Yeah I see now that there are two challenges here (thanks struts dude)!
Perhaps this would work:
1) resetToken right off the bat, but also do a saveToken (in case of a backend error like I described -- seemingly the saveToken here would make returning to the form OK)
2) do the possibly long logic
3) resetToken without a saveToken (maybe this is optional).
What do you guys think?
Erik
Zhang, Larry (L.) wrote:
In my application, there will be no validation error in the FINAL submission stage; the validation error would be called earlier. If however there are other types of error (like database error, we just stop processing, but the second submission will be identified. Your question is valid, however, one of the synchronizer token usages is to prevent the duplicate submission. If you put the resetToken to the last and you have a long logic before resetToken, here is what will happen (1) you did a first submission (2) then submit again, at this point, the resetToken is not invoked yet, (since there is a long logic before it), the action just thinks this is the same token and it just allows it -which did actually prevent the duplicate submission, right?
Thanks.
-----Original Message----- From: Erik Weber [mailto:[EMAIL PROTECTED] Sent: Friday, August 27, 2004 11:10 AM To: Struts Users Mailing List Subject: Re: My IsValidToken() cannot trap duplicated submission.
Larry, what if an error occurs after form validation, but during processing of the submit, which requires you to forward back to the input page?
Erik
Zhang, Larry (L.) wrote:
I think the resetToken should be placed as the first place in your action that processes your submitted form, instead of when you are done processing the submitted form.
-----Original Message----- From: Erik Weber [mailto:[EMAIL PROTECTED] Sent: Friday, August 27, 2004 10:57 AM To: Struts Users Mailing List Subject: Re: My IsValidToken() cannot trap duplicated submission.
When you are done processing the submitted form, invoke "resetToken".
Erik
PC Leung wrote:
After clicking submit button and then go back previous page, data is still there, click the submit button again. record will be
saved once more time. The IsValidToken cannot trap the duplicated
submission.
Initial page:
http://localhost:8080/erp/AddUserProfile.jsp
if clicking submit button, goes to http://localhost:8080/erp/addUserProfile.do?method=create
struts-config.xml like this.
<action path="/addUserProfileSetup"
type="com.erp.quotation.AddUserProfileAction"
name="addUserProfileForm"
scope="request" validate="false">
<forward name="success" path="/AddUserProfile.jsp" redirect="true"/>
</action> <action path="/addUserProfile"
type="com.erp.quotation.AddUserProfileDispatchAction"
name="addUserProfileForm"
scope="request" validate="true" parameter="method"
input="/AddUserProfile.jsp">
<forward name="success" path="/AddUserProfile.jsp"/>
<forward name="failure" path="/AddUserProfile.jsp"/>
<forward name="cancel" path="/UserMaint.jsp"/>
</action>
Initial page already shows with a token.
Why the following DispatchAction cannot trap duplicated submission?
public final class AddUserProfileDispatchAction extends DispatchAction {
public ActionForward create (ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response) throws Exception {
HttpSession session = request.getSession();
ActionErrors errors = new ActionErrors();
if (!isTokenValid(request, true)) {
errors.add(ActionErrors.GLOBAL_ERROR,
new ActionError("error.transaction.token"));
}
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
