You could craft your own Form component that handles the hidden and
use the tapestry-flash thingy to save the token
Geoff
On 3/2/06, Inge Solvoll <[EMAIL PROTECTED]> wrote:
> I've tried to copy the token-approach from struts into Tapestry, to avoid
> crashes when the user hits the "refresh"-button in the browser. Using this
> approach, the html rendered can only be submitted once. My problem is that
> the code I've written so far requires too much code copying and repeating,
> and I was wondering if someone has ideas on how to make the implementation a
> bit less intrusive for my pages.
>
> I could include this code in my base class that all my page classes inherit
> from, but then I would have to inject WebRequest into every single page in
> my application, and that's not the tapestry way to do page design, is it?
> I'm pretty sure that this is functionality that I need in all my pages
> (refresh of a post causes crash most of the times in my tapestry code).
> Maybe this can be done with a servlet filter, or better, with a HiveMind
> service that intercepts the request?
>
> Here's my code so far:
>
> public void pageBeginRender(PageEvent event) {
> if (getRequestCycle().isRewinding()) {
> String token = getRequest().getParameter("token");
> if (token == null || !token.equals(getToken())) {
> log.error("Token for page is not valid, redirect to obtain last good
> state");
> throw new PageRedirectException(this);
> }
> }
> else {
> setToken(generateToken());
> }
>
> }
>
> .html:
> <input jwcid="@Any" type="hidden" name="token" value="ognl:token"/>
>
> .page:
> <property name="token" persist="session"/>
>
>
> An article on the subject:
> http://www.javalobby.org/java/forums/m91956568.html
>
>
--
The Spindle guy. http://spindle.sf.net
Get help with Spindle:
http://lists.sourceforge.net/mailman/listinfo/spindle-user
Blog: http://jroller.com/page/glongman
Feature Updates: http://spindle.sf.net/updates
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
