribute(
Parametres.DB_FLAG + o)
!= null);
}
}
These methods should be called from the class below this way :
public class MyAction extends ActionBase{
...
protected ActionForward executeUpdate(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
if (GET.equalsIgnoreCase(request.getMethod())) {
setDBFlag(this, request);
this.processBeforeUpdate(mapping, form, request, response);
return mapping.findForward(EDIT);
}
else {
HttpSession session = request.getSession(false);
ListResultCsv resultats =
(ListResultCsv) (session.getAttribute(attTable));
if(checkDBFlag(this, request)){
//update DB
processUpdate(...,form);
updateBeanConteneur();
clearDBFlag(this,request);
}}
}
.
}//end of class
As you can see I'm putting a flag on the session. This flag name is actually function of the name of the Action instance itself (this).
The idea is to put the flag to true while preparing the form, then when the form is
submitted, I check if the flag is true then I do the updates and set the flag to
false. So when a user presses refresh, the form is not submitted 2 times.
The problem with this solution is that I must use the same Action to prepare and
submit the Form, but it's the case most of the times.
I was wondering if the solution I chose looks OK in a multi-user application. I know
that each user has its own Action instance, so it should not be a problem, but at the
same time, looking at Struts' implementation of the tokens which is more complicated,
I think there might be some issues with my approach.
Thanks in advance for the feedback!
Raphaël di Cicco
--
struts 1.1 + tomcat 5.0.14 + java 1.4.2
Linux 2.4.20 RH9
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: my version of the Tokens
Thanks Adam for your comment.
Yes you're right... but in my application every new window I open is indexed
with a windowId.
In fact, every session attribute name is built using this windowId, so that
session objects don't mix between pages. The flag itself uses the windowId
this way, but I didn't put it in the code (something like
request.getSession(false).setAttribute(Parametres.DB_FLAG + o +
getWindowId(request), Parametres.CHECKBOX_TRUE);
Nonetheless, the problem you found will happen if the user decides to open a
new window by himself because the new window will have the same windowId as
the previous one :(
- Original Message -
From: Adam Hardy [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, December 01, 2003 12:44 PM
Subject: Re: my version of the Tokens
Hi Raphaël
what happens if the user has two browser windows open for two different
datasets which use the same action? He will be prevented from submitting
the second one.
Adam
On 12/01/2003 11:30 AM Raphaël di Cicco wrote:
Hi,
before knowing about tokens, I have implemented a way to deal with the
refresh of a POST form problem. Now that I know that tokens exist, I can't
really use them for several reasons, but mainly because it adds a field in
the form which modifies my current form validation with javascript.
Here is what I have done in my ActionBase class, that every Action I use
derives from :
protected void setDBFlag(Object o, HttpServletRequest request) {
synchronized(session.getId()){
request.getSession(false).setAttribute(
Parametres.DB_FLAG + o,
Parametres.CHECKBOX_TRUE);
}
}
protected void clearDBFlag(Object o, HttpServletRequest request) {
synchronized(session.getId()){
request.getSession(false).removeAttribute(
Parametres.DB_FLAG + o);
}
}
protected boolean checkDBFlag(Object o, HttpServletRequest request) {
synchronized(session.getId()){
return (
request.getSession(false).getAttribute(
Parametres.DB_FLAG + o)
!= null);
}
}
These methods should be called from the class below this way :
public class MyAction extends ActionBase{
...
protected ActionForward executeUpdate(ActionMapping mapping, ActionForm
form, HttpServletRequest request, HttpServletResponse response)
throws Exception {
if (GET.equalsIgnoreCase(request.getMethod())) {
setDBFlag(this, request);
this.processBeforeUpdate(mapping, form, request, response);
return mapping.findForward(EDIT);
}
else {
HttpSession session = request.getSession(false);
ListResultCsv resultats =
(ListResultCsv) (session.getAttribute(attTable));
if(checkDBFlag(this, request)){
//update DB
processUpdate(...,form);
updateBeanConteneur();
clearDBFlag(this,request);
}}
}
.
}//end of class
As you can see I'm putting a flag on the session. This flag name is
actually function of the name of the Action instance itself (this).
The idea is to put the flag to true while preparing the form, then when
the form is submitted, I check if the flag is true then I do the updates and
set the flag to false. So when a user presses refresh, the form is not
submitted 2 times.
The problem with this solution is that I must use the same Action to
prepare and submit the Form, but it's the case most of the times.
I was wondering if the solution I chose looks OK in a multi-user
application. I know that each user has its own Action instance, so it should
not be a problem, but at the same time, looking at Struts' implementation of
the tokens which is more complicated, I think there might be some issues
with my approach.
Thanks in advance for the feedback!
Raphaël di Cicco
--
struts 1.1 + tomcat 5.0.14 + java 1.4.2
Linux 2.4.20 RH9
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: tokens creating a field in my forms
On 11/20/2003 11:44 AM Raphaël di Cicco wrote: I understand how tokens work. I'm currently modifying my application to use tokens every time possible. The thing is that I'm doing validation with javascript on my JSPs, and very often checking form elements with the index. When using token, struts creates a form element at index 0, so every validation I do is not working anymore since everything is reindexed by 1. I would like the struts form to place the token at the end of the form. Is that possible? Hi Raphael, without looking at the source code I can't definitely say that it is impossible, but it is highly unlikely. Technically speaking you would be better off referring to your fields in javascript by id, rather than by index, since this situation with tokens is not the only one that will give you this problem. However I realise this will not be helpful to you if you have already finished the javascript code! Sorry :( Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tokens
Is there a complete end-to-end example of proper saveToken() isTokenValid() usage
anywhere? (there should be)
Regards,
Rich
-Original Message-
From: Jason Lea [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 20, 2003 10:16 PM
To: Struts Users Mailing List
Subject: Re: Tokens
The Struts saveToken() isTokenValid() methods save a token so that
double submits are detected and can be dealt with. Just disabling the
submit button won't stop a user submitting and then refreshing the page
(which submits the same info twice) or going back in their history and
clicking submit on an earlier page.
Geeta Ramani wrote:
Gurpreet:
Don't mean to jump in if you already have found a good solution, but wouldn't it be
simpler to just not allow the user to press the submit btton twice? It is easy
(using Javascript) to disable a submit button once it has already been pressed..
Regards,
Geeta
Mainguy, Mike wrote:
Call saveToken() in GET (or read)
Test isTokenValid() in the POST (or write) to see if it is a dupe (duplicate
returns false [bad token])
worse is better
-Original Message-
From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 11:19 PM
To: Struts Users Mailing List
Subject: Re: Tokens
hi Ramadoss
Thanks for your help. But this is not i m looking for.
I may not be able to explain my question proeprly .
But i m looking for saveTOken() method implementation in struts which does
not allow duplicate entry of records into the database when the user click
on submit button twice.
- Original Message -
From: Ramadoss Chinnakuzhandai [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 7:56 PM
Subject: RE: Tokens
Hi Gurpreet,
If what I understand is correct from your question, you can
use
split function the same way as you use String Token...following is sample
snap shot
String str = botherouioero:and:foroffo:mar:ssod:slave;
String[] arr = str.split(:, 9);
System.out.println(length of arr[] is: + arr.length);
for (int i = 0; i arr.length; i++) {
System.out.println(value is : + arr[i]);
}
String[] ar = str.split(o, 8);
System.out.println(length of arr[] is: + ar.length);
for (int i = 0; i ar.length; i++) {
System.out.println(value is : + ar[i]);
}
Where the number 9 and 8 denotes number of occurences you want to
consider
after which it will be treated as whole single string and will be included
into your String Array.
Hope this help,
-Ram
-Original Message-
From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 6:19 AM
To: Struts Users Mailing List; [EMAIL PROTECTED]
Subject: Tokens
hi All
Can somebody explain small code snap shot of using Tokens. AS i am
trying to use it in one of my application. but due to some unknown
reason it is
not
working. I may be doing something wrong.
Any help will be appreciated
Regards
GAry
--
Jason Lea
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tokens
Am Freitag, 21. November 2003 16:46 schrieb Richard J. Duncan: Is there a complete end-to-end example of proper saveToken() isTokenValid() usage anywhere? (there should be) Check out the Struts Example application that comes with Struts. Then, tokens are explained best in Struts in Action (one paragraph, IIRC). No, three, and on p. 295. So the index is wrong which says p. 287. Anyway. When you're about to start a transaction, say saveToken(request) somewhere in your Action. From then on, Struts forms will automatically be aware of the Token and deliver it along with each request. When using html:link, set the transaction attribute to 'true' to have them behave likewise. When it finally comes to applying permanent changes to the Model (backend, database, EIS, whatever) which you want to happen only once, check for the token before entering the code in question by calling isTokenValid(request). If it's there, proceed, if not, branch to some error page or just ignore the (second) attempt . If the token is valid, execute he backend code and call resetToken(request) to enable possible subsequent transactions. If the user has pressed the 'Send' button twice in-between, the second request will fail because of the isTokenValid(request) check, and once you say resetToken(request), the token won't be valid anymore. Until you generate a new transaction via saveToken(), but that a different one, then. Regards, Rich HTH, -- Chris. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tokens creating a field in my forms
OK, I was thinking the same thing. Referring to fields by id is better but less convenient when all your fields are accessed by maps therefore their names is something like formProp(Foo.foo.fooo). - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Friday, November 21, 2003 10:48 AM Subject: Re: tokens creating a field in my forms On 11/20/2003 11:44 AM Raphaël di Cicco wrote: I understand how tokens work. I'm currently modifying my application to use tokens every time possible. The thing is that I'm doing validation with javascript on my JSPs, and very often checking form elements with the index. When using token, struts creates a form element at index 0, so every validation I do is not working anymore since everything is reindexed by 1. I would like the struts form to place the token at the end of the form. Is that possible? Hi Raphael, without looking at the source code I can't definitely say that it is impossible, but it is highly unlikely. Technically speaking you would be better off referring to your fields in javascript by id, rather than by index, since this situation with tokens is not the only one that will give you this problem. However I realise this will not be helpful to you if you have already finished the javascript code! Sorry :( Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tokens creating a field in my forms
Hi, I understand how tokens work. I'm currently modifying my application to use tokens every time possible. The thing is that I'm doing validation with javascript on my JSPs, and very often checking form elements with the index. When using token, struts creates a form element at index 0, so every validation I do is not working anymore since everything is reindexed by 1. I would like the struts form to place the token at the end of the form. Is that possible? Raphaël di Cicco Atos Origin - Ingénieur de réalisation Les Miroirs 2ème étage - salle 208 e-mail : [EMAIL PROTECTED] tél : 01-55-91-24-53
RE: Tokens
Call saveToken() in GET (or read)
Test isTokenValid() in the POST (or write) to see if it is a dupe (duplicate
returns false [bad token])
worse is better
-Original Message-
From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 11:19 PM
To: Struts Users Mailing List
Subject: Re: Tokens
hi Ramadoss
Thanks for your help. But this is not i m looking for.
I may not be able to explain my question proeprly .
But i m looking for saveTOken() method implementation in struts which does
not allow duplicate entry of records into the database when the user click
on submit button twice.
- Original Message -
From: Ramadoss Chinnakuzhandai [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 7:56 PM
Subject: RE: Tokens
Hi Gurpreet,
If what I understand is correct from your question, you can
use
split function the same way as you use String Token...following is sample
snap shot
String str = botherouioero:and:foroffo:mar:ssod:slave;
String[] arr = str.split(:, 9);
System.out.println(length of arr[] is: + arr.length);
for (int i = 0; i arr.length; i++) {
System.out.println(value is : + arr[i]);
}
String[] ar = str.split(o, 8);
System.out.println(length of arr[] is: + ar.length);
for (int i = 0; i ar.length; i++) {
System.out.println(value is : + ar[i]);
}
Where the number 9 and 8 denotes number of occurences you want to
consider
after which it will be treated as whole single string and will be included
into your String Array.
Hope this help,
-Ram
-Original Message-
From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 6:19 AM
To: Struts Users Mailing List; [EMAIL PROTECTED]
Subject: Tokens
hi All
Can somebody explain small code snap shot of using Tokens. AS i am
trying to use it in one of my application. but due to some unknown
reason it is
not
working. I may be doing something wrong.
Any help will be appreciated
Regards
GAry
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
This message and its contents (to include attachments) are the property of Kmart
Corporation (Kmart) and may contain confidential and proprietary information. You are
hereby notified that any disclosure, copying, or distribution of this message, or the
taking of any action based on information contained herein is strictly prohibited.
Unauthorized use of information contained herein may subject you to civil and criminal
prosecution and penalties. If you are not the intended recipient, you should delete
this message immediately.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tokens
Gurpreet:
Don't mean to jump in if you already have found a good solution, but wouldn't it be
simpler to just not allow the user to press the submit btton twice? It is easy (using
Javascript) to disable a submit button once it has already been pressed..
Regards,
Geeta
Mainguy, Mike wrote:
Call saveToken() in GET (or read)
Test isTokenValid() in the POST (or write) to see if it is a dupe (duplicate
returns false [bad token])
worse is better
-Original Message-
From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 11:19 PM
To: Struts Users Mailing List
Subject: Re: Tokens
hi Ramadoss
Thanks for your help. But this is not i m looking for.
I may not be able to explain my question proeprly .
But i m looking for saveTOken() method implementation in struts which does
not allow duplicate entry of records into the database when the user click
on submit button twice.
- Original Message -
From: Ramadoss Chinnakuzhandai [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 7:56 PM
Subject: RE: Tokens
Hi Gurpreet,
If what I understand is correct from your question, you can
use
split function the same way as you use String Token...following is sample
snap shot
String str = botherouioero:and:foroffo:mar:ssod:slave;
String[] arr = str.split(:, 9);
System.out.println(length of arr[] is: + arr.length);
for (int i = 0; i arr.length; i++) {
System.out.println(value is : + arr[i]);
}
String[] ar = str.split(o, 8);
System.out.println(length of arr[] is: + ar.length);
for (int i = 0; i ar.length; i++) {
System.out.println(value is : + ar[i]);
}
Where the number 9 and 8 denotes number of occurences you want to
consider
after which it will be treated as whole single string and will be included
into your String Array.
Hope this help,
-Ram
-Original Message-
From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 6:19 AM
To: Struts Users Mailing List; [EMAIL PROTECTED]
Subject: Tokens
hi All
Can somebody explain small code snap shot of using Tokens. AS i am
trying to use it in one of my application. but due to some unknown
reason it is
not
working. I may be doing something wrong.
Any help will be appreciated
Regards
GAry
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
This message and its contents (to include attachments) are the property of Kmart
Corporation (Kmart) and may contain confidential and proprietary information. You
are hereby notified that any disclosure, copying, or distribution of this message,
or the taking of any action based on information contained herein is strictly
prohibited. Unauthorized use of information contained herein may subject you to
civil and criminal prosecution and penalties. If you are not the intended recipient,
you should delete this message immediately.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tokens
The Struts saveToken() isTokenValid() methods save a token so that
double submits are detected and can be dealt with. Just disabling the
submit button won't stop a user submitting and then refreshing the page
(which submits the same info twice) or going back in their history and
clicking submit on an earlier page.
Geeta Ramani wrote:
Gurpreet:
Don't mean to jump in if you already have found a good solution, but wouldn't it be simpler to just not allow the user to press the submit btton twice? It is easy (using Javascript) to disable a submit button once it has already been pressed..
Regards,
Geeta
Mainguy, Mike wrote:
Call saveToken() in GET (or read)
Test isTokenValid() in the POST (or write) to see if it is a dupe (duplicate
returns false [bad token])
worse is better
-Original Message-
From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 11:19 PM
To: Struts Users Mailing List
Subject: Re: Tokens
hi Ramadoss
Thanks for your help. But this is not i m looking for.
I may not be able to explain my question proeprly .
But i m looking for saveTOken() method implementation in struts which does
not allow duplicate entry of records into the database when the user click
on submit button twice.
- Original Message -
From: Ramadoss Chinnakuzhandai [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 7:56 PM
Subject: RE: Tokens
Hi Gurpreet,
If what I understand is correct from your question, you can
use
split function the same way as you use String Token...following is sample
snap shot
String str = botherouioero:and:foroffo:mar:ssod:slave;
String[] arr = str.split(:, 9);
System.out.println(length of arr[] is: + arr.length);
for (int i = 0; i arr.length; i++) {
System.out.println(value is : + arr[i]);
}
String[] ar = str.split(o, 8);
System.out.println(length of arr[] is: + ar.length);
for (int i = 0; i ar.length; i++) {
System.out.println(value is : + ar[i]);
}
Where the number 9 and 8 denotes number of occurences you want to
consider
after which it will be treated as whole single string and will be included
into your String Array.
Hope this help,
-Ram
-Original Message-
From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 6:19 AM
To: Struts Users Mailing List; [EMAIL PROTECTED]
Subject: Tokens
hi All
Can somebody explain small code snap shot of using Tokens. AS i am
trying to use it in one of my application. but due to some unknown
reason it is
not
working. I may be doing something wrong.
Any help will be appreciated
Regards
GAry
--
Jason Lea
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tokens
Oh, ok. I guess i was thinking of the more casual click-happy user who can be perhaps
persuaded to see that overclicking is a bad thing.. But you're right: the scenario you
describe can certainly occur for the more determined lets-break-this-code
user..;) Thanks for setting me right..!
