You could extend from Tapestry's Form component, and check the request cycle if it contains a token attribute so you can automatically add the hidden fields into the Form element instead of each page must declare the hidden field.
The only place you'd need to override in Form component is "newFormSupport" method, prior to returning the FormSupport instance, add your hidden fields into FormSupport. Afterwards, in your .application and .library, change the Form component specification to your own Form component specification. Alternatively, and much easier than the form, extends' Tapestry's LinkFactory implementation to also add your own hidden fields. In the constructLink method, add the parameter for the hidden field. This parameter will also displayed in the URL generated. On 3/10/06, Inge Solvoll <[EMAIL PROTECTED]> wrote: > > I was thinking more in terms of using ajax for letting the user know about > the invalid page he is on before he submits the form. Don't know if this > is > useful in any way. > > My token system works great so far, can't really see any problems with > direct links, but I'm not using it for ajax... > > One major improvement would be, as Geoffs suggested, to extend the Form > component to optionally include a token. This way I could skip the token > part in all my pages: > > <form jwcid="@Form"> > <!-- > <span jwcid="@Token"/> > --> > > Inge > > On 3/8/06, Mark Stang <[EMAIL PROTECTED]> wrote: > > > > Inge, > > That sounds like an interesting idea. There is interest here in Tacos > and > > AJAX, but we haven't started using it yet. In my case, I have a single > page > > with a component that "swaps" out other components, so I will be trying > your > > solution at a component level. > > > > The one issue we had when we tried something similar to this was with > > direct-links, have you done any testing yet? > > > > Thanks for the info! > > > > regards, > > > > Mark > > > > > > -----Original Message----- > > From: Inge Solvoll [mailto:[EMAIL PROTECTED] > > Sent: Wed 3/8/2006 1:07 AM > > To: Tapestry users > > Subject: Re: "Token" approach to avoiding double submits > > > > I had to do another fix, reset the server token to null in pageEndRender > > of > > the component, because the page containing the token may not be rendered > > after rewind. It seems to work well now. > > > > In combination with the tacos feature of intercepting back and forward > > button events, this solution actually should be sufficient. It might > also > > be interesting to explore how the token-solution could be used with > > AJAX-calls to the server without submits, to check if the page has a > valid > > ticket. > > > > Inge > > > > On 3/7/06, Mark Stang <[EMAIL PROTECTED]> wrote: > > > > > > Inge, > > > Thanks for posting it, I will give it a shot! > > > > > > regards, > > > > > > Mark > > > > > > > > > -----Original Message----- > > > From: Inge Solvoll [mailto:[EMAIL PROTECTED] > > > Sent: Tue 3/7/2006 3:42 AM > > > To: Tapestry users > > > Subject: Re: "Token" approach to avoiding double submits > > > > > > Of course, I meant JWC-file where it says PAGE-file. The code listed > is > > > for > > > a Token-component. > > > > > > On 3/7/06, Inge Solvoll <[EMAIL PROTECTED]> wrote: > > > > > > > > I found a working solution for myself now, that involves the least > > > > possible amount of coding for each page. Now I only have to include > my > > > Token > > > > component at the beginning of each form. So far it's working, please > > > tell me > > > > if anyone sees why this shouldn't work. > > > > > > > > Here's my solution, I really think tapestry should have some kind of > > > > native support for this... > > > > > > > > PAGE-file > > > > > > > > <property name="tokenServer" persist="session"/> > > > > <property name="tokenClient"/> > > > > > > > > <component id="token" type="Hidden"> > > > > <binding name="value" value="tokenClient"/> > > > > </component> > > > > > > > > HTML-file > > > > > > > > <input type="hidden" jwcid="token"/> > > > > > > > > JAVA-file > > > > > > > > > > > > public void pageBeginRender(PageEvent