Here's a solution that SEEMS to be working. It incorporates our solution to
the double submit problem that we used on our JSP's. It didn't appear to be
working for me at first, but seems to be now. (It does use the old servlet
request/session objects, but this may change once all our old code is
upgraded to wicket.)
public abstract class NoDoubleSubmitForm extends Form {
private String token;
protected NoDoubleSubmitForm(String id) {
super(id);
}
protected NoDoubleSubmitForm(String id, IModel model) {
super(id, model);
}
protected abstract void onSubmitted();
protected void onResubmitted() {
setResponsePage(CustomErrorPage.class);
}
@Override
protected final void onSubmit() {
if(isValidToken())
onSubmitted();
else
onResubmitted();
}
@Override
protected void onBeforeRender() {
super.onBeforeRender();
saveToken();
}
private boolean isValidToken() {
HttpServletRequest request = ((WebRequestCycle)
RequestCycle.get()).getWebRequest().getHttpServletRequest();
if (!isTokenValid(request)) {
Token.resetToken(request); // Removes unique token string from
session
return false;
}
Token.resetToken(request); // Removes unique token string from session
return true;
}
public boolean isTokenValid(HttpServletRequest request) {
// Retrieve the saved transaction token from our session
HttpSession session = request.getSession(false);
if (session == null)
return false;
String saved = (String)
session.getAttribute(Token.TRANSACTION_TOKEN_KEY);
if (saved == null)
return false;
if (token == null)
return false;
// Do the values match?
return saved.equals(token);
}
private void saveToken() {
HttpServletRequest request = ((WebRequestCycle)
RequestCycle.get()).getWebRequest().getHttpServletRequest();
HttpSession session = request.getSession();
Token.saveToken(request); // Generates a unique string for this request
and stores it in session
token = (String) session.getAttribute(Token.TRANSACTION_TOKEN_KEY); //
Save the generated token in this page instance
}
}
Like I said, for now this appears to be working. I just extend all my forms
from this class and implement onSubmitted() with the same code I previously
put in onSubmit(). The key is putting matching unique strings in session
and in the page instance. On submit, those string should match, at which
point, the string in session is cleared and the form is processed as normal.
If another submit comes in, the string in session has been cleared so it
doesn't match the string svaed in the page instance. In the case where
setResponsePage is not called, onBeforeRender resets the token string, so
submitting from the refreshed page won't register as an error.
Our JSP version of this involves putting the token string in session and
also saving a copy to a hidden field on the JSP page. Which I think is
similar (although maybe a bit more complex) to what Martijn was suggesting.
Thanks for all you suggestions.
Joel
--
View this message in context:
http://www.nabble.com/Double-submit-problem-tp15957979p16002307.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
