So for the below example scenario i have to only validate the token and should not call saveToken method. So for these type of scenarios i have to put another "parameter " attribute in actionmapping of struts-config.xml to know these scenarios.
And for this scenario all forward mapping should be ".do". I can not put some forward as ".do" and some forward as Jsp page. Does my above assumptions are correct ? Thanks, Subhendu -----Original Message----- From: Ted Husted [mailto:[EMAIL PROTECTED]] Sent: Sunday, March 03, 2002 6:57 AM To: Struts Users Mailing List Subject: Re: Methods In Action Class You would either have to skip removing the token, or replace the token in the request with the new one. The token represents a transaction, and should live through the transaction. If the transaction includes more than one request, do not remove it until the transaction is complete. If you are starting a new transaction without first going to a form, then you would need to replicate the behavior of the html:form tag, and put the new token into the request to start the new transaction. -- Ted Husted, Husted dot Com, Fairport NY US -- Developing Java Web Applications with Struts -- Tel: +1 585 737-3463 -- Web: http://husted.com/about/services subhendukumar mohanty wrote: > > The isTokenValid() method compares the token value from request attribute(hidden >field stored in form) with the token stored in session. If it matches then the >session is valid. > I have one doubt in the following scenario. > > <action path="/ATCreateConfirm" > type="com.test.ATCreateConfirmAction" > name="ATCreateForm" > scope="session" > input="ATCreate.jsp" > validate="true"> > <forward name="Success" path="/ATCreate.do"/> > <forward name="failureLoad" path="/ATCreate.do"/> > <forward name="failureSubmit" path="/ATCreateCutOff.jsp"/> > </action> > > In this scenario the first request will be ATCreateConfirm.do , in the >ATCreateConfirmAction class I will check the token and validate it if it is valid i >will generate a new token. But after success of this action it calls ATCreate.do , in >the case this request still contains the old transaction token value from the form . >If a am going to check the validity of token in the corresponding action class of >"ATCreate.do" , the token will be not valid because the previous action has already >updated it. > > So my question is in this case where one mapping forwards to another ".do" how to >handle this token. Should I have to manually check for the following scenarios or >struts has any way to handle this type of scenario. > > Any help will be great. > > Thanks, > Subhendu > > -----Original Message----- > From: Ted Husted [mailto:[EMAIL PROTECTED]] > Sent: Saturday, March 02, 2002 9:27 AM > To: Struts Users Mailing List > Subject: Re: Methods In Action Class > > Before going to a page you want to protect, route to an Action first and > call SaveToken. This stores a token with a unique value in the user's > session. > > If the page uses the html:form tag, it will automatically include a > hidden field with the token if it finds one in the session. > > In the Action that receives the page, use isTokenValue to see if the > token in the session matches the one from the form. Call resetToken to > clear the token, so it can't be used again. > > -- Ted Husted, Husted dot Com, Fairport NY US > -- Developing Java Web Applications with Struts > -- Tel: +1 585 737-3463 > -- Web: http://husted.com/about/services > > subhendukumar mohanty wrote: > > > > Hi > > > > I found the following methods in Action.java which I think may help to control the >session ID. That means if the user submits the page and press the back button and >submit the page again it will throw an error. > > > > generateToken(HttpServletRequest request) > > saveToken(HttpServletRequest request) > > isTokenValid(HttpServletRequest request) > > > > If anybody has used these methods let me know how to use these methods . > > > > Thanks, > > Subhendu > > > > -- > > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
