Action has a number of methods for transaction tokens [saveToken(),
isTokenValid(), resetToken()] and the example shows use of them (look at
EditRegistration.java and SaveRegistration.java).
You can also specify a transaction="true" attribute on the LinkTag so that
the transaction token is retrieved from the session and stored in the
request.
Other than that, you need to do it yourself.
Niall
> -----Original Message-----
> From: Bud Gibson [mailto:[EMAIL PROTECTED]]
> Sent: 09 July 2001 14:36
> To: [EMAIL PROTECTED]
> Subject: Using tokens for sensitive form submissions
>
>
> Hi:
>
> We want to use tokens for sensitive form submissions. It looks like
> struts can do this. However, the feature is hidden (at least to me) and
> undocumented.
>
> Following David Geary's Advanced JSP book (and somewhat Core J2EE
> Patterns by Alur et al.), I would like to set a token when I send out
> certain forms and test the token when those forms are resubmitted. At
> this stage, I have actually written my own action and borrowed Geary's
> tag library code. If someone submits a form with a stale or no token,
> my action reroutes them to a default action that figures out what to do
> with them. If someone submits a form without a stale token, then the
> form is forwarded to another action that does validation and processing.
>
> Have I reinvented the wheel? Is there a built-in capacity to do this
> within struts? I want to write as little infrastructure code as possible.
>
> Thanks,
> Bud Gibson
> University of Michigan Business School
>
