X-Server-Uuid: 77EBEC63-E6AD-49BA-924C-CB5276DAA9C7
From: "Hossfeld, Frank" <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: No Redirects in Struts 1.1
Date: Fri, 21 Feb 2003 11:12:07 +0100
X-Mailer: Internet Mail Service (5.5.2653.19)
X-WSS-ID: 124B240463827-01-01
Hi,
I don't know why, but I am not able to post messages in the list, so I 'll
send you my response directly.
Perhaps somebody can post it.
Thanks Frank
> I think, this is a problem in Struts.
> If you use the struts token-solution to avoid double-clicks, you have to
> check the token in every action.
> When redirecting from one action to another, it is necessary, that the
> token is part of the redirected URL.
>
> Maybe I didn't see it, but if you look in the RequestProcessor-Class and
> examine the processActionForward-Method, there is no work done with the
> Token.
> (Means, the token is not part of the redirected URL)
> If you overwrite the processForwardConfig-Method by adding the token to
> the redirected URL, it works fine.
>
> Thats the coding:
>
> protected void processForwardConfig(HttpServletRequest request,
> HttpServletResponse response,
> ForwardConfig forward)
> throws IOException, ServletException {
> if (forward == null) {
> return;
> }
> if (log.isDebugEnabled()) {
> log.debug("processForwardConfig(" + forward + ")");
> }
>
> String uri = RequestUtils.forwardURL(request, forward);
> if (forward.getRedirect()) {
> // Patch Start
> if
> (request.getSession(false).getAttribute(Globals.TRANSACTION_TOKEN_KEY) !=
> null) {
> if (uri.indexOf(org.apache.struts.taglib.html.Constants.TOKEN_KEY)
> < 0) {
> if (uri.indexOf("?") >= 0) {
> uri += "&";
> } else {
> uri += "?";
> }
> uri += org.apache.struts.taglib.html.Constants.TOKEN_KEY + "=" +
> request.getSession(false).getAttribute(Globals.TRANSACTION_TOKEN_KEY);
> }
> }
> // Patch End
>
> response.sendRedirect(response.encodeRedirectURL(request.getContextPath()
> + uri));
> } else {
> doForward(uri, request, response);
> }
> }
> }
>
> I don't know, if this is the right way to solve it, but it works .. :-)
> If there is anybody out there who has a better idea, I would like to read
> it.
> Regards Frank
------------------------------------------------------------------------------
Aus Rechts- und Sicherheitsgruenden ist die in dieser E-Mail gegebene Information nicht rechtsverbindlich. Eine rechtsverbindliche Bestaetigung reichen wir Ihnen gerne auf Anforderung in schriftlicher Form nach. Beachten Sie bitte, dass jede Form der unautorisierten Nutzung, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail nicht gestattet ist.Diese Nachricht ist ausschliesslich fuer den bezeichneten Adressaten oder dessen Vertreter bestimmt. Sollten Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein, so bitten wir Sie, sich mit dem Absender der E-Mail in Verbindung zu setzen.
----------------------------
For legal and security reasons the information provided in this e-mail is not legally binding. Upon request we would be pleased to provide you with a legally binding confirmation in written form. Any form of unauthorised use, publication, reproduction, copying or disclosure of the content of this e-mail is not permitted. This message is exclusively for the person addressed or their representative. If you are not the intended recipient of this message and its contents, please notify the sender immediately.
==============================================================================
LEGAL NOTICE
This electronic mail transmission and any accompanying documents contain information belonging to the sender which may be confidential and legally privileged. This information is intended only for the use of the individual or entity to whom this electronic mail transmission was sent as indicated above. If you are not the intended recipient, any disclosure, copying, distribution, or action taken in reliance on the contents of the information contained in this transmission is strictly prohibited. If you have received this transmission in error, please delete the message. Thank you
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
