OK this is a bit of an Obligatory plug but....
The "Professional Struts" book written by myself and James Goodwill covers
this step by step.
First it lists the steps. Then it breaks the code down by each step.
You will want to have you saveToken called just before the form loads for
the first time.
Here is a scaled down excerpt....
To use a transaction token, follow these steps:
1. Before you load the JavaServer Pages (JSP) page that has the html:form
tag on it, call saveToken inside an action.
2. When the user submits the form, call isTokenValid and handle the form
only if the token is valid.
The first step is to call saveToken inside an action. To do this, you have
to make sure an action is called before the JSP page loads.
Let’s say you had an action mapping that was associated with the user
registration page as
<action path="/userRegForm" forward="/userRegistration.jsp" />
The above just associated a JSP page with an action. Then any JSP page that
links to the input form would link to it like this:
<html:link action="/userRegForm">User Registration</html:link>
Therefore, no JSP links directly to /userRegistration.jsp. If this is the
case, you have been following the rules in the MVC chapter and it is easy to
start using transaction tokens.
Now let’s say that you want to make sure that the user cannot hit the back
button in the browser and submit the form twice. To do this, you must change
the action mapping associated with the input form to map to an action that
will call the saveToken method of Action:
<action path="/userRegForm"
type="strutsTutorial.UserRegistrationAction"
parameter="load">
<forward name="success"
path="/userRegistration.jsp" />
</action>
Action’s saveToken method generates and saves a transaction token and puts
it in session scope under the key Globals.TRANSACTION_TOKEN_KEY. Think of a
transaction token as a unique string.
Notice that the action mapping for userRegForm sets the parameter to load.
The action will use the parameter to load the form.
We already have this action defined. Thus, we need to modify the
UserRegistrationAction so that it can handle loading the form by calling
saveToken:
public class UserRegistrationAction extends
LookupDispatchAction {
private static Log log =
LogFactory.getLog(UserRegistrationAction.class);
public ActionForward execute(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
log.trace("UserRegistrationAction.execute");
if ("load".equals(mapping.getParameter())){
return load(mapping, form, request, response);
}else{
return super.execute(mapping, form,
request, response);
}
}
private ActionForward load(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception{
log.debug("In LOAD Method");
saveToken(request);
return mapping.findForward("success");
}
Let me know if this helps.
Rick Hightower
Developer
Struts/J2EE training -- http://www.arc-mind.com/strutsCourse.htm
Struts/J2EE consulting --
http://www.arc-mind.com/consulting.htm#StrutsMentoring
-----Original Message-----
From: Dominique de Waleffe [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 13, 2004 9:59 AM
To: Struts Users Mailing List
Subject: Transaction tokens
I have a problem understanding how to use those....
I have jsp pages using <html:forms>
Ted's book says that "a hidden field is automatically added when the
form sees that a tokens are being used"
but I fail to see how the forms sees that. In other wods, what do I
have to put as attribute to get the behaviour?
I do not see anything in rendered html form that looks like the
transaction token...
Then, in the action done on submit for those forms, I want to check for
double submit and react.
So I have this:
saveToken(request);
if ( ! isTokenValid(request)) {
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError("error.multiple-submit"));
saveErrors(request,errors);
resetToken(request);
return mapping.findForward("multi-submit");
} // end of if ()
This always takes me into the error branch... Is this a consequence of
the first problem (not having tokens sent)?
Thanks for any hint or example.
--
Dominique de Waleffe Email: [EMAIL PROTECTED] [No HTML please]
Mission Critical, Drève Richelle 161 Bât N, B-1410 Waterloo, Belgium
Phone: +32 2 757 10 15 Fax: +32 2 759 27 60
ICQ: 289-306-495
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
