Re: Struts Token help

Fri, 21 Dec 2007 05:19:42 -0800

Assuming you are referring to Struts 1.x, when you work with tokens the servlet will ensure that your response will have a hidden token everytime your action finishes execution. It does this so that it knows what to expect and control multiple logins. Once it's compared (1 and only once), the servlet will get rid of it, so multiple submissions (double clicking, back button and submit again) are caught (by mismatch). So the behavior you see is the correct one, and yes... you need to save it each time (if you want the token checking to work in each interaction).
Depending on your application, it may be acceptable to double submit (or even use the back button in a shopping cart app) in some parts of your application. You typically want to be careful when you are ready to call a bean to persist your data, where you need to do the checking. In other words, the saveToken prepares your form to be checked for double submissions, the isTokenValid() checks that prepared form whether it was already submitted. 


BTW, unless you have a good reason to use that static boolean within an 
action, this will causing problem. Actions are not thread-safe (they are 
reused during different request/sessions). This is a bomb awaiting to 
explode if you ask me (unless you know what you are doing e.g. 
synchronizing it, etc, etc)




Indresh Chadha wrote:

Hi, 

I need to stop: 
1. multiple post to an action 
2. refresh of a page 
using Struts. 

What i tried was using the Struts Token. 
I have a common BaseAction class that extends Action class. All the other
action classes extend the BaseAction class. 

In my BaseAction class I did the following: 
1. public static boolean blnFirst = true; 
2. In execute method: 
      if(blnFirst){ 
             System.out.println("****BaseAction: FIRST Time"); 
        saveToken(httpRequest); 
        this.blnFirst = false; 
      } 


Saving the token adds an attribute:

org.apache.struts.Globals.TRANSACTION_TOKEN_KEY in the session 
Now when I try to check the validity of the token by
isTokenValid(httpRequest), it is everytime resolving to NULL. 
This piece of code: 
httpRequest.getSession().getAttribute(Globals.TRANSACTION_TOKEN_KEY) returns
some value only the first time.All the other time it returns null. 


Do I need to save the token every time? (Which I dont think so) OR just

once(which I'm doing) OR is there any other way? 
I'm resetting the token every time using resetToken(httpRequest). 

Please help me out. 



--

Alberto A. Flores
http://www.linkedin.com/in/aflores



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





















					Reply via email to