Jason Lea wrote:
The Struts saveToken() isTokenValid() methods save a token so that
double submits are detected and can be dealt with. Just disabling the
submit button won't stop a user submitting and then refreshing the page
(which submits the same info twice) or going back in their history and
clicking submit on an earlier page.
Geeta Ramani wrote:
Gurpreet:
Don't mean to jump in if you already have found a good solution, but wouldn't it be
simpler to just not allow the user to press the submit btton twice? It is easy
(using Javascript) to disable a submit button once it has already been pressed..
Regards,
Geeta
Mainguy, Mike wrote:
Call saveToken() in GET (or read)
Test isTokenValid() in the POST (or write) to see if it is a dupe (duplicate
returns false [bad token])
worse is better
-Original Message-
From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 11:19 PM
To: Struts Users Mailing List
Subject: Re: Tokens
hi Ramadoss
Thanks for your help. But this is not i m looking for.
I may not be able to explain my question proeprly .
But i m looking for saveTOken() method implementation in struts which does
not allow duplicate entry of records into the database when the user click
on submit button twice.
- Original Message -
From: Ramadoss Chinnakuzhandai [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 7:56 PM
Subject: RE: Tokens
Hi Gurpreet,
If what I understand is correct from your question, you can
use
split function the same way as you use String Token...following is sample
snap shot
String str = botherouioero:and:foroffo:mar:ssod:slave;
String[] arr = str.split(:, 9);
System.out.println(length of arr[] is: + arr.length);
for (int i = 0; i arr.length; i++) {
System.out.println(value is : + arr[i]);
}
String[] ar = str.split(o, 8);
System.out.println(length of arr[] is: + ar.length);
for (int i = 0; i ar.length; i++) {
System.out.println(value is : + ar[i]);
}
Where the number 9 and 8 denotes number of occurences you want to
consider
after which it will be treated as whole single string and will be included
into your String Array.
Hope this help,
-Ram
-Original Message-
From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 6:19 AM
To: Struts Users Mailing List; [EMAIL PROTECTED]
Subject: Tokens
hi All
Can somebody explain small code snap shot of using Tokens. AS i am
trying to use it in one of my application. but due to some unknown
reason it is
not
working. I may be doing something wrong.
Any help will be appreciated
Regards
GAry
--
Jason Lea
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Tokens
hi All Can somebody explain small code snap shot of using Tokens. AS i am trying to use it in one of my application. but due to some unknown reason it is not working. I may be doing something wrong. Any help will be appreciated Regards GAry - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tokens
Hi Gurpreet,
If what I understand is correct from your question, you can use split function
the same way as you use String Token...following is sample snap shot
String str = botherouioero:and:foroffo:mar:ssod:slave;
String[] arr = str.split(:, 9);
System.out.println(length of arr[] is: + arr.length);
for (int i = 0; i arr.length; i++) {
System.out.println(value is : + arr[i]);
}
String[] ar = str.split(o, 8);
System.out.println(length of arr[] is: + ar.length);
for (int i = 0; i ar.length; i++) {
System.out.println(value is : + ar[i]);
}
Where the number 9 and 8 denotes number of occurences you want to consider after which
it will be treated as whole single string and will be included into your String Array.
Hope this help,
-Ram
-Original Message-
From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 6:19 AM
To: Struts Users Mailing List; [EMAIL PROTECTED]
Subject: Tokens
hi All
Can somebody explain small code snap shot of using Tokens. AS i am trying
to use it in one of my application. but due to some unknown reason it is not
working. I may be doing something wrong.
Any help will be appreciated
Regards
GAry
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tokens
hi Ramadoss
Thanks for your help. But this is not i m looking for.
I may not be able to explain my question proeprly .
But i m looking for saveTOken() method implementation in struts which does
not allow duplicate entry of records into the database when the user click
on submit button twice.
- Original Message -
From: Ramadoss Chinnakuzhandai [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 7:56 PM
Subject: RE: Tokens
Hi Gurpreet,
If what I understand is correct from your question, you can use
split function the same way as you use String Token...following is sample
snap shot
String str = botherouioero:and:foroffo:mar:ssod:slave;
String[] arr = str.split(:, 9);
System.out.println(length of arr[] is: + arr.length);
for (int i = 0; i arr.length; i++) {
System.out.println(value is : + arr[i]);
}
String[] ar = str.split(o, 8);
System.out.println(length of arr[] is: + ar.length);
for (int i = 0; i ar.length; i++) {
System.out.println(value is : + ar[i]);
}
Where the number 9 and 8 denotes number of occurences you want to consider
after which it will be treated as whole single string and will be included
into your String Array.
Hope this help,
-Ram
-Original Message-
From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 6:19 AM
To: Struts Users Mailing List; [EMAIL PROTECTED]
Subject: Tokens
hi All
Can somebody explain small code snap shot of using Tokens. AS i am trying
to use it in one of my application. but due to some unknown reason it is
not
working. I may be doing something wrong.
Any help will be appreciated
Regards
GAry
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: transaction tokens
Andrew Hill wrote: I dont believe so. :-( btw Likewise for multiple actionforms (for the same mapping) when you have 1 windows open (such as you might want for editing several records selected from a list in the main window...) /btw what's the problem with that? You mean you have the action form in the session? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: transaction tokens
I dont believe so. :-( btw Likewise for multiple actionforms (for the same mapping) when you have 1 windows open (such as you might want for editing several records selected from a list in the main window...) /btw -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Wednesday, 6 August 2003 17:28 To: Struts Users Mailing List Subject: transaction tokens Did the creator of transaction token functionality on the struts Action class have any plan or suggestions about what to do about tokens becoming mixed and invalid in the situation when the user has more than one browser window open? i.e. the user decides to create a new item. - Opens create-page (gets first transaction token in session) - decides to copy details from another item - opens edit page for another item in a second browser window (overwrites first token with second) - hits create and receives transaction token error Or is there an alternative for this situation? Or even a non-technical error message to calm the user and explain why they caused an error? ;) Thanks Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
transaction tokens
Did the creator of transaction token functionality on the struts Action class have any plan or suggestions about what to do about tokens becoming mixed and invalid in the situation when the user has more than one browser window open? i.e. the user decides to create a new item. - Opens create-page (gets first transaction token in session) - decides to copy details from another item - opens edit page for another item in a second browser window (overwrites first token with second) - hits create and receives transaction token error Or is there an alternative for this situation? Or even a non-technical error message to calm the user and explain why they caused an error? ;) Thanks Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: transaction tokens
I was thinking there might be a way of controlling transactions by saving all tokens in the session once they are used, and then if it crops up again, not allowing the execution. Would be simple to implement with a hashmap I think. What's the likelihood of 2 transaction tokens being identical, over the course of a user session? (Theoretically you could apply the same principle to action forms,saving them against a transaction token and then sorting it out in a base class during form.reset() (exceptionally seat-of-pants thinking)) Andrew Hill wrote: oops, yep. Should have specified that. Only for a session mapped actionform will there be a problem. The request ones are of course not affected by the problem. -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Wednesday, 6 August 2003 17:56 To: Struts Users Mailing List Subject: Re: transaction tokens Andrew Hill wrote: I dont believe so. :-( btw Likewise for multiple actionforms (for the same mapping) when you have 1 windows open (such as you might want for editing several records selected from a list in the main window...) /btw what's the problem with that? You mean you have the action form in the session? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: transaction tokens
Makes alot of sense. Andrew Hill wrote: In my case having multiple windows open for different records using the same mapping and with session scoped action forms was a requirement. What I do is to have an object called the OperationContext that is stored in the session. Conceptually its like a mini-session. This object has getAttribute() and setAttribute() methods and a few other goodies. Each opCon has a unique id - which has to be included included as part of a url for a request associated with that operation. I store my action forms in the opCon rather than directly in the session (and have overridden RequestProcessor so it is smart enough to look there). This stops my forms colliding when I have multiple windows. It also lets me do some other neat things - for example by allowing the opCons to be 'stacked' I can preserve the state of a users interaction with a form while they go off to edit a related record, and then bring them back to that form afterwards in the same state they left it. Im not using tokens, but if I was (and I very likely will be - when I get around to it) Id override the struts handling to support opCons for them so instead of one token per session, it would be one per opCon. -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Wednesday, 6 August 2003 18:41 To: Struts Users Mailing List Subject: Re: transaction tokens I was thinking there might be a way of controlling transactions by saving all tokens in the session once they are used, and then if it crops up again, not allowing the execution. Would be simple to implement with a hashmap I think. What's the likelihood of 2 transaction tokens being identical, over the course of a user session? (Theoretically you could apply the same principle to action forms,saving them against a transaction token and then sorting it out in a base class during form.reset() (exceptionally seat-of-pants thinking)) Andrew Hill wrote: oops, yep. Should have specified that. Only for a session mapped actionform will there be a problem. The request ones are of course not affected by the problem. -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Wednesday, 6 August 2003 17:56 To: Struts Users Mailing List Subject: Re: transaction tokens Andrew Hill wrote: I dont believe so. :-( btw Likewise for multiple actionforms (for the same mapping) when you have 1 windows open (such as you might want for editing several records selected from a list in the main window...) /btw what's the problem with that? You mean you have the action form in the session? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: transaction tokens
In my case having multiple windows open for different records using the same mapping and with session scoped action forms was a requirement. What I do is to have an object called the OperationContext that is stored in the session. Conceptually its like a mini-session. This object has getAttribute() and setAttribute() methods and a few other goodies. Each opCon has a unique id - which has to be included included as part of a url for a request associated with that operation. I store my action forms in the opCon rather than directly in the session (and have overridden RequestProcessor so it is smart enough to look there). This stops my forms colliding when I have multiple windows. It also lets me do some other neat things - for example by allowing the opCons to be 'stacked' I can preserve the state of a users interaction with a form while they go off to edit a related record, and then bring them back to that form afterwards in the same state they left it. Im not using tokens, but if I was (and I very likely will be - when I get around to it) Id override the struts handling to support opCons for them so instead of one token per session, it would be one per opCon. -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Wednesday, 6 August 2003 18:41 To: Struts Users Mailing List Subject: Re: transaction tokens I was thinking there might be a way of controlling transactions by saving all tokens in the session once they are used, and then if it crops up again, not allowing the execution. Would be simple to implement with a hashmap I think. What's the likelihood of 2 transaction tokens being identical, over the course of a user session? (Theoretically you could apply the same principle to action forms,saving them against a transaction token and then sorting it out in a base class during form.reset() (exceptionally seat-of-pants thinking)) Andrew Hill wrote: oops, yep. Should have specified that. Only for a session mapped actionform will there be a problem. The request ones are of course not affected by the problem. -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Wednesday, 6 August 2003 17:56 To: Struts Users Mailing List Subject: Re: transaction tokens Andrew Hill wrote: I dont believe so. :-( btw Likewise for multiple actionforms (for the same mapping) when you have 1 windows open (such as you might want for editing several records selected from a list in the main window...) /btw what's the problem with that? You mean you have the action form in the session? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: transaction tokens
I have implemented and it works OK, the user can have multiple windows open and within reason use the back / forward buttons. The problem is what do you do if they backup and then take a different action. You need to have some way of recovering the path in a graceful way, without the user loosing to much of the information they may have typed. Edgar -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 5:41 AM To: 'Struts Users Mailing List' Subject: Re: transaction tokens I was thinking there might be a way of controlling transactions by saving all tokens in the session once they are used, and then if it crops up again, not allowing the execution. Would be simple to implement with a hashmap I think. What's the likelihood of 2 transaction tokens being identical, over the course of a user session? (Theoretically you could apply the same principle to action forms,saving them against a transaction token and then sorting it out in a base class during form.reset() (exceptionally seat-of-pants thinking)) Andrew Hill wrote: oops, yep. Should have specified that. Only for a session mapped actionform will there be a problem. The request ones are of course not affected by the problem. -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Wednesday, 6 August 2003 17:56 To: Struts Users Mailing List Subject: Re: transaction tokens Andrew Hill wrote: I dont believe so. :-( btw Likewise for multiple actionforms (for the same mapping) when you have 1 windows open (such as you might want for editing several records selected from a list in the main window...) /btw what's the problem with that? You mean you have the action form in the session? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: transaction tokens
oops, yep. Should have specified that. Only for a session mapped actionform will there be a problem. The request ones are of course not affected by the problem. -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Wednesday, 6 August 2003 17:56 To: Struts Users Mailing List Subject: Re: transaction tokens Andrew Hill wrote: I dont believe so. :-( btw Likewise for multiple actionforms (for the same mapping) when you have 1 windows open (such as you might want for editing several records selected from a list in the main window...) /btw what's the problem with that? You mean you have the action form in the session? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
using Tokens with Tiles
I'm trying to prevent the user from submitting a form and then doing a refresh and unknowingly submitting it twice. I've read the about Struts support for tokens, and I understand how to use it when an action is called before the form is displayed. But in my case no action is called before the form is displayed and I don't know where to call saveToken(request). Is it possible to use a token in this situation? If not is there another approach I can use? Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: using Tokens with Tiles
You should ALWAYS use an action to display a page. I know lot it looks simplier to use JSP URL instead of defining a new action in struts-config... But in your case you see that not using the controler brings you to duplicate submit problems. Nico. I'm trying to prevent the user from submitting a form and then doing a refresh and unknowingly submitting it twice. I've read the about Struts support for tokens, and I understand how to use it when an action is called before the form is displayed. But in my case no action is called before the form is displayed and I don't know where to call saveToken(request). Is it possible to use a token in this situation? If not is there another approach I can use? Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using Tokens with Tiles
Not sure if its possible (probably not). In any case Id strongly suggest you make the effort to put actions before your JSPs as a matter of course - even if they do next to nothing! Its considered better (best?) practice for a variety of reasons (especially if your also using submodules) - and is also useful in situations like this to do some logics before hitting the view... You could always have just a single BasicAction class that merely sets a token and forwards to the jsp - and reuse this action class in the various mappings wherever a less generic one isnt required. -Original Message- From: Michael Mattox [mailto:[EMAIL PROTECTED] Sent: Tuesday, 25 March 2003 22:37 To: Struts Users Mailing List Subject: using Tokens with Tiles I'm trying to prevent the user from submitting a form and then doing a refresh and unknowingly submitting it twice. I've read the about Struts support for tokens, and I understand how to use it when an action is called before the form is displayed. But in my case no action is called before the form is displayed and I don't know where to call saveToken(request). Is it possible to use a token in this situation? If not is there another approach I can use? Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using Tokens with Tiles
I'm using Tiles to display the pages, with the Tiles forward.do action passing in the def parameter: http://localhost:8080/webapp/forward.do?def=main I guess I could add a Struts action for every tile definition but I really like there has to be a better way! -Original Message- From: Nicolas De Loof [mailto:[EMAIL PROTECTED] Sent: mardi 25 mars 2003 15:45 To: Struts Users Mailing List Subject: Re: using Tokens with Tiles You should ALWAYS use an action to display a page. I know lot it looks simplier to use JSP URL instead of defining a new action in struts-config... But in your case you see that not using the controler brings you to duplicate submit problems. Nico. I'm trying to prevent the user from submitting a form and then doing a refresh and unknowingly submitting it twice. I've read the about Struts support for tokens, and I understand how to use it when an action is called before the form is displayed. But in my case no action is called before the form is displayed and I don't know where to call saveToken(request). Is it possible to use a token in this situation? If not is there another approach I can use? Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using Tokens with Tiles
I would actually like to see an example of this if you have some. _ Thank You Mick Knutson Sr. Designer - Project Trust aUBS AG, Financial - Zürich Office: +41 (0)1/234.42.75 Internal: 48194 Mobile: 079.726.14.26 _ -Original Message- From: Michael Mattox [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 3:37 PM To: Struts Users Mailing List Subject: using Tokens with Tiles I'm trying to prevent the user from submitting a form and then doing a refresh and unknowingly submitting it twice. I've read the about Struts support for tokens, and I understand how to use it when an action is called before the form is displayed. But in my case no action is called before the form is displayed and I don't know where to call saveToken(request). Is it possible to use a token in this situation? If not is there another approach I can use? Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using Tokens with Tiles
Source code example I mean. _ Thank You Mick Knutson Sr. Designer - Project Trust aUBS AG, Financial - Zürich Office: +41 (0)1/234.42.75 Internal: 48194 Mobile: 079.726.14.26 _ -Original Message- From: Knutson, Mick Sent: Tuesday, March 25, 2003 3:50 PM To: [EMAIL PROTECTED] Subject: RE: using Tokens with Tiles I would actually like to see an example of this if you have some. _ Thank You Mick Knutson Sr. Designer - Project Trust aUBS AG, Financial - Zürich Office: +41 (0)1/234.42.75 Internal: 48194 Mobile: 079.726.14.26 _ -Original Message- From: Michael Mattox [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 3:37 PM To: Struts Users Mailing List Subject: using Tokens with Tiles I'm trying to prevent the user from submitting a form and then doing a refresh and unknowingly submitting it twice. I've read the about Struts support for tokens, and I understand how to use it when an action is called before the form is displayed. But in my case no action is called before the form is displayed and I don't know where to call saveToken(request). Is it possible to use a token in this situation? If not is there another approach I can use? Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using Tokens with Tiles
