struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Weber <erikwe...@mindspring.com>
Subject Re: Need a synchronizer token
Date Mon, 26 Jul 2004 07:13:32 GMT
Kataria, I must have been trying too hard. ;) These two methods worked fine.

Thanks,
Erik



Kataria, Satish wrote:

>The  synchronizer token pattern in struts is typically used for avoiding
>double submits
>The method savetoken() creates a unique token and stores it as a hidden
>field.The call to this method is typically made in the action class
>loading the page.
>
>Thereafter we use istokenvalid() to determine whether the token is valid
>or not and if valid 
>Then call the business processing logic in the action class. This method
>is called in the submit action and the strutcture 
>Or ur code in the submit action is as follows:
>If(istokenvalid())
>{
>-- call the business processing logic e.g call an EJB for processing the
>request
>}
>
>I don't remember the actual elementname by which struts creates the
>hidden field(can be easily fiound out by reading struts docs though)
>
>If ur need is just to create a hidden field then there is a different
>tag availabe for it.
>
>Hope it clarifies.
>
>
>Thanks,
>Satish
>
>-----Original Message-----
>From: Erik Weber [mailto:erikweber@mindspring.com] 
>Sent: Monday, July 26, 2004 11:56 AM
>To: Struts Users Mailing List
>Subject: Re: Need a synchronizer token
>
>
>Thanks, Kataria. But, after looking at these methods, I'm still not sure
>
>how you set the hidden field in the form. For example, what name do you 
>use for the parameter? Or is this handled by a Struts tag?
>
>Erik
>
>
>
>Kataria, Satish wrote:
>
>  
>
>>Refer to the documentation of the action class. It has savetoken() &
>>istokenvalid() method to implement the synchronizer token patter.
>>
>>Thanks,
>>Satish
>>
>>
>>
>>-----Original Message-----
>>From: Erik Weber [mailto:erikweber@mindspring.com] 
>>Sent: Monday, July 26, 2004 11:11 AM
>>To: Struts Users Mailing List
>>Subject: Need a synchronizer token
>>
>>
>>I know I've seen somewhere that Struts handles the synchronizer token 
>>pattern -- where a synchronizer token is embedded as a hidden form
>>    
>>
>field
>  
>
>>and compared with an expected value stored as a session attribute
>>    
>>
>before
>  
>
>>a write action is performed -- but I don't know exactly where to look.
>>
>>Can someone tell me the Struts way to handle this?
>>
>>Thanks,
>>Erik
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>For additional commands, e-mail: user-help@struts.apache.org
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>For additional commands, e-mail: user-help@struts.apache.org
>>
>>
>> 
>>
>>    
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>
>  
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message