struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Graham" <dgraham1...@hotmail.com>
Subject Re: Token in struts and session bean.... problem with the framework ?
Date Tue, 17 Jun 2003 21:04:02 GMT

> > >It's up to your Action to call the token methods to
> > >validate the token and
> > >forward the user to an appropriate page.
> > >
> >
>  I know, maybe I wasn't clear enough .. sorry :-)
>What I'm saying is that if you use a
>  session bean, the content is modified even though the
>token is invalid.. I thinks this should not happen.

By session bean, do you mean EJB or an ActionForm stored in the session?  I 
haven't tried this but maybe you could put the token check in the form's 
validate method but that also happens after the form bean is populated.  The 
token is currently viewed as a piece of form data for the Action to handle 
and not the framework.  Allowing actions to check the token gives people the 
flexibility of deciding what to do with the user in various situations.

David

>
>  I'm working on an intranet application and I'm using
>  session beans (Maybe I shouldn't). Right now if the
>  user does a double click. The first request passes
>and the second request populates the bean while the
>first request is been processed ... This is a little
>race :-).
>
>  I don't think Struts offers an easy way to avoid
>  this... maybe I'm wrong ...
>
>  Thanks
>  /David
>
>
>
>
> > David
> > --- David Gagnon <gagnondav@yahoo.com> wrote:
> > >  Hi all,
> > >
> > >
> > >    If you have a session bean and you are using
> > the
> > >  token framework to protect yourself again
> > multiple
> > >  submit...
> > >
> > >
> > >  Let say a request with a bad token is post to the
> > >  server.  The bean will be populated right ...
> > even
> > >  if
> > >  the token is not valid.  Is struts offers support
> > > to
> > >  check if a request contains a valid token prior
> > to
> > >  populate the bean.  For what I know you the
> > sooner
> > >  you
> > >  can play with token in struts is in the reset
> > > method
> > >  of the bean (It may not be the best place to play
> > >  with
> > >  token anyway...).
> > >
> > >
> > >  Is a request with a bad or no token should be
> > >  redirect
> > >  by the framework to a handler.  Like it's done
> > with
> > >  the Exception in Struts?  I think there should
> > have
> > >  a
> > >  way to avoid changing the server state on bad
> > >  request
> > >  ...
> > >
> > >
> > >  My guest is that you already know about all that
> > > :-)
> > >  ... or that there is something to prevent this
> > that
> > >  I'm not aware of.
> > >
> > >
> > >  Thanks for your help
> > >
> > >
> > >  /Dave
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > __________________________________
> > > Do you Yahoo!?
> > > SBC Yahoo! DSL - Now only $29.95 per month!
> > > http://sbc.yahoo.com
> > >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > SBC Yahoo! DSL - Now only $29.95 per month!
> > http://sbc.yahoo.com
>
>
>
>__________________________________
>Do you Yahoo!?
>SBC Yahoo! DSL - Now only $29.95 per month!
>http://sbc.yahoo.com
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: struts-user-help@jakarta.apache.org
>

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  
http://join.msn.com/?page=features/virus


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message