You could always have just a single BasicAction class that merely sets a token and forwards to the jsp - and reuse this action class in the various mappings wherever a less generic one isnt required. That's what I'm doing with the Tiles forward action. Maybe I should subclass it and do a saveToken instead? Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using Tokens with Tiles
But if you do it with an action, you only have to change those declarations in one place, not every place that it is used. Plus, it looks cleaner to the user with a friendly URL. _ Thank You Mick Knutson Sr. Designer - Project Trust aUBS AG, Financial - Zürich Office: +41 (0)1/234.42.75 Internal: 48194 Mobile: 079.726.14.26 _ -Original Message- From: Michael Mattox [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 3:50 PM To: Struts Users Mailing List Subject: RE: using Tokens with Tiles I'm using Tiles to display the pages, with the Tiles forward.do action passing in the def parameter: http://localhost:8080/webapp/forward.do?def=main I guess I could add a Struts action for every tile definition but I really like there has to be a better way! -Original Message- From: Nicolas De Loof [mailto:[EMAIL PROTECTED] Sent: mardi 25 mars 2003 15:45 To: Struts Users Mailing List Subject: Re: using Tokens with Tiles You should ALWAYS use an action to display a page. I know lot it looks simplier to use JSP URL instead of defining a new action in struts-config... But in your case you see that not using the controler brings you to duplicate submit problems. Nico. I'm trying to prevent the user from submitting a form and then doing a refresh and unknowingly submitting it twice. I've read the about Struts support for tokens, and I understand how to use it when an action is called before the form is displayed. But in my case no action is called before the form is displayed and I don't know where to call saveToken(request). Is it possible to use a token in this situation? If not is there another approach I can use? Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using Tokens with Tiles
Good point. (Im not a tile user myself so forgot about that one). Subclassing would probably be the way to go. Just set the token in execute and then call super.excecute() and should work. (Not that Ive tried mind you!) -Original Message- From: Michael Mattox [mailto:[EMAIL PROTECTED] Sent: Tuesday, 25 March 2003 22:54 To: Struts Users Mailing List Subject: RE: using Tokens with Tiles You could always have just a single BasicAction class that merely sets a token and forwards to the jsp - and reuse this action class in the various mappings wherever a less generic one isnt required. That's what I'm doing with the Tiles forward action. Maybe I should subclass it and do a saveToken instead? Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: using Tokens with Tiles
I you want to keep this URL style, you should extend [forward.do]Action (I don't know the class name) to set a token, and define a new mapping in struts-config.xml setTokenAndForward.do that you can use the same way on page that need a token to be set : http://localhost:8080/webapp/setTokenAndForward.do?def=main Nico. I'm using Tiles to display the pages, with the Tiles forward.do action passing in the def parameter: http://localhost:8080/webapp/forward.do?def=main I guess I could add a Struts action for every tile definition but I really like there has to be a better way! -Original Message- From: Nicolas De Loof [mailto:[EMAIL PROTECTED] Sent: mardi 25 mars 2003 15:45 To: Struts Users Mailing List Subject: Re: using Tokens with Tiles You should ALWAYS use an action to display a page. I know lot it looks simplier to use JSP URL instead of defining a new action in struts-config... But in your case you see that not using the controler brings you to duplicate submit problems. Nico. I'm trying to prevent the user from submitting a form and then doing a refresh and unknowingly submitting it twice. I've read the about Struts support for tokens, and I understand how to use it when an action is called before the form is displayed. But in my case no action is called before the form is displayed and I don't know where to call saveToken(request). Is it possible to use a token in this situation? If not is there another approach I can use? Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using Tokens with Tiles
But if you do it with an action, you only have to change those declarations in one place, not every place that it is used. if I need to change it I can change the Tile definition, I wouldn't need to change it every place it's used. Plus, it looks cleaner to the user with a friendly URL. You're right about this but imagine a site with 100's of JSPs and how big the struts-config file would be if every one of them needed an Action. To me it's a huge maintenance problem. Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using Tokens with Tiles
There was a thread last week that talked about seperating items in the struts-config.xml, could this work to reduce the sheer volume with that sized site? _ Thank You Mick Knutson Sr. Designer - Project Trust aUBS AG, Financial - Zürich Office: +41 (0)1/234.42.75 Internal: 48194 Mobile: 079.726.14.26 _ -Original Message- From: Michael Mattox [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 4:01 PM To: Struts Users Mailing List Subject: RE: using Tokens with Tiles But if you do it with an action, you only have to change those declarations in one place, not every place that it is used. if I need to change it I can change the Tile definition, I wouldn't need to change it every place it's used. Plus, it looks cleaner to the user with a friendly URL. You're right about this but imagine a site with 100's of JSPs and how big the struts-config file would be if every one of them needed an Action. To me it's a huge maintenance problem. Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using Tokens with Tiles
How would this differ from just creating a ServletFilter then? setTokenAndForward.do _ Thank You Mick Knutson Sr. Designer - Project Trust aUBS AG, Financial - Zürich Office: +41 (0)1/234.42.75 Internal: 48194 Mobile: 079.726.14.26 _ -Original Message- From: Nicolas De Loof [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 4:00 PM To: Struts Users Mailing List Subject: Re: using Tokens with Tiles I you want to keep this URL style, you should extend [forward.do]Action (I don't know the class name) to set a token, and define a new mapping in struts-config.xml setTokenAndForward.do that you can use the same way on page that need a token to be set : http://localhost:8080/webapp/setTokenAndForward.do?def=main Nico. I'm using Tiles to display the pages, with the Tiles forward.do action passing in the def parameter: http://localhost:8080/webapp/forward.do?def=main I guess I could add a Struts action for every tile definition but I really like there has to be a better way! -Original Message- From: Nicolas De Loof [mailto:[EMAIL PROTECTED] Sent: mardi 25 mars 2003 15:45 To: Struts Users Mailing List Subject: Re: using Tokens with Tiles You should ALWAYS use an action to display a page. I know lot it looks simplier to use JSP URL instead of defining a new action in struts-config... But in your case you see that not using the controler brings you to duplicate submit problems. Nico. I'm trying to prevent the user from submitting a form and then doing a refresh and unknowingly submitting it twice. I've read the about Struts support for tokens, and I understand how to use it when an action is called before the form is displayed. But in my case no action is called before the form is displayed and I don't know where to call saveToken(request). Is it possible to use a token in this situation? If not is there another approach I can use? Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using Tokens with Tiles
the token methods are struts methods, so they need to be called inside actions. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: mardi 25 mars 2003 16:09 To: [EMAIL PROTECTED] Subject: RE: using Tokens with Tiles How would this differ from just creating a ServletFilter then? setTokenAndForward.do _ Thank You Mick Knutson Sr. Designer - Project Trust aUBS AG, Financial - Zürich Office: +41 (0)1/234.42.75 Internal: 48194 Mobile: 079.726.14.26 _ -Original Message- From: Nicolas De Loof [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 4:00 PM To: Struts Users Mailing List Subject: Re: using Tokens with Tiles I you want to keep this URL style, you should extend [forward.do]Action (I don't know the class name) to set a token, and define a new mapping in struts-config.xml setTokenAndForward.do that you can use the same way on page that need a token to be set : http://localhost:8080/webapp/setTokenAndForward.do?def=main Nico. I'm using Tiles to display the pages, with the Tiles forward.do action passing in the def parameter: http://localhost:8080/webapp/forward.do?def=main I guess I could add a Struts action for every tile definition but I really like there has to be a better way! -Original Message- From: Nicolas De Loof [mailto:[EMAIL PROTECTED] Sent: mardi 25 mars 2003 15:45 To: Struts Users Mailing List Subject: Re: using Tokens with Tiles You should ALWAYS use an action to display a page. I know lot it looks simplier to use JSP URL instead of defining a new action in struts-config... But in your case you see that not using the controler brings you to duplicate submit problems. Nico. I'm trying to prevent the user from submitting a form and then doing a refresh and unknowingly submitting it twice. I've read the about Struts support for tokens, and I understand how to use it when an action is called before the form is displayed. But in my case no action is called before the form is displayed and I don't know where to call saveToken(request). Is it possible to use a token in this situation? If not is there another approach I can use? Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using Tokens with Tiles
The class is DefinitionDispatcherWithTokenAction and it's FINAL!! Ugh. So much for extending it. -Original Message- From: Nicolas De Loof [mailto:[EMAIL PROTECTED] Sent: mardi 25 mars 2003 16:00 To: Struts Users Mailing List Subject: Re: using Tokens with Tiles I you want to keep this URL style, you should extend [forward.do]Action (I don't know the class name) to set a token, and define a new mapping in struts-config.xml setTokenAndForward.do that you can use the same way on page that need a token to be set : http://localhost:8080/webapp/setTokenAndForward.do?def=main Nico. I'm using Tiles to display the pages, with the Tiles forward.do action passing in the def parameter: http://localhost:8080/webapp/forward.do?def=main I guess I could add a Struts action for every tile definition but I really like there has to be a better way! -Original Message- From: Nicolas De Loof [mailto:[EMAIL PROTECTED] Sent: mardi 25 mars 2003 15:45 To: Struts Users Mailing List Subject: Re: using Tokens with Tiles You should ALWAYS use an action to display a page. I know lot it looks simplier to use JSP URL instead of defining a new action in struts-config... But in your case you see that not using the controler brings you to duplicate submit problems. Nico. I'm trying to prevent the user from submitting a form and then doing a refresh and unknowingly submitting it twice. I've read the about Struts support for tokens, and I understand how to use it when an action is called before the form is displayed. But in my case no action is called before the form is displayed and I don't know where to call saveToken(request). Is it possible to use a token in this situation? If not is there another approach I can use? Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Transaction Tokens
Hi all, I really did not found any answer to this simple question: How do we use the transaction token mechanism? How to avoid the double submit problem ? Tanks, Alban. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager at postmaster.eim.ch. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Transaction Tokens
Search list archive. Answers are there. I remember I even posted my code snippet. -Original Message- From: Alban Soupper [mailto:[EMAIL PROTECTED] Sent: March 4, 2003 9:25 AM To: Struts Users Mailing List (E-mail) Subject: Transaction Tokens Hi all, I really did not found any answer to this simple question: How do we use the transaction token mechanism? How to avoid the double submit problem ? Tanks, Alban. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager at postmaster.eim.ch. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Transaction Tokens
The struts-example webapp uses tokens and the Action class' javadoc is informative. David From: Alban Soupper [EMAIL PROTECTED] Reply-To: Struts Users Mailing List [EMAIL PROTECTED] To: Struts Users Mailing List (E-mail) [EMAIL PROTECTED] Subject: Transaction Tokens Date: Tue, 4 Mar 2003 15:24:32 +0100 Hi all, I really did not found any answer to this simple question: How do we use the transaction token mechanism? How to avoid the double submit problem ? Tanks, Alban. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager at postmaster.eim.ch. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Question using transactional tokens
Dear struts people !
What am i doing wrong - must be some sort of double submit, but why ?
Let me sketch my problem to you - using for the first time transactional
tokens, i have the following setup :
1. in my jsp :
html:form action=/parameter
.
html:link page='' onclick=submitSelect('save') transaction='true'
styleClass=button
bean:message key=label.buttons.WF.submit/
/html:link
...
/html:form
2. where submitSelect is a javascript function:
function submitSelect(method) {
document.forms[0].method.value = method;
document.forms[0].submit();
}
3. and in my action class subclassing dispatch action there is method
save().
Following strange behaviour (to me) occurs :
1.) having beakpoint inside save(...) method in action class shows it
hit the right method and is working.
2.) but after return mapping.findForward(WF_PARAMETER_CHOOSE); from
my action, struts complains with status 404 :
message Request[/parameter] does not contain handler parameter
named method
description The request sent by the client was syntactically
incorrect (Request[/parameter] does not contain handler parameter named
method).
3.)it worked before deciding to use transactional tokens with :
html:link
href=javascript:submitSelect('save') styleClass=button
bean:message
key=label.buttons.WF.save/
/html:link
So your help is appreciated, thanks Jörg
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Question using transactional tokens
I had a problem where if i declared a hidden field like:
html:hidden name=foo ...
and in java script i write a function
function tryit ( foo ) {
document.forms[0].foo.value = foo;
the value of foo would be an object that represents the
hidden field foo, not the value passed in in the argument
I fixed it by rewriting the function
function tryit ( bar ) {
document.forms[0].foo.value = bar;
im not sure - but this could be a problem for you.
-Original Message-
From: Jörg Maurer [mailto:[EMAIL PROTECTED]
Sent: Saturday, March 01, 2003 8:21 AM
To: Struts Users Mailing List (E-mail)
Subject: Question using transactional tokens
Dear struts people !
What am i doing wrong - must be some sort of double submit, but why ?
Let me sketch my problem to you - using for the first time transactional
tokens, i have the following setup :
1. in my jsp :
html:form action=/parameter
.
html:link page='' onclick=submitSelect('save') transaction='true'
styleClass=button
bean:message key=label.buttons.WF.submit/
/html:link
...
/html:form
2. where submitSelect is a javascript function:
function submitSelect(method) {
document.forms[0].method.value = method;
document.forms[0].submit();
}
3. and in my action class subclassing dispatch action there is method
save().
Following strange behaviour (to me) occurs :
1.) having beakpoint inside save(...) method in action class shows it
hit the right method and is working.
2.) but after return mapping.findForward(WF_PARAMETER_CHOOSE); from
my action, struts complains with status 404 :
message Request[/parameter] does not contain handler parameter
named method
description The request sent by the client was syntactically
incorrect (Request[/parameter] does not contain handler parameter named
method).
3.)it worked before deciding to use transactional tokens with :
html:link
href=javascript:submitSelect('save') styleClass=button
bean:message
key=label.buttons.WF.save/
/html:link
So your help is appreciated, thanks Jörg
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Application Flow with Transaction Tokens?
I just checked the book. His approach is to just throw a servlet exception when a sensitive form is resubmitted. I believe what Greg wants is a way to display the results just as if the second submition did not occur. -Original Message- From: DUBCHAK, JOHN (SBCSI) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 3:54 PM To: 'Struts Users Mailing List' Subject: RE: Application Flow with Transaction Tokens? David Geary presented something similar to this in his Advanced JavaServer Pages book. It was implemented on top of his custom Model-2 implementation but in truth could be easily adapted for use within your own environment. I don't have the book here with me at work, otherwise I would provide greater detail and a page reference. HTH, John -Original Message- From: Ted Husted [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 2:45 PM To: [EMAIL PROTECTED] Subject: Re: Application Flow with Transaction Tokens? Greg Hess writes: I would like to ignore the fact that the double submit happened and just display the proper receipt. Should I forward the user to a transaction already processed page they will loose their proper receipt and never visually receive the receipt as I also send it by e-mail. I don't really have any practical advice, but I did want to mention that I've always wondered about the best way to resolve this sort of thing. So far my own double-submit cases have not involved a long-running process, and have been easy to resolve with an message page. If you come up with a solution for the long-processing scenario that you like, be sure to let us know. I'd like to see a how-to regarding this in documentation area. It's definately a thorny problem. -Ted. -- Ted Husted, Struts in Action http://husted.com/struts/book.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Application Flow with Transaction Tokens?
Hi All, I have implemented a solution that I like to handle a TimeConsumingRequest(TCR). I have build a Thread that performs the TCR. This thread also provides methods to retrieve the status of the process and the result bean of the process. //Returns true while the TCR is processing false when done public boolean isProcessing(); //Returns true when processing is completed public boolean isComplete() //When the TCR is done I need the result information to display public Result getResult(); My action builds the thread and launches it. I then bind the thread to the session and I forward my user to the result page. Requests that come in to my action that contain invalid tokens are just directed to the result.jsp. This way my user is not stuck on their input form while waiting for the result which is sure to cause a second submit and is not user friendly. My result.jsp checks to see if the thread is still processing if so it displays a please wait prompt and sets the pages header to refresh in Xsec else it gets the Thread.Result and displays to the user. This solution involves a scriplet that performs response.setHeader(Refresh, 10). I dislike scriplets so I am building a custom tag to handle my TCR. It will look like this: !--What to display while the transaction is processing name: name of the Thread bound to the session property: method that returns a boolean value indicatingstate pollingInterval:The refresh interval set in the pages headermax:Max number of polls. If isProcessing returns true tag sets response.setHeader(Refresh, 10); and a counter in the session for the max count to avoid endless polling. -- tcr:isProcessing name=transactionWorker property=isProcessing pollingInterval=10 max=3 Please wait, your request is being processed. /tcr:isProcessing !-- What to display when the trasaction is complete -- tcr:isComplete name=transactionWorker property=isComplete bean:write name=transactionWorker property=result.authCode scope=session/ /tcr:isComplete What do you all think about this? Greg -Original Message- From: Jerome Jacobsen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 9:58 AM To: Struts Users Mailing List Subject: RE: Application Flow with Transaction Tokens? I just checked the book. His approach is to just throw a servlet exception when a sensitive form is resubmitted. I believe what Greg wants is a way to display the results just as if the second submition did not occur. -Original Message- From: DUBCHAK, JOHN (SBCSI) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 3:54 PM To: 'Struts Users Mailing List' Subject: RE: Application Flow with Transaction Tokens? David Geary presented something similar to this in his Advanced JavaServer Pages book. It was implemented on top of his custom Model-2 implementation but in truth could be easily adapted for use within your own environment. I don't have the book here with me at work, otherwise I would provide greater detail and a page reference. HTH, John -Original Message- From: Ted Husted [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 2:45 PM To: [EMAIL PROTECTED] Subject: Re: Application Flow with Transaction Tokens? Greg Hess writes: I would like to ignore the fact that the double submit happened and just display the proper receipt. Should I forward the user to a transaction already processed page they will loose their proper receipt and never visually receive the receipt as I also send it by e-mail. I don't really have any practical advice, but I did want to mention that I've always wondered about the best way to resolve this sort of thing. So far my own double-submit cases have not involved a long-running process, and have been easy to resolve with an message page. If you come up with a solution for the long-processing scenario that you like, be sure to let us know. I'd like to see a how-to regarding this in documentation area. It's definately a thorny problem. -Ted. -- Ted Husted, Struts in Action http://husted.com/struts/book.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
Application Flow with Transaction Tokens?