event) { > > > > log.debug("Entered pageBeginRender"); > > > > if (!getRequestCycle().isRewinding()) { > > > > String newToken = generateToken(); > > > > setTokenServer(newToken); > > > > setTokenClient(newToken); > > > > } > > > > } > > > > > > > > protected void renderComponent(IMarkupWriter writer, IRequestCycle > > > > cycle) { > > > > super.renderComponent(writer, cycle); > > > > log.debug ("Entered renderComponent"); > > > > if (getRequestCycle().isRewinding()) { > > > > String tokenClient = getTokenClient(); > > > > String tokenServer = getTokenServer(); > > > > log.debug("Token from form: " + tokenClient); > > > > log.debug("Token on server: " + tokenServer); > > > > > > > > if (tokenClient == null || !tokenClient.equals(tokenServer)) { > > > > > > > > log.error("Token for page is not valid, redirect to obtain > > last > > > > good state"); > > > > throw new PageRedirectException(this.getPage()); > > > > > > > > } > > > > } > > > > } > > > > > > > > > > > > > > > > On 3/3/06, Nick Westgate < [EMAIL PROTECTED]> wrote: > > > > > > > > > > Off the top of my head, I suppose you could put the token in the > > > > > page base class. But then to make it unique you'd have to include > > > > > something (for example the page name) in the token string. > > > > > > > > > > That should work, but perhaps there's a better way in T4. > > > > > Hopefully I'll find out in my next project. ;-) > > > > > > > > > > Cheers, > > > > > Nick. > > > > > > > > > > > > > > > Inge Solvoll wrote: > > > > > > Looks like a good solution! > > > > > > > > > > > > The problem for the future is that getVisit() is deprecated, so > > from > > > > > 4.1 we > > > > > > have to inject the visit object as state into all pages if we > want > > > to > > > > > use > > > > > > this pattern. That qualifies as "unnecessary plumbing" for me, > the > > > > > > expression used in the tapestry commercials :) > > > > > > > > > > > > Maybe my code should use the visit object in every page anyway, > I > > > > > don't use > > > > > > any ASOs yet, partly because our application has been ported > from > > > > > struts, > > > > > > and is still partly struts-implemented, needing quite a few > > > > > integration > > > > > > points. > > > > > > > > > > > > Inge > > > > > > > > > > > > On 3/3/06, Nick Westgate < [EMAIL PROTECTED]> wrote: > > > > > > > > > > > >>Hi Inge. > > > > > >> > > > > > >>I use the FlowSynchronizer pattern that Sohail linked to, > > > > > >>and here's how I avoid code duplication. > > > > > >> > > > > > >>In my T3 apps the FlowSyncronizer is stored in the Visit object. > > > > > >>My border component includes the token in every page: > > > > > >><input jwcid="@Hidden" value="ognl: > > page.visit.flowSynchronizer.token > > > "/> > > > > > >> > > > > > >>In addition, I didn't like the exceptions, so instead: > > > > > >> private boolean resubmit; > > > > > >> public void setToken(String token) > > > > > >> { > > > > > >> // first compare the token > > > > > >> if (this.token == null || !this.token.equals(token)) > > > > > >> { > > > > > >> resubmit = true; > > > > > >> } > > > > > >> else > > > > > >> { > > > > > >> // reset token on match -> subsequent duplicate > > > > > submission > > > > > >>will fail > > > > > >> this.token = null; > > > > > >> resubmit = false; > > > > > >> } > > > > > >> } > > > > > >> > > > > > >>My BasePage class has: > > > > > >> public boolean isResubmit() > > > > > >> { > > > > > >> // check if this cycle is a resubmit (before doing > > inserts > > > > > etc) > > > > > >> Visit visit = (Visit)getVisit(); > > > > > >> return visit.flowSynchronizer.isResubmit(); > > > > > >> } > > > > > >> > > > > > >>Then in any page where you need to know, just call isResubmit(). > > > > > >> > > > > > >>Cheers, > > > > > >>Nick. > > > > > >> > > > > > >> > > > > > >>Inge Solvoll wrote: > > > > > >> > > > > > >>>This is one of the cases where it would be really really sweet > to > > > be > > > > > >> > > > > > >>able to > > > > > >> > > > > > >>>extend components, including specifications... > > > > > >>> > > > > > >>>On 3/2/06, Geoff Longman < [EMAIL