Hi:
We want to use tokens for sensitive form submissions. It looks like
struts can do this. However, the feature is hidden (at least to me) and
undocumented.
Following David Geary's Advanced JSP book (and somewhat Core J2EE
Patterns by Alur et al.), I would like to set a token when I send out
certain forms and test the token when those forms are resubmitted. At
this stage, I have actually written my own action and borrowed Geary's
tag library code. If someone submits a form with a stale or no token,
my action reroutes them to a default action that figures out what to do
with them. If someone submits a form without a stale token, then the
form is forwarded to another action that does validation and processing.
Have I reinvented the wheel? Is there a built-in capacity to do this
within struts? I want to write as little infrastructure code as possible.
Thanks,
Bud Gibson
University of Michigan Business School