Hi All, I am building an e-commerce module. The flow of the application is as follows: PaymentForm -- ProcessPayment -- Receipt=Success //End Or PaymentForm -- ProcessPayment -- Receipt=Error -- PaymentForm The PaymentForm is loaded with a transaction control token to avoid a double click of the submit button. The PaymentForm also implements a JavaScript strategy that involves a submit flag, once submitted all subsequent submit events are ignored and display a Pleas Wait popup window. So should my user have JavaScript enabled my process payment Action should never encounter an invalid token. My problem lies when the client does not have JavaScript enabled and my Action encounters an invalid token. At this point the user must be presented with a receipt either stating success or failure with the financial transaction. I would like to ignore the fact that the double submit happened and just display the proper receipt. Should I forward the user to a transaction already processed page they will loose their proper receipt and never visually receive the receipt as I also send it by e-mail. I can see a couple solutions and would like some input on my ideas or new strategies others have used. 1) Set the form target to be _blank so a new window will appear for every submit. This works fine in that the client will receive an new window for each submit, one stating the proper receipt, one stating the transaction has already been processed. The only thing I dislike with this strategy is that on receipt error the client clicks back to correct the error and we have this rogue window in the background somewhere. 2) Have the process payment Action populate the session with a bean containing the receipt info. If the process payment Action encounters an invalid Token just wait until the previous submit thread populates the session with the receipt bean and then forward to the receipt page. I like this strategy but am not sure if it is proper to have one thread dependant on another thread to populate the session with the bean and if there might be other complications that might arise from this strategy. Many thanks for your time, Greg
Re: Application Flow with Transaction Tokens?
Greg Hess writes: I would like to ignore the fact that the double submit happened and just display the proper receipt. Should I forward the user to a transaction already processed page they will loose their proper receipt and never visually receive the receipt as I also send it by e-mail. I don't really have any practical advice, but I did want to mention that I've always wondered about the best way to resolve this sort of thing. So far my own double-submit cases have not involved a long-running process, and have been easy to resolve with an message page. If you come up with a solution for the long-processing scenario that you like, be sure to let us know. I'd like to see a how-to regarding this in documentation area. It's definately a thorny problem. -Ted. -- Ted Husted, Struts in Action http://husted.com/struts/book.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Application Flow with Transaction Tokens?
Nobody will like this solution, but I've had to resort to it (as recommended by a coworker). Create a page scope javascript variable, and increment it when the user clicks the button, if it's equal to one , return true, otherwise false. I am fully aware of the shortcomings of javascript (for all the smarties out there who want to shoot it down ;-), but I'm just not smart enough to come up with a better way to force the user to wait until processing is done after clicking a button -Original Message- From: Ted Husted [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 3:45 PM To: [EMAIL PROTECTED] Subject: Re: Application Flow with Transaction Tokens? Greg Hess writes: I would like to ignore the fact that the double submit happened and just display the proper receipt. Should I forward the user to a transaction already processed page they will loose their proper receipt and never visually receive the receipt as I also send it by e-mail. I don't really have any practical advice, but I did want to mention that I've always wondered about the best way to resolve this sort of thing. So far my own double-submit cases have not involved a long-running process, and have been easy to resolve with an message page. If you come up with a solution for the long-processing scenario that you like, be sure to let us know. I'd like to see a how-to regarding this in documentation area. It's definately a thorny problem. -Ted. -- Ted Husted, Struts in Action http://husted.com/struts/book.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Application Flow with Transaction Tokens?
David Geary presented something similar to this in his Advanced JavaServer Pages book. It was implemented on top of his custom Model-2 implementation but in truth could be easily adapted for use within your own environment. I don't have the book here with me at work, otherwise I would provide greater detail and a page reference. HTH, John -Original Message- From: Ted Husted [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 2:45 PM To: [EMAIL PROTECTED] Subject: Re: Application Flow with Transaction Tokens? Greg Hess writes: I would like to ignore the fact that the double submit happened and just display the proper receipt. Should I forward the user to a transaction already processed page they will loose their proper receipt and never visually receive the receipt as I also send it by e-mail. I don't really have any practical advice, but I did want to mention that I've always wondered about the best way to resolve this sort of thing. So far my own double-submit cases have not involved a long-running process, and have been easy to resolve with an message page. If you come up with a solution for the long-processing scenario that you like, be sure to let us know. I'd like to see a how-to regarding this in documentation area. It's definately a thorny problem. -Ted. -- Ted Husted, Struts in Action http://husted.com/struts/book.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Application Flow with Transaction Tokens?
I posted an idea on how to handle this a while back. http://marc.theaimsgroup.com/?l=struts-userm=104404655411300w=2 Like I said in that post, I've never tried it. If you can restrict clients to have Javascript enabled then I think John's solution is the easiest. Since I have the luxury of enforcing Javascript to be enabled John's solution is what I've been using. -Original Message- From: John Espey [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 3:50 PM To: Struts Users Mailing List Subject: RE: Application Flow with Transaction Tokens? Nobody will like this solution, but I've had to resort to it (as recommended by a coworker). Create a page scope javascript variable, and increment it when the user clicks the button, if it's equal to one , return true, otherwise false. I am fully aware of the shortcomings of javascript (for all the smarties out there who want to shoot it down ;-), but I'm just not smart enough to come up with a better way to force the user to wait until processing is done after clicking a button -Original Message- From: Ted Husted [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 3:45 PM To: [EMAIL PROTECTED] Subject: Re: Application Flow with Transaction Tokens? Greg Hess writes: I would like to ignore the fact that the double submit happened and just display the proper receipt. Should I forward the user to a transaction already processed page they will loose their proper receipt and never visually receive the receipt as I also send it by e-mail. I don't really have any practical advice, but I did want to mention that I've always wondered about the best way to resolve this sort of thing. So far my own double-submit cases have not involved a long-running process, and have been easy to resolve with an message page. If you come up with a solution for the long-processing scenario that you like, be sure to let us know. I'd like to see a how-to regarding this in documentation area. It's definately a thorny problem. -Ted. -- Ted Husted, Struts in Action http://husted.com/struts/book.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Application Flow with Transaction Tokens?
We did do the javascript thing on a non-struts project. The only reason it was not so bad was because the js code was put put in one menu include that contained the links and that was that. On our current struts project we use tokens in all our important actions to take care of page re loads and so on. In most cases, the we can return from the method and go to the calling page with a errors message. In addition, we had to synchronize our Session Facade methods. It seems between these two things, the user is prevented from doing any damage. my 0.02 cents. Jerome Jacobsen [EMAIL PROTECTED] on 02/18/2003 03:08:01 PM Please respond to Struts Users Mailing List [EMAIL PROTECTED] To:Struts Users Mailing List [EMAIL PROTECTED] cc: Subject:RE: Application Flow with Transaction Tokens? I posted an idea on how to handle this a while back. http://marc.theaimsgroup.com/?l=struts-userm=104404655411300w=2 Like I said in that post, I've never tried it. If you can restrict clients to have Javascript enabled then I think John's solution is the easiest. Since I have the luxury of enforcing Javascript to be enabled John's solution is what I've been using. -Original Message- From: John Espey [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 3:50 PM To: Struts Users Mailing List Subject: RE: Application Flow with Transaction Tokens? Nobody will like this solution, but I've had to resort to it (as recommended by a coworker). Create a page scope javascript variable, and increment it when the user clicks the button, if it's equal to one , return true, otherwise false. I am fully aware of the shortcomings of javascript (for all the smarties out there who want to shoot it down ;-), but I'm just not smart enough to come up with a better way to force the user to wait until processing is done after clicking a button -Original Message- From: Ted Husted [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 3:45 PM To: [EMAIL PROTECTED] Subject: Re: Application Flow with Transaction Tokens? Greg Hess writes: I would like to ignore the fact that the double submit happened and just display the proper receipt. Should I forward the user to a transaction already processed page they will loose their proper receipt and never visually receive the receipt as I also send it by e-mail. I don't really have any practical advice, but I did want to mention that I've always wondered about the best way to resolve this sort of thing. So far my own double-submit cases have not involved a long-running process, and have been easy to resolve with an message page. If you come up with a solution for the long-processing scenario that you like, be sure to let us know. I'd like to see a how-to regarding this in documentation area. It's definately a thorny problem. -Ted. -- Ted Husted, Struts in Action http://husted.com/struts/book.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
E-commerce flow with Transaction Tokens?
Hi All, I am building an e-commerce module. The flow of the application is as follows: PaymentForm-- ProcessPayment -- Receipt Success //End -- Receipt Error -- Payment Form The PaymentForm is loaded with a transaction control token to avoid a double click of the submit button. The PaymentForm also implements a JavaScript strategy that involves a submit flag, once submitted all subsequent submit events are ignored and display a Pleas Wait popup window. So should my user have JavaScript enabled my process payment Action should never encounter an invalid token. My problem lies when the client does not have JavaScript enabled and my Action encounters an invalid token. At this point the user must be presented with a receipt either stating success or failure with the financial transaction. I would like to ignore the fact that the double submit happened and just display the proper receipt. Should I forward the user to a transaction already processed page they will loose their proper receipt and never visually receive the receipt as I also send it by e-mail. I can see a couple solutions and would like some input on my ideas or new strategies others have used. 1) Set the form target to be _blank so a new window will appear for every submit. This works fine in that the client will receive an new window for each submit, one stating the proper receipt, one stating the transaction has already been processed. The only thing I dislike with this strategy is that on receipt error the client clicks back to correct the error and we have this rogue window in the background somewhere. 2) Have the process payment Action populate the session with a bean containing the receipt info. If the process payment Action encounters an invalid Token just wait until the previous submit thread populates the session with the receipt bean and then forward to the receipt page. I like this strategy but am not sure if it is proper to have one thread dependant on another thread to populate the session with the bean and if there might be other complications that might arise from this strategy. Many thanks for your time, Greg
RE: sturts and tokens, avoid multiple submit example not working
Hi, http://www.mail-archive.com/struts-user@jakarta.apache.org/msg52700.html I just tried this example with struts1.1b2 , and it did not work i got 4.0.4 error for saveRegistration.do Has any one tested it with struts1.1b2 --- James Mitchell [EMAIL PROTECTED] wrote: http://www.mail-archive.com/struts-user@jakarta.apache.org/msg52700.html -- James Mitchell Software Engineer/Struts Evangelist http://www.open-tools.org/ The man who does not read good books has no advantage over the man who cannot read them. - Mark Twain (1835-1910) -Original Message- From: Ashish Kulkarni [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 6:21 PM To: [EMAIL PROTECTED] Subject: sturts and tokens, avoid multiple submit Hi, I want to avoid multiple submit of form, and i remmember i had long ago that some tokens can be used for it, I tried to search net but did not got much info, Does anyone has a code, or tutorial or some info about using tokens, and would like to shore would be highly appreicated, Also has anyone done like a Timer class in swing, to popup a window displaying work in progress message until process is over, and so avoid double submitting. = A$HI$H __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] = A$HI$H __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
using tokens in struts,
Hi, I was trying to get a example which shows how to use tokens in struts, yesterday i got a previous post from this forum, so i tried it and it did not work for me I am using struts1.1b2 Does any one has used token to avoid multiple submits?? if so can u post some example or some article where i can get the info the ose which i got was http://www.mail-archive.com/struts-user@jakarta.apache.org/msg52700.html need help = A$HI$H __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using tokens in struts,
Token works perfect for my app. In my load action, I set token by saveToken(request). In my submit action, I check token by isTokenValid(request); if invalid, I forwards request to an error page. Very simple. Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing -Original Message- From: Ashish Kulkarni [mailto:[EMAIL PROTECTED]] Sent: February 4, 2003 1:57 PM To: [EMAIL PROTECTED] Subject: using tokens in struts, Hi, I was trying to get a example which shows how to use tokens in struts, yesterday i got a previous post from this forum, so i tried it and it did not work for me I am using struts1.1b2 Does any one has used token to avoid multiple submits?? if so can u post some example or some article where i can get the info the ose which i got was http://www.mail-archive.com/struts-user@jakarta.apache.org/msg52700.html need help = A$HI$H __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: using tokens in struts,
The struts-example app that's included with the distro uses tokens. David From: Ashish Kulkarni [EMAIL PROTECTED] Reply-To: Struts Users Mailing List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: using tokens in struts, Date: Tue, 4 Feb 2003 10:57:00 -0800 (PST) Hi, I was trying to get a example which shows how to use tokens in struts, yesterday i got a previous post from this forum, so i tried it and it did not work for me I am using struts1.1b2 Does any one has used token to avoid multiple submits?? if so can u post some example or some article where i can get the info the ose which i got was http://www.mail-archive.com/struts-user@jakarta.apache.org/msg52700.html need help = A$HI$H __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using tokens in struts,
Hi PQ, Suppose this is my scenarion, dispatchTest.do --- update.jsp (on submit) --- doAction.do (on success) --update.jsp dispatchTest.do populates the form bean and passes it to update.jsp , which displays the data for the user to change, and then press submit , which will call doAction class which will update the database and forward the request to update.jsp, So where should i put the saveToken(request) and where should i test isValidToken(request) Also is there some thing i need to define in struts-config.xml for it Ashish --- [EMAIL PROTECTED] wrote: Token works perfect for my app. In my load action, I set token by saveToken(request). In my submit action, I check token by isTokenValid(request); if invalid, I forwards request to an error page. Very simple. Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing -Original Message- From: Ashish Kulkarni [mailto:[EMAIL PROTECTED]] Sent: February 4, 2003 1:57 PM To: [EMAIL PROTECTED] Subject: using tokens in struts, Hi, I was trying to get a example which shows how to use tokens in struts, yesterday i got a previous post from this forum, so i tried it and it did not work for me I am using struts1.1b2 Does any one has used token to avoid multiple submits?? if so can u post some example or some article where i can get the info the ose which i got was http://www.mail-archive.com/struts-user@jakarta.apache.org/msg52700.html need help = A$HI$H __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] = A$HI$H __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using tokens in struts,
In your DispatchTestAction class, after you populate the form bean
(request.setAttribute), call saveToken(request) ;
In your DoAction class, before you submit to database, check token
isTokenValid(request); if valid, continue process and resetToken(request);
otherwise, return a global forward which will forward your request to an
error page.
One thing you might change in your DoAction class is not to reload jsp,
instead, forward to DispatchTestAction class so that DispatchTestAction
class saves a new token for next submission.
I usually use a BaseAction class to save token, check token and reset token.
What my execute method looks like:
if (!validateLogin(request))
return mapping.findForward(getForwardError());
if (!validateTxnToken(mapping, request)) = check token
return mapping.findForward(getForwardError());
if (!validateActionForm(form, request))
return new ActionForward(mapping.getInput());
try
{
ActionForward forward =
performPostValidationAction(mapping, form, request,
response);
handleTxnToken(mapping, request); = save or reset token
return forward;
}
catch (Exception ex)
{
validateInternal(true, err.unexpected, request);
return new ActionForward(mapping.getInput());
}
Regards,
PQ
This Guy Thinks He Knows Everything
This Guy Thinks He Knows What He Is Doing
-Original Message-
From: Ashish Kulkarni [mailto:[EMAIL PROTECTED]]
Sent: February 4, 2003 2:56 PM
To: Struts Users Mailing List
Subject: RE: using tokens in struts,
Hi PQ,
Suppose this is my scenarion,
dispatchTest.do --- update.jsp (on submit) ---
doAction.do (on success) --update.jsp
dispatchTest.do populates the form bean and passes it
to update.jsp , which displays the data for the user
to change, and then press submit , which will call
doAction class which will update the database and
forward the request to update.jsp,
So where should i put the saveToken(request) and where
should i test isValidToken(request)
Also is there some thing i need to define in
struts-config.xml for it
Ashish
--- [EMAIL PROTECTED] wrote:
Token works perfect for my app.
In my load action, I set token by
saveToken(request).
In my submit action, I check token by
isTokenValid(request); if invalid, I
forwards request to an error page.
Very simple.
