The synchronizer token pattern in struts is typically used for avoiding
double submits
The method savetoken() creates a unique token and stores it as a hidden
field.The call to this method is typically made in the action class
loading the page.
Thereafter we use istokenvalid() to determine whether the token is valid
or not and if valid
Then call the business processing logic in the action class. This method
is called in the submit action and the strutcture
Or ur code in the submit action is as follows:
If(istokenvalid())
{
-- call the business processing logic e.g call an EJB for processing the
request
}
I don't remember the actual elementname by which struts creates the
hidden field(can be easily fiound out by reading struts docs though)
If ur need is just to create a hidden field then there is a different
tag availabe for it.
Hope it clarifies.
Thanks,
Satish
-----Original Message-----
From: Erik Weber [mailto:[EMAIL PROTECTED]
Sent: Monday, July 26, 2004 11:56 AM
To: Struts Users Mailing List
Subject: Re: Need a synchronizer token
Thanks, Kataria. But, after looking at these methods, I'm still not sure
how you set the hidden field in the form. For example, what name do you
use for the parameter? Or is this handled by a Struts tag?
Erik
Kataria, Satish wrote:
>Refer to the documentation of the action class. It has savetoken() &
>istokenvalid() method to implement the synchronizer token patter.
>
>Thanks,
>Satish
>
>
>
>-----Original Message-----
>From: Erik Weber [mailto:[EMAIL PROTECTED]
>Sent: Monday, July 26, 2004 11:11 AM
>To: Struts Users Mailing List
>Subject: Need a synchronizer token
>
>
>I know I've seen somewhere that Struts handles the synchronizer token
>pattern -- where a synchronizer token is embedded as a hidden form
field
>
>and compared with an expected value stored as a session attribute
before
>
>a write action is performed -- but I don't know exactly where to look.
>
>Can someone tell me the Struts way to handle this?
>
>Thanks,
>Erik
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
