> You may want to look at Apache Beehive, which has Pageflows
> and sits on top of Struts.
>
> I haven't used it yet but it looks promising...
>
> -Abdullah
Promising yes, reading through their description of page flows it sounds
like what I am trying to do. Unfortunately not yet ready for pro
> While the token is ALSO used for double submit protection, it
> also validates that the user got to your form the right way.
>
> i.e., if they don't go to page A and submit, their token
> won't be valid.
Interesting ... Does the following use case break this?
If a malicious user goes to page
I am migrating to Struts from an existing webapp. One of the issues with the
old architecture was managing the flow control logic. Currently we track in
the session which flow and page the user is on. To enforce flow control each
Servlet method must check the session to see if the flow and page are
3 matches
Mail list logo