Regards,
PQ
This Guy Thinks He Knows Everything
This Guy Thinks He Knows What He Is Doing
-Original Message-
From: Ashish Kulkarni
[mailto:[EMAIL PROTECTED]]
Sent: February 4, 2003 1:57 PM
To: [EMAIL PROTECTED]
Subject: using tokens in struts,
Hi,
I was trying to get a example which shows how to use
tokens in struts, yesterday i got a previous post
from
this forum, so i tried it and it did not work for me
I am using struts1.1b2
Does any one has used token to avoid multiple
submits??
if so can u post some example or some article where
i
can get the info
the ose which i got was
http://www.mail-archive.com/struts-user@jakarta.apache.org/msg52700.html
need help
=
A$HI$H
__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up
now.
http://mailplus.yahoo.com
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
=
A$HI$H
__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
sturts and tokens, avoid multiple submit
Hi, I want to avoid multiple submit of form, and i remmember i had long ago that some tokens can be used for it, I tried to search net but did not got much info, Does anyone has a code, or tutorial or some info about using tokens, and would like to shore would be highly appreicated, Also has anyone done like a Timer class in swing, to popup a window displaying work in progress message until process is over, and so avoid double submitting. = A$HI$H __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tokens and set-property
I'd like to use the set-property element of struts-config to tell my action whether to expect a token. For example, I have an action like this: action path=blah... set-property property=useToken value=true/ /action I'm using an abstract action subclass that itself is a superclass to my real actions. It contains a boolean useToken property. I also tries a String but it didn't matter. That property never gets set to what I specify in the struts-config file. Any suggestions? thanks john john gregg Wells Fargo Services Company Minneapolis, MN
RE: tokens and set-property
The set-property applies to the ActionMapping, not the Action. You can subclass ActionMapping and add a useToken property to it. Then the action entity will need the className attribute set to your ActionMapping subclass. action className=com.blah.MyActionMapping path=blah... set-property property=useToken value=true/ /action -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 30, 2003 12:19 PM To: [EMAIL PROTECTED] Subject: tokens and set-property I'd like to use the set-property element of struts-config to tell my action whether to expect a token. For example, I have an action like this: action path=blah... set-property property=useToken value=true/ /action I'm using an abstract action subclass that itself is a superclass to my real actions. It contains a boolean useToken property. I also tries a String but it didn't matter. That property never gets set to what I specify in the struts-config file. Any suggestions? thanks john john gregg Wells Fargo Services Company Minneapolis, MN - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tokens and set-property
Try to utilize the parameter in your action mapping. For loading action, parameter = load; for submission action, parameter = submit. Base action class logic: If parameter is load saveToken(request) If parameter is submit isTokenValid(request) submit resetToken(request) Regards, PQ This Guy Thinks He Knows Everything This Guy Thinks He Knows What He Is Doing -Original Message- From: Jerome Jacobsen [mailto:[EMAIL PROTECTED]] Sent: January 30, 2003 12:28 PM To: Struts Users Mailing List Subject: RE: tokens and set-property The set-property applies to the ActionMapping, not the Action. You can subclass ActionMapping and add a useToken property to it. Then the action entity will need the className attribute set to your ActionMapping subclass. action className=com.blah.MyActionMapping path=blah... set-property property=useToken value=true/ /action -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 30, 2003 12:19 PM To: [EMAIL PROTECTED] Subject: tokens and set-property I'd like to use the set-property element of struts-config to tell my action whether to expect a token. For example, I have an action like this: action path=blah... set-property property=useToken value=true/ /action I'm using an abstract action subclass that itself is a superclass to my real actions. It contains a boolean useToken property. I also tries a String but it didn't matter. That property never gets set to what I specify in the struts-config file. Any suggestions? thanks john john gregg Wells Fargo Services Company Minneapolis, MN - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: where can i download struts-example about using tokens
It is used in the struts-example.war that ships with the binary distribution or you can build your own from the source. If you want to go straight to an example of using tokens, when you deploy the struts-example.war file open your browser and: 1. Log in to the example (the username and password are stored in the database.xml file under /struts-example/WEB-INF/) 2. Go to [Edit your user registration profile] ( At this point you will be at the Current Subscriptions screen ) 3. Open a new browser, using the same session (Ctrl + n for IE, copy paste url in new tab for Mozilla, NN, Phoenix) 4. Now, in the first browser (or tab), [Add] a new subscription (you will be taken back to the Current Subscriptions screen if you filled in the fields correctly) 5. Use the second browser (or tab) to [Add] another subscription 6. Go back to the first browser and click on the Save button Considering the way the example was designed, throughout the workflow of this application, nothing is written to disk until you save from this spot (that's why its a memory database). So, from here we are trying to submit a form which happens to have an old token (the current one is within browser #2 form). When you submit this page, you should see: Validation Error You must correct the following error(s) before proceeding: * Cannot submit this form out of order If you see that message, you have just tested that validation by token is working properly. Now that you know the url's, you can trace into the code (by finding the mappings in the struts-config.xml) and really see what's happening. Good Luck with it!!! -- James Mitchell Software Engineer/Open Source Evangelist http://www.open-tools.org C makes it easy to shoot yourself in the foot; C++ makes it harder, but when you do, it blows away your whole leg. - Bjarne Stroustrup - Original Message - From: Huy Banh [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 31, 2002 2:57 AM Subject: where can i download struts-example about using tokens Hi all, Im a new Struts, can anyone tell me where i can download Struts-Example about using token for testing. Thanks alot, Huy __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
where can i download struts-example about using tokens
Hi all, Im a new Struts, can anyone tell me where i can download Struts-Example about using token for testing. Thanks alot, Huy __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
a question about transaction tokens
I'm wondering how these are used. They're not mentioned in the O'Reilly book
or in the docs. After calling generateToken, do I need to wrap my action's
execute code in an isTokenValid block to check for an existing token?
For example...
execute(...) {
generateToken(request);
if(!isTokenValid(request)) {
// do action stuff
}
else
return ???what???
}
thx
andy
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: a question about transaction tokens
search the mailing list archive for Token mechanism in Struts:
U will find teh answers...a few very good mails...
-Original Message-
From: akriger [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 13, 2002 4:09 PM
To: struts-user
Cc: akriger
Subject: a question about transaction tokens
I'm wondering how these are used. They're not mentioned in the O'Reilly book
or in the docs. After calling generateToken, do I need to wrap my action's
execute code in an isTokenValid block to check for an existing token?
For example...
execute(...) {
generateToken(request);
if(!isTokenValid(request)) {
// do action stuff
}
else
return ???what???
}
thx
andy
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: a question about transaction tokens
i'd love to do that however whenever i text search i get an error 'Text
search not available for this list'. i reported this on the mailing list a
few days ago but got no response.
so, can someone answer my question here?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Friday, December 13, 2002 10:05
To: [EMAIL PROTECTED]
Subject: RE: a question about transaction tokens
search the mailing list archive for Token mechanism in Struts:
U will find teh answers...a few very good mails...
-Original Message-
From: akriger [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 13, 2002 4:09 PM
To: struts-user
Cc: akriger
Subject: a question about transaction tokens
I'm wondering how these are used. They're not mentioned in the O'Reilly book
or in the docs. After calling generateToken, do I need to wrap my action's
execute code in an isTokenValid block to check for an existing token?
For example...
execute(...) {
generateToken(request);
if(!isTokenValid(request)) {
// do action stuff
}
else
return ???what???
}
thx
andy
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: a question about transaction tokens
I've found The Mail Archive's (Marc) search to be most useful. Try
http://marc.theaimsgroup.com/?l=struts-user
Sri
-Original Message-
From: Andy Kriger [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 13, 2002 10:21 AM
To: Struts Users Mailing List
Subject: RE: a question about transaction tokens
i'd love to do that however whenever i text search i get an error 'Text search not
available for this list'. i reported this on the mailing list a few days ago but got
no response.
so, can someone answer my question here?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 13, 2002 10:05
To: [EMAIL PROTECTED]
Subject: RE: a question about transaction tokens
search the mailing list archive for Token mechanism in Struts:
U will find teh answers...a few very good mails...
-Original Message-
From: akriger [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 13, 2002 4:09 PM
To: struts-user
Cc: akriger
Subject: a question about transaction tokens
I'm wondering how these are used. They're not mentioned in the O'Reilly book or in the
docs. After calling generateToken, do I need to wrap my action's execute code in an
isTokenValid block to check for an existing token?
For example...
execute(...) {
generateToken(request);
if(!isTokenValid(request)) {
// do action stuff
}
else
return ???what???
}
thx
andy
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: a question about transaction tokens
To implement is pretty straight forward
Action A -- generate token route to JSP A
JSP A routes to Action B -- In action B call isTokenValid
if you want to continue Token validation call saveToken then
route to JSP C.
JSP C then routes to Action C -- call isTokenValid then call saveToken route to JSP D
If you want to stop validation at anytime call resetToken.
HTH
b-
--- On Fri 12/13, Andy Kriger wrote:From: Andy Kriger [mailto:
[EMAIL PROTECTED]]To: [EMAIL PROTECTED]: Fri, 13 Dec 2002
10:09:27 -0500Subject: a question about transaction tokensI'm wondering how these are
used. They're not mentioned in the O'Reilly bookor in the docs. After calling
generateToken, do I need to wrap my action'sexecute code in an isTokenValid block to
check for an existing token?For example...execute(...)
{ generateToken(request); if(!isTokenValid(request)) { // do action
stuff } else return ???what???}thxandy--To unsubscribe, e-mail: For
additional commands, e-mail:
___
Can a Web portal forever change your life?
Win up to $25 Million on iWon - click here!
RE: a question about transaction tokens
When you say 'In action B' call isTokenValid, do mean wrap action B's code
with an if block. And if you do that, what do you do for else (since you
have to return some kind of ActionForward from the execute method. In this
case, I just want to ignore subsequent clicks to submit the form.
-a
-Original Message-
From: Brian DeLuca [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 13, 2002 10:33
To: [EMAIL PROTECTED]
Subject: RE: a question about transaction tokens
To implement is pretty straight forward
Action A -- generate token route to JSP A
JSP A routes to Action B -- In action B call isTokenValid
if you want to continue Token validation call saveToken then
route to JSP C.
JSP C then routes to Action C -- call isTokenValid then call saveToken
route to JSP D
If you want to stop validation at anytime call resetToken.
HTH
b-
--- On Fri 12/13, Andy Kriger wrote:From: Andy Kriger [mailto:
[EMAIL PROTECTED]]To: [EMAIL PROTECTED]: Fri, 13
Dec 2002 10:09:27 -0500Subject: a question about transaction tokensI'm
wondering how these are used. They're not mentioned in the O'Reilly bookor
in the docs. After calling generateToken, do I need to wrap my
action'sexecute code in an isTokenValid block to check for an existing
token?For example...execute(...) { generateToken(request);
if(!isTokenValid(request)) { // do action stuff } else
return ???what???}thxandy--To unsubscribe, e-mail: For additional
commands, e-mail:
___
Can a Web portal forever change your life?
Win up to $25 Million on iWon - click here!
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tokens - a simple explanation wanted
The basic idea for the use of token is to deny duplicate request submissions. How do we use it? When the user goes to a form for the first time, the saveToken methods needs to be called, this will create a token in the user's session and a matching request token in the request object which will be defined as a hidden parameter on the jsp page. Once the form is submitted, we will need to check whether the request and session token match by calling isTokenValid. This will return true and we now call the saveToken method once again thereby creating a new token in the user's session. If the user now clicks on the browser's back button the hidden (request) parameter on the old jsp page will not match the new session token that has just been created. If the user decides to resubmit the old form we will call the isTokenValid method and it will return false. Struts have created the following token methods. generateToken protected java.lang.String generateToken(javax.servlet.http.HttpServletRequest request) Generate a new transaction token, to be used for enforcing a single request for a particular transaction. Parameters: request - The request we are processing isTokenValid protected boolean isTokenValid(javax.servlet.http.HttpServletRequest request) Return true if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it. Returns false under any of the following circumstances: * No session associated with this request * No transaction token saved in the session * No transaction token included as a request parameter * The included transaction token value does not match the transaction token in the user's session Parameters: request - The servlet request we are processing resetToken protected void resetToken(javax.servlet.http.HttpServletRequest request) Reset the saved transaction token in the user's session. This indicates that transactional token checking will not be needed on the next request that is submitted. Parameters: request - The servlet request we are processing saveToken protected void saveToken(javax.servlet.http.HttpServletRequest request) Save a new transaction token in the user's current session, creating a new session if necessary. Parameters: request - The servlet request we are processing -Original Message- From: David Bolsover [mailto:[EMAIL PROTECTED]] Sent: 06 December 2002 11:04 To: Struts User Subject: Tokens - a simple explanation wanted Hi Can anyone assist with a simple explanation of how Tokens work and their application within the Struts framework? I have read the docs and looked at the examples but still have problems understanding how (or if) Tokens solve the problem that arises when a user uses the browser back button and then re-submits a form for a second time. db -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Tokens - a simple explanation wanted
Hi Can anyone assist with a simple explanation of how Tokens work and their application within the Struts framework? I have read the docs and looked at the examples but still have problems understanding how (or if) Tokens solve the problem that arises when a user uses the browser back button and then re-submits a form for a second time. db -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Did not found doc about Tokens
I post this message because I did not found any doc about the
createToken, isTokenValid, resetToken API.
So I will explain what I understood about it from the struts-exemple
if something is wrong, I would like that someone will say to me
and if there is some doc tell me where ...
The token API is created to avoid that the user
to submlit twice the same form.
It is used with one ActionForm and two Action:
- the SomethingForm which contain the user's input
- the EditSomethingAction which populate the SomethingForm from the DB or
clear all the field if it is a create Case
- the SaveSomethingAction which save the SomethingForm in the DB
To avoid that the user call submit twice the SomethingForm and
save twice the same data in the DB,
the struts framework propse the xxxToken API.
It is used as following
in EditSomethingAction, make a call to createToken(request) and that all !
in SaveSomethingAction, make a call to isTokenValid(request) and
resetToken(request)
as in the following algorithm
if ( ! isTokenValid(request) )
{
/*
* return forward towards an error page
* saying to the user that he has submit twice
* or
* forward toward the succes page if we don't want the user see anithing
*/
}
else
{
/*
* process the save in the DB
*/
if ( allTheSaveHasSucceed )
{
resetToken(request) ;
}
}
You much take care that there is only one token in the session
so that this process can't support nested transactions.
So you should keep simple use of it.
The same API can be used to avoid that the user click twice on
a link by setting the 'transaction' attribute at true of the html:link
tag
the Action called by the link should follow the same process than
SaveSomethingAction
--
To unsubscribe, e-mail: mailto:struts-user-unsubscribe;jakarta.apache.org
For additional commands, e-mail: mailto:struts-user-help;jakarta.apache.org
Did not found doc about Tokens
I post this message because I did not found any doc about the
createToken, isTokenValid, resetToken API.
So I will explain what I understood about it from the struts-exemple
if something is wrong, I would like that someone will say to me
and if there is some doc tell me where ...
The token API is created to avoid that the user
to submlit twice the same form.
It is used with one ActionForm and two Action:
- the SomethingForm which contain the user's input
- the EditSomethingAction which populate the SomethingForm from the DB or
clear all the field if it is a create Case
- the SaveSomethingAction which save the SomethingForm in the DB
To avoid that the user call submit twice the SomethingForm and
save twice the same data in the DB,
the struts framework propse the xxxToken API.
It is used as following
in EditSomethingAction, make a call to createToken(request) and that all !
in SaveSomethingAction, make a call to isTokenValid(request) and
resetToken(request)
as in the following algorithm
if ( ! isTokenValid(request) )
{
/*
* return forward towards an error page
* saying to the user that he has submit twice
* or
* forward toward the succes page if we don't want the user see anithing
*/
}
else
{
/*
* process the save in the DB
*/
if ( allTheSaveHasSucceed )
{
resetToken(request) ;
}
}
You much take care that there is only one token in the session
so that this process can't support nested transactions.
So you should keep simple use of it.
The same API can be used to avoid that the user click twice on
a link by setting the 'transaction' attribute at true of the html:link
tag
the Action called by the link should follow the same process than
SaveSomethingAction
--
To unsubscribe, e-mail: mailto:struts-user-unsubscribe;jakarta.apache.org
For additional commands, e-mail: mailto:struts-user-help;jakarta.apache.org
how to use tokens?
Is there out on the web some description, howto or manual about how to use tokens in struts, and what are they good for? I searched a while, and did not find any resource. Tia, Tib -- To unsubscribe, e-mail: mailto:struts-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:struts-user-help;jakarta.apache.org
Re: [Tokens][2] Where can I find more information....
I think I will do just that. Mind you, then I´ll redirect everyone to my page :-P. Regards, Michael - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, September 10, 2002 4:29 AM Subject: RE: [Tokens][2] Where can I find more information As Mozilla is open source, perhaps you could create an extended version of it that supports your requirements and force your users to use that? ;-) -Original Message- From: Eddie Bush [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 22:22 To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information Unfortunately, there isn't always a non-JavaScript solution ;-) What do you do with requirements that can only be implemented with JavaScript? Regards :-) Eddie Michael Delamere wrote: I don´t quite agree (sorry) because I want to solve the problem without javascript. I hate javascript and always try to do without it :-) Regards, Michael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [Tokens][2] Where can I find more information....
LOL! That's ... that's ... LOL :-) Thanks for the good laugh ;-) Andrew Hill wrote: As Mozilla is open source, perhaps you could create an extended version of it that supports your requirements and force your users to use that? ;-) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
[Tokens] Where can I find more information....
