struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Husted <hus...@apache.org>
Subject Re: Transaction Token check required before form populate
Date Thu, 14 Feb 2002 15:27:03 GMT
One solution would be to write the GET form youself, using bean:write to
populate the the HTML controls. 

If someone submitted a patch to bugzilla that allowed the generation of
the token to be switched off on a form by form basis, I'm sure it would
be considered. 

-- Ted Husted, Husted dot Com, Fairport NY USA.
-- Java Web Development with Struts.
-- Tel +1 585 737-3463.
-- Web http://www.husted.com/struts/



Duncan Harris wrote:
> 
> The other thing that seems to be an annoyance is that the
> org.apache.struts.taglib.html.TOKEN parameter gets added for
> all forms on the page if it is set. I don't want this to happen.
> There appears to be no way to easily avoid this without overriding
> and replicating the whole of the FormTag.doStartTag() method.
> 
> Example when I don't want this is I have a main form which is POSTed,
> but an auxiliary navigational form (e.g. drop-down list and Go button)
> which is a GET with a clean URL. However the URL is no longer very clean.
> 
> Duncan Harris
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Hartford, Cheshire, U.K., Tel: 07968 060418
> Looking for STRUTS contract work in the U.K.
> 
> duncan@sapio.co.uk (Duncan Harris) wrote:
> 
> > I need my transaction token checking before my form is
> > populated.
> >
> > Problem here is that I have indexed properties and the valid index range
> > may be different at different times. When all is well, the form bean and
> > the HTML form correspond, but if the user goes back and re-submits then
> > they may not and I can get out of range exceptions.
> >
> > I thought I could use the transaction token to guard against this, but
> > of course it needs doing before the action perform() method is called.
> >
> > I already have a servlet derived from ActionServlet so I thought I could
> > do it here, but of course the token checking functions are not available
> > from here because they are protected.
> >
> > So it seems I have to copy the token checking code.
> >
> > Is there a clean way to solve this?
> >
> > Or maybe STRUTS needs fixing? Should the token checking functions be
> > static and public?
> 
> --
> To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message