Does anyone know if we can automatically do these checks now with the framework.
It is possible I am being too naive about this functionality, but thought I should ask. sandeep --- David Graham <[EMAIL PROTECTED]> wrote: > > > > >It's up to your Action to call the token > methods to > > > >validate the token and > > > >forward the user to an appropriate page. > > > > > > > > > I know, maybe I wasn't clear enough .. sorry :-) > >What I'm saying is that if you use a > > session bean, the content is modified even though > the > >token is invalid.. I thinks this should not happen. > > By session bean, do you mean EJB or an ActionForm > stored in the session? I > haven't tried this but maybe you could put the token > check in the form's > validate method but that also happens after the form > bean is populated. The > token is currently viewed as a piece of form data > for the Action to handle > and not the framework. Allowing actions to check > the token gives people the > flexibility of deciding what to do with the user in > various situations. > > David > > > > > I'm working on an intranet application and I'm > using > > session beans (Maybe I shouldn't). Right now if > the > > user does a double click. The first request > passes > >and the second request populates the bean while the > >first request is been processed ... This is a > little > >race :-). > > > > I don't think Struts offers an easy way to avoid > > this... maybe I'm wrong ... > > > > Thanks > > /David > > > > > > > > > > > David > > > --- David Gagnon <[EMAIL PROTECTED]> wrote: > > > > Hi all, > > > > > > > > > > > > If you have a session bean and you are > using > > > the > > > > token framework to protect yourself again > > > multiple > > > > submit... > > > > > > > > > > > > Let say a request with a bad token is post to > the > > > > server. The bean will be populated right ... > > > even > > > > if > > > > the token is not valid. Is struts offers > support > > > > to > > > > check if a request contains a valid token > prior > > > to > > > > populate the bean. For what I know you the > > > sooner > > > > you > > > > can play with token in struts is in the reset > > > > method > > > > of the bean (It may not be the best place to > play > > > > with > > > > token anyway...). > > > > > > > > > > > > Is a request with a bad or no token should be > > > > redirect > > > > by the framework to a handler. Like it's > done > > > with > > > > the Exception in Struts? I think there > should > > > have > > > > a > > > > way to avoid changing the server state on bad > > > > request > > > > ... > > > > > > > > > > > > My guest is that you already know about all > that > > > > :-) > > > > ... or that there is something to prevent > this > > > that > > > > I'm not aware of. > > > > > > > > > > > > Thanks for your help > > > > > > > > > > > > /Dave > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > __________________________________ > > > > Do you Yahoo!? > > > > SBC Yahoo! DSL - Now only $29.95 per month! > > > > http://sbc.yahoo.com > > > > > > > > > > > > > __________________________________ > > > Do you Yahoo!? > > > SBC Yahoo! DSL - Now only $29.95 per month! > > > http://sbc.yahoo.com > > > > > > > >__________________________________ > >Do you Yahoo!? > >SBC Yahoo! DSL - Now only $29.95 per month! > >http://sbc.yahoo.com > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: > [EMAIL PROTECTED] > >For additional commands, e-mail: > [EMAIL PROTECTED] > > > > _________________________________________________________________ > MSN 8 helps eliminate e-mail viruses. Get 2 months > FREE*. > http://join.msn.com/?page=features/virus > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