Hi, I posted a thread last week about having caching problems and that my shopping cart was being incremented by 1 everytime somebody refreshed the browser. The answer I got was that one could use tokens. Sounds like a great idea! So I had a look at the struts-example to find out what it´s about but to be honest I don´t understand exactly what is going on. I tried implementing the code almost exactly as it was done there and it keeps on telling me that my token is invalid. The problem I have here is that I don´t know what it means or what I have to do to correct this. 1. Does anyone know where I can find more information on these tokens? 2. Would it not be a good idea to include this in the struts-config action configuration, i.e. token=true? Any help would be really appreciated! Thanks, Michael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [Tokens] Where can I find more information....
ok, I found this which pretty much helped me understand what is going on:
http://www.mail-archive.com/struts-user@jakarta.apache.org/msg35501.html
However I still have a problem:
In my showProductsAction I have the line: saveToken(request);
Then next option would be to click add to cart in which case I would go to
the CartAction accordingly. In my CartAction I check the token:
===
if (isTokenValid(request, true)) {
System.out.println(TOKEN IS VALID);
}
else {
System.out.println(TOKEN IS NO LONGER VALID);
}
===
Is the above code assumption correct or am I misinterpreting something?
Because when I submit add to cart I always jump into the else block!
Regards,
Michael
- Original Message -
From: Michael Delamere [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 9:40 AM
Subject: [Tokens] Where can I find more information
Hi,
I posted a thread last week about having caching problems and that my
shopping cart was being incremented by 1 everytime somebody refreshed the
browser.
The answer I got was that one could use tokens. Sounds like a great idea!
So I had a look at the struts-example to find out what it´s about but to
be
honest I don´t understand exactly what is going on.
I tried implementing the code almost exactly as it was done there and it
keeps on telling me that my token is invalid. The problem I have here is
that I don´t know what it means or what I have to do to correct this.
1. Does anyone know where I can find more information on these tokens?
2. Would it not be a good idea to include this in the struts-config
action
configuration,
i.e. token=true?
Any help would be really appreciated!
Thanks,
Michael
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [Tokens][2] Where can I find more information....
Hope you will excuse me stealing this topic for a related question - I added
a [2] tag to indicate this ;-)
As far as I can see the key under which the token is saved is a constant.
What happens if another browser window is also open on some other form (in
same session) and the user is trying to submit something there to another
action that also users tokens. (This is one of those anoying users who opens
fifty billion windows and does stuff in one window while waiting for
submission / page loading in another window to complete)
Wont the two interfere?
ie:
User fills in form in window A and submits.
While waiting for that to complete, user enters stuff in window B (for a
different form or record) and submits that.
What happens to the tokens here?
btw: heres a copy of the msg Michael refers to in the archive (for those who
havent time to load the web page)
To deal with resubmits, the most important issue is to avoid updating the
database twice when the user accidentally resubmits the same form. Struts
has a feature called transaction control tokens that help you avoid
this, which is very simply used as follows:
* In the Action that sets up your input form (i.e. before you forward
to it), execute the following
saveToken(request)
to save a special value in the user's session that will be used in
the next step.
* In the Action that receives the form and updates the database, add
the following logic before you do the update:
if (isTokenValid(request, true)) {
... this is a resubmit, so go display an error ...
}
The true parameter causes the token to be removed from the session
so that it doesn't interfere with subsequent form submits.
This way, the submit will work the first time, but fail on any accidental
or on-purpose resubmit, and you avoid adding the information to the
database twice. It also prevents the user from navigating directly to the
myDB.do URL without going through your normal setup actions -- because
the transaction token would not have been placed in the session, so the
isTokenValid() test would fail.
Craig
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 17:25
To: Struts Users Mailing List
Subject: Re: [Tokens] Where can I find more information
ok, I found this which pretty much helped me understand what is going on:
http://www.mail-archive.com/struts-user@jakarta.apache.org/msg35501.html
However I still have a problem:
In my showProductsAction I have the line: saveToken(request);
Then next option would be to click add to cart in which case I would go to
the CartAction accordingly. In my CartAction I check the token:
===
if (isTokenValid(request, true)) {
System.out.println(TOKEN IS VALID);
}
else {
System.out.println(TOKEN IS NO LONGER VALID);
}
===
Is the above code assumption correct or am I misinterpreting something?
Because when I submit add to cart I always jump into the else block!
Regards,
Michael
- Original Message -
From: Michael Delamere [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 9:40 AM
Subject: [Tokens] Where can I find more information
Hi,
I posted a thread last week about having caching problems and that my
shopping cart was being incremented by 1 everytime somebody refreshed the
browser.
The answer I got was that one could use tokens. Sounds like a great idea!
So I had a look at the struts-example to find out what it´s about but to
be
honest I don´t understand exactly what is going on.
I tried implementing the code almost exactly as it was done there and it
keeps on telling me that my token is invalid. The problem I have here is
that I don´t know what it means or what I have to do to correct this.
1. Does anyone know where I can find more information on these tokens?
2. Would it not be a good idea to include this in the struts-config
action
configuration,
i.e. token=true?
Any help would be really appreciated!
Thanks,
Michael
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [Tokens][2] Where can I find more information....
Hi Andrew,
The generateToken method in Action.java generates a unique token each time
saveToken is called.
Jon Ridgway
-Original Message-
From: Andrew Hill [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 10:23
To: Struts Users Mailing List
Subject: RE: [Tokens][2] Where can I find more information
Hope you will excuse me stealing this topic for a related question - I added
a [2] tag to indicate this ;-)
As far as I can see the key under which the token is saved is a constant.
What happens if another browser window is also open on some other form (in
same session) and the user is trying to submit something there to another
action that also users tokens. (This is one of those anoying users who opens
fifty billion windows and does stuff in one window while waiting for
submission / page loading in another window to complete)
Wont the two interfere?
ie:
User fills in form in window A and submits.
While waiting for that to complete, user enters stuff in window B (for a
different form or record) and submits that.
What happens to the tokens here?
btw: heres a copy of the msg Michael refers to in the archive (for those who
havent time to load the web page)
To deal with resubmits, the most important issue is to avoid updating the
database twice when the user accidentally resubmits the same form. Struts
has a feature called transaction control tokens that help you avoid
this, which is very simply used as follows:
* In the Action that sets up your input form (i.e. before you forward
to it), execute the following
saveToken(request)
to save a special value in the user's session that will be used in
the next step.
* In the Action that receives the form and updates the database, add
the following logic before you do the update:
if (isTokenValid(request, true)) {
... this is a resubmit, so go display an error ...
}
The true parameter causes the token to be removed from the session
so that it doesn't interfere with subsequent form submits.
This way, the submit will work the first time, but fail on any accidental
or on-purpose resubmit, and you avoid adding the information to the
database twice. It also prevents the user from navigating directly to the
myDB.do URL without going through your normal setup actions -- because
the transaction token would not have been placed in the session, so the
isTokenValid() test would fail.
Craig
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 17:25
To: Struts Users Mailing List
Subject: Re: [Tokens] Where can I find more information
ok, I found this which pretty much helped me understand what is going on:
http://www.mail-archive.com/struts-user@jakarta.apache.org/msg35501.html
However I still have a problem:
In my showProductsAction I have the line: saveToken(request);
Then next option would be to click add to cart in which case I would go to
the CartAction accordingly. In my CartAction I check the token:
===
if (isTokenValid(request, true)) {
System.out.println(TOKEN IS VALID);
}
else {
System.out.println(TOKEN IS NO LONGER VALID);
}
===
Is the above code assumption correct or am I misinterpreting something?
Because when I submit add to cart I always jump into the else block!
Regards,
Michael
- Original Message -
From: Michael Delamere [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 9:40 AM
Subject: [Tokens] Where can I find more information
Hi,
I posted a thread last week about having caching problems and that my
shopping cart was being incremented by 1 everytime somebody refreshed the
browser.
The answer I got was that one could use tokens. Sounds like a great idea!
So I had a look at the struts-example to find out what it´s about but to
be
honest I don´t understand exactly what is going on.
I tried implementing the code almost exactly as it was done there and it
keeps on telling me that my token is invalid. The problem I have here is
that I don´t know what it means or what I have to do to correct this.
1. Does anyone know where I can find more information on these tokens?
2. Would it not be a good idea to include this in the struts-config
action
configuration,
i.e. token=true?
Any help would be really appreciated!
Thanks,
Michael
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
The contents of this email are intended only for the named addressees and
may contain confidential and/or privileged material. If received in error
please contact UPCO on +44 (0) 113 201
RE: [Tokens][2] Where can I find more information....
Hi Andrew,
Read your post properly this time; umm good point the same key is used and
one would over right the over, invalidating the first... So yes it looks
like they would interfere...
Jon Ridgway
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 11:00
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
The generateToken method in Action.java generates a unique token each time
saveToken is called.
Jon Ridgway
-Original Message-
From: Andrew Hill [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 10:23
To: Struts Users Mailing List
Subject: RE: [Tokens][2] Where can I find more information
Hope you will excuse me stealing this topic for a related question - I added
a [2] tag to indicate this ;-)
As far as I can see the key under which the token is saved is a constant.
What happens if another browser window is also open on some other form (in
same session) and the user is trying to submit something there to another
action that also users tokens. (This is one of those anoying users who opens
fifty billion windows and does stuff in one window while waiting for
submission / page loading in another window to complete)
Wont the two interfere?
ie:
User fills in form in window A and submits.
While waiting for that to complete, user enters stuff in window B (for a
different form or record) and submits that.
What happens to the tokens here?
btw: heres a copy of the msg Michael refers to in the archive (for those who
havent time to load the web page)
To deal with resubmits, the most important issue is to avoid updating the
database twice when the user accidentally resubmits the same form. Struts
has a feature called transaction control tokens that help you avoid
this, which is very simply used as follows:
* In the Action that sets up your input form (i.e. before you forward
to it), execute the following
saveToken(request)
to save a special value in the user's session that will be used in
the next step.
* In the Action that receives the form and updates the database, add
the following logic before you do the update:
if (isTokenValid(request, true)) {
... this is a resubmit, so go display an error ...
}
The true parameter causes the token to be removed from the session
so that it doesn't interfere with subsequent form submits.
This way, the submit will work the first time, but fail on any accidental
or on-purpose resubmit, and you avoid adding the information to the
database twice. It also prevents the user from navigating directly to the
myDB.do URL without going through your normal setup actions -- because
the transaction token would not have been placed in the session, so the
isTokenValid() test would fail.
Craig
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 17:25
To: Struts Users Mailing List
Subject: Re: [Tokens] Where can I find more information
ok, I found this which pretty much helped me understand what is going on:
http://www.mail-archive.com/struts-user@jakarta.apache.org/msg35501.html
However I still have a problem:
In my showProductsAction I have the line: saveToken(request);
Then next option would be to click add to cart in which case I would go to
the CartAction accordingly. In my CartAction I check the token:
===
if (isTokenValid(request, true)) {
System.out.println(TOKEN IS VALID);
}
else {
System.out.println(TOKEN IS NO LONGER VALID);
}
===
Is the above code assumption correct or am I misinterpreting something?
Because when I submit add to cart I always jump into the else block!
Regards,
Michael
- Original Message -
From: Michael Delamere [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 9:40 AM
Subject: [Tokens] Where can I find more information
Hi,
I posted a thread last week about having caching problems and that my
shopping cart was being incremented by 1 everytime somebody refreshed the
browser.
The answer I got was that one could use tokens. Sounds like a great idea!
So I had a look at the struts-example to find out what it´s about but to
be
honest I don´t understand exactly what is going on.
I tried implementing the code almost exactly as it was done there and it
keeps on telling me that my token is invalid. The problem I have here is
that I don´t know what it means or what I have to do to correct this.
1. Does anyone know where I can find more information on these tokens?
2. Would it not be a good idea to include this in the struts-config
action
configuration,
i.e. token=true?
Any help would be really appreciated!
Thanks,
Michael
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED
RE: [Tokens][2] Where can I find more information....
Yep. Thats what I thought. :-(
There are actually quite a few things in struts that seem to have this issue
in relation to constant session keys.
Of course its only a problem if one tries to accomodate multitasking users,
so if users can be trained not to play silly buggers with multiple windows
everything should work fine.
Single browser window seems to be an assumption most struts apps make, but
it would be nice if the framework provided more support for multiple windows
(keeping track of which is quite a nightmare!).
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:09
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
Read your post properly this time; umm good point the same key is used and
one would over right the over, invalidating the first... So yes it looks
like they would interfere...
Jon Ridgway
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 11:00
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
The generateToken method in Action.java generates a unique token each time
saveToken is called.
Jon Ridgway
-Original Message-
From: Andrew Hill [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 10:23
To: Struts Users Mailing List
Subject: RE: [Tokens][2] Where can I find more information
Hope you will excuse me stealing this topic for a related question - I added
a [2] tag to indicate this ;-)
As far as I can see the key under which the token is saved is a constant.
What happens if another browser window is also open on some other form (in
same session) and the user is trying to submit something there to another
action that also users tokens. (This is one of those anoying users who opens
fifty billion windows and does stuff in one window while waiting for
submission / page loading in another window to complete)
Wont the two interfere?
ie:
User fills in form in window A and submits.
While waiting for that to complete, user enters stuff in window B (for a
different form or record) and submits that.
What happens to the tokens here?
btw: heres a copy of the msg Michael refers to in the archive (for those who
havent time to load the web page)
To deal with resubmits, the most important issue is to avoid updating the
database twice when the user accidentally resubmits the same form. Struts
has a feature called transaction control tokens that help you avoid
this, which is very simply used as follows:
* In the Action that sets up your input form (i.e. before you forward
to it), execute the following
saveToken(request)
to save a special value in the user's session that will be used in
the next step.
* In the Action that receives the form and updates the database, add
the following logic before you do the update:
if (isTokenValid(request, true)) {
... this is a resubmit, so go display an error ...
}
The true parameter causes the token to be removed from the session
so that it doesn't interfere with subsequent form submits.
This way, the submit will work the first time, but fail on any accidental
or on-purpose resubmit, and you avoid adding the information to the
database twice. It also prevents the user from navigating directly to the
myDB.do URL without going through your normal setup actions -- because
the transaction token would not have been placed in the session, so the
isTokenValid() test would fail.
Craig
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 17:25
To: Struts Users Mailing List
Subject: Re: [Tokens] Where can I find more information
ok, I found this which pretty much helped me understand what is going on:
http://www.mail-archive.com/struts-user@jakarta.apache.org/msg35501.html
However I still have a problem:
In my showProductsAction I have the line: saveToken(request);
Then next option would be to click add to cart in which case I would go to
the CartAction accordingly. In my CartAction I check the token:
===
if (isTokenValid(request, true)) {
System.out.println(TOKEN IS VALID);
}
else {
System.out.println(TOKEN IS NO LONGER VALID);
}
===
Is the above code assumption correct or am I misinterpreting something?
Because when I submit add to cart I always jump into the else block!
Regards,
Michael
- Original Message -
From: Michael Delamere [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 9:40 AM
Subject: [Tokens] Where can I find more information
Hi,
I posted a thread last week about having caching problems and that my
shopping cart was being incremented by 1 everytime somebody refreshed the
browser.
The answer I got was that one could use tokens. Sounds like a great
Re: [Tokens][2] Where can I find more information....
Of course its only a problem if one tries to accomodate multitasking
users,
so if users can be trained not to play silly buggers with multiple windows
everything should work fine.
Wishful thinking :-)
- Original Message -
From: Andrew Hill [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 12:21 PM
Subject: RE: [Tokens][2] Where can I find more information
Yep. Thats what I thought. :-(
There are actually quite a few things in struts that seem to have this
issue
in relation to constant session keys.
Single browser window seems to be an assumption most struts apps make, but
it would be nice if the framework provided more support for multiple
windows
(keeping track of which is quite a nightmare!).
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:09
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
Read your post properly this time; umm good point the same key is used and
one would over right the over, invalidating the first... So yes it looks
like they would interfere...
Jon Ridgway
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 11:00
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
The generateToken method in Action.java generates a unique token each time
saveToken is called.
Jon Ridgway
-Original Message-
From: Andrew Hill [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 10:23
To: Struts Users Mailing List
Subject: RE: [Tokens][2] Where can I find more information
Hope you will excuse me stealing this topic for a related question - I
added
a [2] tag to indicate this ;-)
As far as I can see the key under which the token is saved is a constant.
What happens if another browser window is also open on some other form (in
same session) and the user is trying to submit something there to another
action that also users tokens. (This is one of those anoying users who
opens
fifty billion windows and does stuff in one window while waiting for
submission / page loading in another window to complete)
Wont the two interfere?
ie:
User fills in form in window A and submits.
While waiting for that to complete, user enters stuff in window B (for a
different form or record) and submits that.
What happens to the tokens here?
btw: heres a copy of the msg Michael refers to in the archive (for those
who
havent time to load the web page)
To deal with resubmits, the most important issue is to avoid updating
the
database twice when the user accidentally resubmits the same form.
Struts
has a feature called transaction control tokens that help you avoid
this, which is very simply used as follows:
* In the Action that sets up your input form (i.e. before you forward
to it), execute the following
saveToken(request)
to save a special value in the user's session that will be used in
the next step.