PROTECTED]> wrote: > > > > > >>> > > > > > >>> > > > > > >>>>You could craft your own Form component that handles the > hidden > > > and > > > > > >>>>use the tapestry-flash thingy to save the token > > > > > >>>> > > > > > >>>>Geoff > > > > > >>>> > > > > > >>>>On 3/2/06, Inge Solvoll <[EMAIL PROTECTED]> wrote: > > > > > >>>> > > > > > >>>> > > > > > >>>>>I've tried to copy the token-approach from struts into > > Tapestry, > > > to > > > > > >>>> > > > > > >>>>avoid > > > > > >>>> > > > > > >>>> > > > > > >>>>>crashes when the user hits the "refresh"-button in the > browser. > > > > > Using > > > > > >>>> > > > > > >>>>this > > > > > >>>> > > > > > >>>> > > > > > >>>>>approach, the html rendered can only be submitted once. My > > > problem > > > > > is > > > > > >>>> > > > > > >>>>that > > > > > >>>> > > > > > >>>> > > > > > >>>>>the code I've written so far requires too much code copying > and > > > > > >>>> > > > > > >>>>repeating, > > > > > >>>> > > > > > >>>> > > > > > >>>>>and I was wondering if someone has ideas on how to make the > > > > > >>>> > > > > > >>>>implementation a > > > > > >>>> > > > > > >>>> > > > > > >>>>>bit less intrusive for my pages. > > > > > >>>>> > > > > > >>>>>I could include this code in my base class that all my page > > > classes > > > > > >>>> > > > > > >>>>inherit > > > > > >>>> > > > > > >>>> > > > > > >>>>>from, but then I would have to inject WebRequest into every > > > single > > > > > page > > > > > >>>> > > > > > >>>>in > > > > > >>>> > > > > > >>>> > > > > > >>>>>my application, and that's not the tapestry way to do page > > > design, > > > > > is > > > > > >>>> > > > > > >>>>it? > > > > > >>>> > > > > > >>>> > > > > > >>>>>I'm pretty sure that this is functionality that I need in all > > my > > > > > pages > > > > > >>>>>(refresh of a post causes crash most of the times in my > > tapestry > > > > > code). > > > > > >>>>>Maybe this can be done with a servlet filter, or better, with > a > > > > > >> > > > > > >>HiveMind > > > > > >> > > > > > >>>>>service that intercepts the request? > > > > > >>>>> > > > > > >>>>>Here's my code so far: > > > > > >>>>> > > > > > >>>>>public void pageBeginRender(PageEvent event) { > > > > > >>>>> if (getRequestCycle().isRewinding()) { > > > > > >>>>> String token = getRequest().getParameter("token"); > > > > > >>>>> if (token == null || !token.equals(getToken())) { > > > > > >>>>> log.error("Token for page is not valid, redirect to > > obtain > > > > > last > > > > > >>>> > > > > > >>>>good > > > > > >>>> > > > > > >>>> > > > > > >>>>>state"); > > > > > >>>>> throw new PageRedirectException(this); > > > > > >>>>> } > > > > > >>>>> } > > > > > >>>>> else { > > > > > >>>>> setToken(generateToken()); > > > > > >>>>> } > > > > > >>>>> > > > > > >>>>>} > > > > > >>>>> > > > > > >>>>>.html: > > > > > >>>>><input jwcid="@Any" type="hidden" name="token" > > > value="ognl:token"/> > > > > > > > > > > >>>>> > > > > > >>>>>.page: > > > > > >>>>><property name="token" persist="session"/> > > > > > >>>>> > > > > > >>>>> > > > > > >>>>>An article on the subject: > > > > > >>>>>http://www.javalobby.org/java/forums/m91956568.html > > > > > >>>>> > > > > > >>>>> > > > > > >>>> > > > > > >>>> > > > > > >>>>-- > > > > > >>>>The Spindle guy. http://spindle.sf.net > > > > > >>>>Get help with Spindle: > > > > > >>>> http://lists.sourceforge.net/mailman/listinfo/spindle-user > > > > > >>>>Blog: http://jroller.com/page/glongman > > > > > >>>>Feature Updates: http://spindle.sf.net/updates > > > > > >>>> > > > > > > > > > > > > > > > > >>>>--------------------------------------------------------------------- > > > > > >>>>To unsubscribe, e-mail: > > > [EMAIL PROTECTED] > > > > > >>>>For additional commands, e-mail: > > > [EMAIL PROTECTED] > > > > > > > > > > >>>> > > > > > >>>> > > > > > >>> > > > > > >>> > > > > > > > > > >>--------------------------------------------------------------------- > > > > > >>To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > > > >>For additional commands, e-mail: > > > [EMAIL PROTECTED] > > > > > >> > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