* In the Action that receives the form and updates the database, add
the following logic before you do the update:
if (isTokenValid(request, true)) {
... this is a resubmit, so go display an error ...
}
The true parameter causes the token to be removed from the session
so that it doesn't interfere with subsequent form submits.
This way, the submit will work the first time, but fail on any
accidental
or on-purpose resubmit, and you avoid adding the information to the
database twice. It also prevents the user from navigating directly to
the
myDB.do URL without going through your normal setup actions -- because
the transaction token would not have been placed in the session, so the
isTokenValid() test would fail.
Craig
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 17:25
To: Struts Users Mailing List
Subject: Re: [Tokens] Where can I find more information
ok, I found this which pretty much helped me understand what is going on:
http://www.mail-archive.com/struts-user@jakarta.apache.org/msg35501.html
However I still have a problem:
In my showProductsAction I have the line: saveToken(request);
Then next option would be to click add to cart in which case I would go
to
the CartAction accordingly. In my CartAction I check the token:
===
if (isTokenValid(request, true)) {
System.out.println(TOKEN IS VALID);
}
else {
System.out.println(TOKEN IS NO LONGER VALID);
}
===
Is the above code assumption correct or am I misinterpreting something?
Because when I submit add to cart I always jump into the else block!
Regards,
Michael
- Original Message -
From: Michael Delamere [EMAIL PROTECTED]
To: Struts Users Mailing
RE: [Tokens][2] Where can I find more information....
I guess the real trick would be to eliminate the users altogether, as they
seem to be the source of most problems.
hehe. Maybe I should try and divert the [OT] JavaScript auto-submit form
thread to this dicussing this idea ;-
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:40
To: Struts Users Mailing List
Subject: Re: [Tokens][2] Where can I find more information
Of course its only a problem if one tries to accomodate multitasking
users,
so if users can be trained not to play silly buggers with multiple windows
everything should work fine.
Wishful thinking :-)
- Original Message -
From: Andrew Hill [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 12:21 PM
Subject: RE: [Tokens][2] Where can I find more information
Yep. Thats what I thought. :-(
There are actually quite a few things in struts that seem to have this
issue
in relation to constant session keys.
Single browser window seems to be an assumption most struts apps make, but
it would be nice if the framework provided more support for multiple
windows
(keeping track of which is quite a nightmare!).
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:09
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
Read your post properly this time; umm good point the same key is used and
one would over right the over, invalidating the first... So yes it looks
like they would interfere...
Jon Ridgway
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 11:00
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
The generateToken method in Action.java generates a unique token each time
saveToken is called.
Jon Ridgway
-Original Message-
From: Andrew Hill [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 10:23
To: Struts Users Mailing List
Subject: RE: [Tokens][2] Where can I find more information
Hope you will excuse me stealing this topic for a related question - I
added
a [2] tag to indicate this ;-)
As far as I can see the key under which the token is saved is a constant.
What happens if another browser window is also open on some other form (in
same session) and the user is trying to submit something there to another
action that also users tokens. (This is one of those anoying users who
opens
fifty billion windows and does stuff in one window while waiting for
submission / page loading in another window to complete)
Wont the two interfere?
ie:
User fills in form in window A and submits.
While waiting for that to complete, user enters stuff in window B (for a
different form or record) and submits that.
What happens to the tokens here?
btw: heres a copy of the msg Michael refers to in the archive (for those
who
havent time to load the web page)
To deal with resubmits, the most important issue is to avoid updating
the
database twice when the user accidentally resubmits the same form.
Struts
has a feature called transaction control tokens that help you avoid
this, which is very simply used as follows:
* In the Action that sets up your input form (i.e. before you forward
to it), execute the following
saveToken(request)
to save a special value in the user's session that will be used in
the next step.
* In the Action that receives the form and updates the database, add
the following logic before you do the update:
if (isTokenValid(request, true)) {
... this is a resubmit, so go display an error ...
}
The true parameter causes the token to be removed from the session
so that it doesn't interfere with subsequent form submits.
This way, the submit will work the first time, but fail on any
accidental
or on-purpose resubmit, and you avoid adding the information to the
database twice. It also prevents the user from navigating directly to
the
myDB.do URL without going through your normal setup actions -- because
the transaction token would not have been placed in the session, so the
isTokenValid() test would fail.
Craig
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 17:25
To: Struts Users Mailing List
Subject: Re: [Tokens] Where can I find more information
ok, I found this which pretty much helped me understand what is going on:
http://www.mail-archive.com/struts-user@jakarta.apache.org/msg35501.html
However I still have a problem:
In my showProductsAction I have the line: saveToken(request);
Then next option would be to click add to cart in which case I would go
to
the CartAction accordingly. In my CartAction I check the token
Re: [Tokens][2] Where can I find more information....
I don´t quite agree (sorry) because I want to solve the problem without
javascript. I hate javascript and always try to do without it :-)
Regards,
Michael
- Original Message -
From: Andrew Hill [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 12:36 PM
Subject: RE: [Tokens][2] Where can I find more information
I guess the real trick would be to eliminate the users altogether, as they
seem to be the source of most problems.
hehe. Maybe I should try and divert the [OT] JavaScript auto-submit form
thread to this dicussing this idea ;-
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:40
To: Struts Users Mailing List
Subject: Re: [Tokens][2] Where can I find more information
Of course its only a problem if one tries to accomodate multitasking
users,
so if users can be trained not to play silly buggers with multiple
windows
everything should work fine.
Wishful thinking :-)
- Original Message -
From: Andrew Hill [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 12:21 PM
Subject: RE: [Tokens][2] Where can I find more information
Yep. Thats what I thought. :-(
There are actually quite a few things in struts that seem to have this
issue
in relation to constant session keys.
Single browser window seems to be an assumption most struts apps make,
but
it would be nice if the framework provided more support for multiple
windows
(keeping track of which is quite a nightmare!).
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:09
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
Read your post properly this time; umm good point the same key is used
and
one would over right the over, invalidating the first... So yes it looks
like they would interfere...
Jon Ridgway
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 11:00
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
The generateToken method in Action.java generates a unique token each
time
saveToken is called.
Jon Ridgway
-Original Message-
From: Andrew Hill [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 10:23
To: Struts Users Mailing List
Subject: RE: [Tokens][2] Where can I find more information
Hope you will excuse me stealing this topic for a related question - I
added
a [2] tag to indicate this ;-)
As far as I can see the key under which the token is saved is a
constant.
What happens if another browser window is also open on some other form
(in
same session) and the user is trying to submit something there to
another
action that also users tokens. (This is one of those anoying users who
opens
fifty billion windows and does stuff in one window while waiting for
submission / page loading in another window to complete)
Wont the two interfere?
ie:
User fills in form in window A and submits.
While waiting for that to complete, user enters stuff in window B (for a
different form or record) and submits that.
What happens to the tokens here?
btw: heres a copy of the msg Michael refers to in the archive (for those
who
havent time to load the web page)
To deal with resubmits, the most important issue is to avoid updating
the
database twice when the user accidentally resubmits the same form.
Struts
has a feature called transaction control tokens that help you avoid
this, which is very simply used as follows:
* In the Action that sets up your input form (i.e. before you forward
to it), execute the following
saveToken(request)
to save a special value in the user's session that will be used in
the next step.
* In the Action that receives the form and updates the database, add
the following logic before you do the update:
if (isTokenValid(request, true)) {
... this is a resubmit, so go display an error ...
}
The true parameter causes the token to be removed from the session
so that it doesn't interfere with subsequent form submits.
This way, the submit will work the first time, but fail on any
accidental
or on-purpose resubmit, and you avoid adding the information to the
database twice. It also prevents the user from navigating directly to
the
myDB.do URL without going through your normal setup actions --
because
the transaction token would not have been placed in the session, so
the
isTokenValid() test would fail.
Craig
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 17:25
To: Struts Users
Re: [Tokens][2] Where can I find more information....
For some reason I always get false when I question if the token is valid!
Can anyone tell me what I´m doing wrong?
Regards,
Michael
- Original Message -
From: Michael Delamere [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 12:57 PM
Subject: Re: [Tokens][2] Where can I find more information
I don´t quite agree (sorry) because I want to solve the problem without
javascript. I hate javascript and always try to do without it :-)
Regards,
Michael
- Original Message -
From: Andrew Hill [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 12:36 PM
Subject: RE: [Tokens][2] Where can I find more information
I guess the real trick would be to eliminate the users altogether, as
they
seem to be the source of most problems.
hehe. Maybe I should try and divert the [OT] JavaScript auto-submit
form
thread to this dicussing this idea ;-
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:40
To: Struts Users Mailing List
Subject: Re: [Tokens][2] Where can I find more information
Of course its only a problem if one tries to accomodate multitasking
users,
so if users can be trained not to play silly buggers with multiple
windows
everything should work fine.
Wishful thinking :-)
- Original Message -
From: Andrew Hill [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 12:21 PM
Subject: RE: [Tokens][2] Where can I find more information
Yep. Thats what I thought. :-(
There are actually quite a few things in struts that seem to have this
issue
in relation to constant session keys.
Single browser window seems to be an assumption most struts apps make,
but
it would be nice if the framework provided more support for multiple
windows
(keeping track of which is quite a nightmare!).
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:09
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
Read your post properly this time; umm good point the same key is used
and
one would over right the over, invalidating the first... So yes it
looks
like they would interfere...
Jon Ridgway
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 11:00
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
The generateToken method in Action.java generates a unique token each
time
saveToken is called.
Jon Ridgway
-Original Message-
From: Andrew Hill [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 10:23
To: Struts Users Mailing List
Subject: RE: [Tokens][2] Where can I find more information
Hope you will excuse me stealing this topic for a related question - I
added
a [2] tag to indicate this ;-)
As far as I can see the key under which the token is saved is a
constant.
What happens if another browser window is also open on some other form
(in
same session) and the user is trying to submit something there to
another
action that also users tokens. (This is one of those anoying users who
opens
fifty billion windows and does stuff in one window while waiting for
submission / page loading in another window to complete)
Wont the two interfere?
ie:
User fills in form in window A and submits.
While waiting for that to complete, user enters stuff in window B (for
a
different form or record) and submits that.
What happens to the tokens here?
btw: heres a copy of the msg Michael refers to in the archive (for
those
who
havent time to load the web page)
To deal with resubmits, the most important issue is to avoid
updating
the
database twice when the user accidentally resubmits the same form.
Struts
has a feature called transaction control tokens that help you
avoid
this, which is very simply used as follows:
* In the Action that sets up your input form (i.e. before you
forward
to it), execute the following
saveToken(request)
to save a special value in the user's session that will be used in
the next step.
* In the Action that receives the form and updates the database, add
the following logic before you do the update:
if (isTokenValid(request, true)) {
... this is a resubmit, so go display an error ...
}
The true parameter causes the token to be removed from the
session
so that it doesn't interfere with subsequent form submits.
This way, the submit will work the first time, but fail on any
Constant session keys and multiple windows (WAS: RE: [Tokens][2] Where can I find more information....)
The application Im working on at the moment has a little support for multiple windows , but its not very good and only works at certain points (but remains there as its good for a few other things too). Basically I have an object which is an instance of class OperationContext. This object has attributes and a few other properties, and it gets stored in the session when an 'operation' starts. (An operation being a sort of workflow, like a wizard or even a normal form edit). The OperationContext is bound to a unique key in the session (this key is maintained in a single request parameter that needs to be submitted each time). One of the properties in this OperationContext is the ActionForm , and I've subclassed RequestProcessor to look for an actionForm in OperationContext if the form is session scoped (if it doesnt find one it reverts to normal handling of this). A neat trick I can do with the OperationContext is to 'stack' them. This allows me to divert from editing a form to editing another (ad infinitum) and when complete or cancelled return back to the parent operation in the same state is was before the diversion. This makes for some quite use by the user - much like wizards only more flexible. Of course OperationContext concept is good for classical wizards too. The downside to the operationContext is that is is binding stuff in the session, and as with any such objects stored in the session it is easy for them to be 'abandoned' as one never really knows if user is finished with them, leading to the session eating memory... (I do remove it when the operation is completed, but of course the user could go wandering before then and never come back...) Of course if the user opens another window on a page in the middle of an 'operation' the new page has the same operationContext id, so if they submit the first window, then try submitting the second they get an error for the second as the operationContext object was removed when the first page was submitted. Similar effect to using tokens but it emerged as a side effect so I dont think it quite as elegant. Id be interested to hear how other people approach these issues. Any comments? -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:21 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Yep. Thats what I thought. :-( There are actually quite a few things in struts that seem to have this issue in relation to constant session keys. Of course its only a problem if one tries to accomodate multitasking users, so if users can be trained not to play silly buggers with multiple windows everything should work fine. Single browser window seems to be an assumption most struts apps make, but it would be nice if the framework provided more support for multiple windows (keeping track of which is quite a nightmare!). -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:09 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, Read your post properly this time; umm good point the same key is used and one would over right the over, invalidating the first... So yes it looks like they would interfere... Jon Ridgway -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 11:00 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, The generateToken method in Action.java generates a unique token each time saveToken is called. Jon Ridgway -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 10:23 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Hope you will excuse me stealing this topic for a related question - I added a [2] tag to indicate this ;-) As far as I can see the key under which the token is saved is a constant. What happens if another browser window is also open on some other form (in same session) and the user is trying to submit something there to another action that also users tokens. (This is one of those anoying users who opens fifty billion windows and does stuff in one window while waiting for submission / page loading in another window to complete) Wont the two interfere? ie: User fills in form in window A and submits. While waiting for that to complete, user enters stuff in window B (for a different form or record) and submits that. What happens to the tokens here? btw: heres a copy of the msg Michael refers to in the archive (for those who havent time to load the web page) To deal with resubmits, the most important issue is to avoid updating the database twice when the user accidentally resubmits the same form. Struts has a feature called transaction control tokens that help you avoid this, which is very simply used as follows: * In the Action
RE: [Tokens][2] Where can I find more information....
Yeh. Good point.
Mind you , if we have no users, then we dont need a client side, so we could
eliminate all that annoying validation, and rendering of the screen, and
such like
:-)
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:57
To: Struts Users Mailing List
Subject: Re: [Tokens][2] Where can I find more information
I don´t quite agree (sorry) because I want to solve the problem without
javascript. I hate javascript and always try to do without it :-)
Regards,
Michael
- Original Message -
From: Andrew Hill [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 12:36 PM
Subject: RE: [Tokens][2] Where can I find more information
I guess the real trick would be to eliminate the users altogether, as they
seem to be the source of most problems.
hehe. Maybe I should try and divert the [OT] JavaScript auto-submit form
thread to this dicussing this idea ;-
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:40
To: Struts Users Mailing List
Subject: Re: [Tokens][2] Where can I find more information
Of course its only a problem if one tries to accomodate multitasking
users,
so if users can be trained not to play silly buggers with multiple
windows
everything should work fine.
Wishful thinking :-)
- Original Message -
From: Andrew Hill [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 12:21 PM
Subject: RE: [Tokens][2] Where can I find more information
Yep. Thats what I thought. :-(
There are actually quite a few things in struts that seem to have this
issue
in relation to constant session keys.
Single browser window seems to be an assumption most struts apps make,
but
it would be nice if the framework provided more support for multiple
windows
(keeping track of which is quite a nightmare!).
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:09
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
Read your post properly this time; umm good point the same key is used
and
one would over right the over, invalidating the first... So yes it looks
like they would interfere...
Jon Ridgway
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 11:00
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
The generateToken method in Action.java generates a unique token each
time
saveToken is called.
Jon Ridgway
-Original Message-
From: Andrew Hill [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 10:23
To: Struts Users Mailing List
Subject: RE: [Tokens][2] Where can I find more information
Hope you will excuse me stealing this topic for a related question - I
added
a [2] tag to indicate this ;-)
As far as I can see the key under which the token is saved is a
constant.
What happens if another browser window is also open on some other form
(in
same session) and the user is trying to submit something there to
another
action that also users tokens. (This is one of those anoying users who
opens
fifty billion windows and does stuff in one window while waiting for
submission / page loading in another window to complete)
Wont the two interfere?
ie:
User fills in form in window A and submits.
While waiting for that to complete, user enters stuff in window B (for a
different form or record) and submits that.
What happens to the tokens here?
btw: heres a copy of the msg Michael refers to in the archive (for those
who
havent time to load the web page)
To deal with resubmits, the most important issue is to avoid updating
the
database twice when the user accidentally resubmits the same form.
Struts
has a feature called transaction control tokens that help you avoid
this, which is very simply used as follows:
* In the Action that sets up your input form (i.e. before you forward
to it), execute the following
saveToken(request)
to save a special value in the user's session that will be used in
the next step.
* In the Action that receives the form and updates the database, add
the following logic before you do the update:
if (isTokenValid(request, true)) {
... this is a resubmit, so go display an error ...
}
The true parameter causes the token to be removed from the session
so that it doesn't interfere with subsequent form submits.
This way, the submit will work the first time, but fail on any
accidental
or on-purpose resubmit, and you avoid adding the information to the
database twice. It also
Re: [Tokens][2] Where can I find more information....
ok, sod the users, who needs them anyway :-) - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:49 PM Subject: RE: [Tokens][2] Where can I find more information Yeh. Good point. Mind you , if we have no users, then we dont need a client side, so we could eliminate all that annoying validation, and rendering of the screen, and such like :-) -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:57 To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information I don´t quite agree (sorry) because I want to solve the problem without javascript. I hate javascript and always try to do without it :-) Regards, Michael - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:36 PM Subject: RE: [Tokens][2] Where can I find more information I guess the real trick would be to eliminate the users altogether, as they seem to be the source of most problems. hehe. Maybe I should try and divert the [OT] JavaScript auto-submit form thread to this dicussing this idea ;- -Original Message- From: Michael Delamere [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:40 To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information Of course its only a problem if one tries to accomodate multitasking users, so if users can be trained not to play silly buggers with multiple windows everything should work fine. Wishful thinking :-) - Original Message - From: Andrew Hill [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 12:21 PM Subject: RE: [Tokens][2] Where can I find more information Yep. Thats what I thought. :-( There are actually quite a few things in struts that seem to have this issue in relation to constant session keys. Single browser window seems to be an assumption most struts apps make, but it would be nice if the framework provided more support for multiple windows (keeping track of which is quite a nightmare!). -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 18:09 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, Read your post properly this time; umm good point the same key is used and one would over right the over, invalidating the first... So yes it looks like they would interfere... Jon Ridgway -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 11:00 To: 'Struts Users Mailing List' Subject: RE: [Tokens][2] Where can I find more information Hi Andrew, The generateToken method in Action.java generates a unique token each time saveToken is called. Jon Ridgway -Original Message- From: Andrew Hill [mailto:[EMAIL PROTECTED]] Sent: 09 September 2002 10:23 To: Struts Users Mailing List Subject: RE: [Tokens][2] Where can I find more information Hope you will excuse me stealing this topic for a related question - I added a [2] tag to indicate this ;-) As far as I can see the key under which the token is saved is a constant. What happens if another browser window is also open on some other form (in same session) and the user is trying to submit something there to another action that also users tokens. (This is one of those anoying users who opens fifty billion windows and does stuff in one window while waiting for submission / page loading in another window to complete) Wont the two interfere? ie: User fills in form in window A and submits. While waiting for that to complete, user enters stuff in window B (for a different form or record) and submits that. What happens to the tokens here? btw: heres a copy of the msg Michael refers to in the archive (for those who havent time to load the web page) To deal with resubmits, the most important issue is to avoid updating the database twice when the user accidentally resubmits the same form. Struts has a feature called transaction control tokens that help you avoid this, which is very simply used as follows: * In the Action that sets up your input form (i.e. before you forward to it), execute the following saveToken(request) to save a special value in the user's session that will be used in the next step. * In the Action that receives the form and updates the database, add the following logic before you do the update
Re: [Tokens][2] Where can I find more information....
Unfortunately, there isn't always a non-JavaScript solution ;-) What do you do with requirements that can only be implemented with JavaScript? Regards :-) Eddie Michael Delamere wrote: I don´t quite agree (sorry) because I want to solve the problem without javascript. I hate javascript and always try to do without it :-) Regards, Michael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [Tokens][2] Where can I find more information....
to me there is no such requirement. :-) It depends on what you communicate to the customer and I´ll tend to not advise it :-). Regards, Michael - Original Message - From: Eddie Bush [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, September 09, 2002 4:22 PM Subject: Re: [Tokens][2] Where can I find more information Unfortunately, there isn't always a non-JavaScript solution ;-) What do you do with requirements that can only be implemented with JavaScript? Regards :-) Eddie Michael Delamere wrote: I don´t quite agree (sorry) because I want to solve the problem without javascript. I hate javascript and always try to do without it :-) Regards, Michael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [Tokens][2] Where can I find more information....
I might be mistaken but isn't that what is supposed to happen?
snip
===
if (isTokenValid(request, true)) {
System.out.println(TOKEN IS VALID);
}
else {
System.out.println(TOKEN IS NO LONGER VALID);
}
===
Is the above code assumption correct or am I misinterpreting something?
Because when I submit add to cart I always jump into the else block!
/snip
snip
if (isTokenValid(request, true)) {
... this is a resubmit, so go display an error ...
}
/snip
Kris
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 6:57 AM
To: Struts Users Mailing List
Subject: Re: [Tokens][2] Where can I find more information
I don´t quite agree (sorry) because I want to solve the problem without
javascript. I hate javascript and always try to do without it :-)
Regards,
Michael
- Original Message -
From: Andrew Hill [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 12:36 PM
Subject: RE: [Tokens][2] Where can I find more information
I guess the real trick would be to eliminate the users altogether, as they
seem to be the source of most problems.
hehe. Maybe I should try and divert the [OT] JavaScript auto-submit form
thread to this dicussing this idea ;-
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:40
To: Struts Users Mailing List
Subject: Re: [Tokens][2] Where can I find more information
Of course its only a problem if one tries to accomodate multitasking
users,
so if users can be trained not to play silly buggers with multiple
windows
everything should work fine.
Wishful thinking :-)
- Original Message -
From: Andrew Hill [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 12:21 PM
Subject: RE: [Tokens][2] Where can I find more information
Yep. Thats what I thought. :-(
There are actually quite a few things in struts that seem to have this
issue
in relation to constant session keys.
Single browser window seems to be an assumption most struts apps make,
but
it would be nice if the framework provided more support for multiple
windows
(keeping track of which is quite a nightmare!).
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:09
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
Read your post properly this time; umm good point the same key is used
and
one would over right the over, invalidating the first... So yes it looks
like they would interfere...
Jon Ridgway
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 11:00
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
The generateToken method in Action.java generates a unique token each
time
saveToken is called.
Jon Ridgway
-Original Message-
From: Andrew Hill [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 10:23
To: Struts Users Mailing List
Subject: RE: [Tokens][2] Where can I find more information
Hope you will excuse me stealing this topic for a related question - I
added
a [2] tag to indicate this ;-)
As far as I can see the key under which the token is saved is a
constant.
What happens if another browser window is also open on some other form
(in
same session) and the user is trying to submit something there to
another
action that also users tokens. (This is one of those anoying users who
opens
fifty billion windows and does stuff in one window while waiting for
submission / page loading in another window to complete)
Wont the two interfere?
ie:
User fills in form in window A and submits.
While waiting for that to complete, user enters stuff in window B (for a
different form or record) and submits that.
What happens to the tokens here?
btw: heres a copy of the msg Michael refers to in the archive (for those
who
havent time to load the web page)
To deal with resubmits, the most important issue is to avoid updating
the
database twice when the user accidentally resubmits the same form.
Struts
has a feature called transaction control tokens that help you avoid
this, which is very simply used as follows:
* In the Action that sets up your input form (i.e. before you forward
to it), execute the following
saveToken(request)
to save a special value in the user's session that will be used in
the next step.
* In the Action that receives the form and updates the database, add
the following logic before you do the update:
if (isTokenValid(request, true
RE: [Tokens][2] Where can I find more information....
Hi Kris,
The first code snippet below is the correct one (I think??). I think the
snippet on Teds site (second snippet below) *may* be wrong...
Jon Ridgway
-Original Message-
From: Dhulipala, Kris [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 15:34
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
I might be mistaken but isn't that what is supposed to happen?
snip
===
if (isTokenValid(request, true)) {
System.out.println(TOKEN IS VALID);
}
else {
System.out.println(TOKEN IS NO LONGER VALID);
}
===
Is the above code assumption correct or am I misinterpreting something?
Because when I submit add to cart I always jump into the else block!
/snip
snip
if (isTokenValid(request, true)) {
... this is a resubmit, so go display an error ...
}
/snip
Kris
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 6:57 AM
To: Struts Users Mailing List
Subject: Re: [Tokens][2] Where can I find more information
I don´t quite agree (sorry) because I want to solve the problem without
javascript. I hate javascript and always try to do without it :-)
Regards,
Michael
- Original Message -
From: Andrew Hill [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 12:36 PM
Subject: RE: [Tokens][2] Where can I find more information
I guess the real trick would be to eliminate the users altogether, as they
seem to be the source of most problems.
hehe. Maybe I should try and divert the [OT] JavaScript auto-submit form
thread to this dicussing this idea ;-
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:40
To: Struts Users Mailing List
Subject: Re: [Tokens][2] Where can I find more information
Of course its only a problem if one tries to accomodate multitasking
users,
so if users can be trained not to play silly buggers with multiple
windows
everything should work fine.
Wishful thinking :-)
- Original Message -
From: Andrew Hill [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 12:21 PM
Subject: RE: [Tokens][2] Where can I find more information
Yep. Thats what I thought. :-(
There are actually quite a few things in struts that seem to have this
issue
in relation to constant session keys.
Single browser window seems to be an assumption most struts apps make,
but
it would be nice if the framework provided more support for multiple
windows
(keeping track of which is quite a nightmare!).
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:09
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
Read your post properly this time; umm good point the same key is used
and
one would over right the over, invalidating the first... So yes it looks
like they would interfere...
Jon Ridgway
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 11:00
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
The generateToken method in Action.java generates a unique token each
time
saveToken is called.
Jon Ridgway
-Original Message-
From: Andrew Hill [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 10:23
To: Struts Users Mailing List
Subject: RE: [Tokens][2] Where can I find more information
Hope you will excuse me stealing this topic for a related question - I
added
a [2] tag to indicate this ;-)
As far as I can see the key under which the token is saved is a
constant.
What happens if another browser window is also open on some other form
(in
same session) and the user is trying to submit something there to
another
action that also users tokens. (This is one of those anoying users who
opens
fifty billion windows and does stuff in one window while waiting for
submission / page loading in another window to complete)
Wont the two interfere?
ie:
User fills in form in window A and submits.
While waiting for that to complete, user enters stuff in window B (for a
different form or record) and submits that.
What happens to the tokens here?
btw: heres a copy of the msg Michael refers to in the archive (for those
who
havent time to load the web page)
To deal with resubmits, the most important issue is to avoid updating
the
database twice when the user accidentally resubmits the same form.
Struts
has a feature called transaction control tokens that help you avoid
this, which is very simply used as follows:
* In the Action that sets up your input
RE: [Tokens][2] Where can I find more information....
hi Jon,
My Bad... Just checked the api and looks like you are right.
-Kris
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 10:49 AM
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Kris,
The first code snippet below is the correct one (I think??). I think the
snippet on Teds site (second snippet below) *may* be wrong...
Jon Ridgway
-Original Message-
From: Dhulipala, Kris [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 15:34
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
I might be mistaken but isn't that what is supposed to happen?
snip
===
if (isTokenValid(request, true)) {
System.out.println(TOKEN IS VALID);
}
else {
System.out.println(TOKEN IS NO LONGER VALID);
}
===
Is the above code assumption correct or am I misinterpreting something?
Because when I submit add to cart I always jump into the else block!
/snip
snip
if (isTokenValid(request, true)) {
... this is a resubmit, so go display an error ...
}
/snip
Kris
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 6:57 AM
To: Struts Users Mailing List
Subject: Re: [Tokens][2] Where can I find more information
I don´t quite agree (sorry) because I want to solve the problem without
javascript. I hate javascript and always try to do without it :-)
Regards,
Michael
- Original Message -
From: Andrew Hill [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 12:36 PM
Subject: RE: [Tokens][2] Where can I find more information
I guess the real trick would be to eliminate the users altogether, as they
seem to be the source of most problems.
hehe. Maybe I should try and divert the [OT] JavaScript auto-submit form
thread to this dicussing this idea ;-
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:40
To: Struts Users Mailing List
Subject: Re: [Tokens][2] Where can I find more information
Of course its only a problem if one tries to accomodate multitasking
users,
so if users can be trained not to play silly buggers with multiple
windows
everything should work fine.
Wishful thinking :-)
- Original Message -
From: Andrew Hill [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 12:21 PM
Subject: RE: [Tokens][2] Where can I find more information
Yep. Thats what I thought. :-(
There are actually quite a few things in struts that seem to have this
issue
in relation to constant session keys.
Single browser window seems to be an assumption most struts apps make,
but
it would be nice if the framework provided more support for multiple
windows
(keeping track of which is quite a nightmare!).
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:09
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
Read your post properly this time; umm good point the same key is used
and
one would over right the over, invalidating the first... So yes it looks
like they would interfere...
Jon Ridgway
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 11:00
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
The generateToken method in Action.java generates a unique token each
time
saveToken is called.
Jon Ridgway
-Original Message-
From: Andrew Hill [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 10:23
To: Struts Users Mailing List
Subject: RE: [Tokens][2] Where can I find more information
Hope you will excuse me stealing this topic for a related question - I
added
a [2] tag to indicate this ;-)
As far as I can see the key under which the token is saved is a
constant.
What happens if another browser window is also open on some other form
(in
same session) and the user is trying to submit something there to
another
action that also users tokens. (This is one of those anoying users who
opens
fifty billion windows and does stuff in one window while waiting for
submission / page loading in another window to complete)
Wont the two interfere?
ie:
User fills in form in window A and submits.
While waiting for that to complete, user enters stuff in window B (for a
different form or record) and submits that.
What happens to the tokens here?
btw: heres a copy of the msg Michael refers to in the archive (for those
who
havent time to load the web page)
To deal with resubmits
Re: [Tokens][2] Where can I find more information....
Did you check the HttpSession object? Is the session object same or
always new?
Jon.Ridgway wrote:
Hi Kris,
The first code snippet below is the correct one (I think??). I think the
snippet on Teds site (second snippet below) *may* be wrong...
Jon Ridgway
-Original Message-
From: Dhulipala, Kris [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 15:34
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
I might be mistaken but isn't that what is supposed to happen?
snip
===
if (isTokenValid(request, true)) {
System.out.println(TOKEN IS VALID);
}
else {
System.out.println(TOKEN IS NO LONGER VALID);
}
===
Is the above code assumption correct or am I misinterpreting something?
Because when I submit add to cart I always jump into the else block!
/snip
snip
if (isTokenValid(request, true)) {
... this is a resubmit, so go display an error ...
}
/snip
Kris
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 6:57 AM
To: Struts Users Mailing List
Subject: Re: [Tokens][2] Where can I find more information
I don´t quite agree (sorry) because I want to solve the problem without
javascript. I hate javascript and always try to do without it :-)
Regards,
Michael
- Original Message -
From: Andrew Hill [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 12:36 PM
Subject: RE: [Tokens][2] Where can I find more information
I guess the real trick would be to eliminate the users altogether, as they
seem to be the source of most problems.
hehe. Maybe I should try and divert the [OT] JavaScript auto-submit form
thread to this dicussing this idea ;-
-Original Message-
From: Michael Delamere [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:40
To: Struts Users Mailing List
Subject: Re: [Tokens][2] Where can I find more information
Of course its only a problem if one tries to accomodate multitasking
users,
so if users can be trained not to play silly buggers with multiple
windows
everything should work fine.
Wishful thinking :-)
- Original Message -
From: Andrew Hill [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, September 09, 2002 12:21 PM
Subject: RE: [Tokens][2] Where can I find more information
Yep. Thats what I thought. :-(
There are actually quite a few things in struts that seem to have this
issue
in relation to constant session keys.
Single browser window seems to be an assumption most struts apps make,
but
it would be nice if the framework provided more support for multiple
windows
(keeping track of which is quite a nightmare!).
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 18:09
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
Read your post properly this time; umm good point the same key is used
and
one would over right the over, invalidating the first... So yes it looks
like they would interfere...
Jon Ridgway
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 11:00
To: 'Struts Users Mailing List'
Subject: RE: [Tokens][2] Where can I find more information
Hi Andrew,
The generateToken method in Action.java generates a unique token each
time
saveToken is called.
Jon Ridgway
-Original Message-
From: Andrew Hill [mailto:[EMAIL PROTECTED]]
Sent: 09 September 2002 10:23
To: Struts Users Mailing List
Subject: RE: [Tokens][2] Where can I find more information
Hope you will excuse me stealing this topic for a related question - I
added
a [2] tag to indicate this ;-)
As far as I can see the key under which the token is saved is a
constant.
What happens if another browser window is also open on some other form
(in
same session) and the user is trying to submit something there to
another
action that also users tokens. (This is one of those anoying users who
opens
fifty billion windows and does stuff in one window while waiting for
submission / page loading in another window to complete)
Wont the two interfere?
ie:
User fills in form in window A and submits.
While waiting for that to complete, user enters stuff in window B (for a
different form or record) and submits that.
What happens to the tokens here?
btw: heres a copy of the msg Michael refers to in the archive (for those
who
havent time to load the web page)
To deal with resubmits, the most important issue is to avoid updating
the
database twice when the user accidentally resubmits the same form.
Struts
has a feature called transaction control tokens that help you avoid
this, which is very simply used as follows:
* In the Action that sets up your input form (i.e. before you forward
RE: [Tokens][2] Where can I find more information....
As Mozilla is open source, perhaps you could create an extended version of it that supports your requirements and force your users to use that? ;-) -Original Message- From: Eddie Bush [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 22:22 To: Struts Users Mailing List Subject: Re: [Tokens][2] Where can I find more information Unfortunately, there isn't always a non-JavaScript solution ;-) What do you do with requirements that can only be implemented with JavaScript? Regards :-) Eddie Michael Delamere wrote: I don´t quite agree (sorry) because I want to solve the problem without javascript. I hate javascript and always try to do without it :-) Regards, Michael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
