struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Weber <erikwe...@mindspring.com>
Subject Re: Need a synchronizer token
Date Mon, 26 Jul 2004 08:58:14 GMT
Thanks!

Erik



Raghuram Kanadam wrote:

>Try org.apache.struts.taglib.html.FormTag.java Line 513, 636?rendered under the hidden
paramter 
>"org.apache.struts.taglib.html.TOKEN"
>
>	If the form tag finds a token saved (can be done by calling saveToken in the action class)
it automatically renders it under as a hidden parameter undere that name. We can call to saveToken
again to generate a new token and save it once processed. So that a duplicate request would
hold some previous value of the token leading to the failure of isTokenValid. 
>
>:) 
>
>
>-----Original Message-----
>From: Erik Weber [mailto:erikweber@mindspring.com]
>Sent: Monday, July 26, 2004 11:56 AM
>To: Struts Users Mailing List
>Subject: Re: Need a synchronizer token
>
>
>Thanks, Kataria. But, after looking at these methods, I'm still not sure 
>how you set the hidden field in the form. For example, what name do you 
>use for the parameter? Or is this handled by a Struts tag?
>
>Erik
>
>
>
>Kataria, Satish wrote:
>
>  
>
>>Refer to the documentation of the action class. It has savetoken() &
>>istokenvalid() method to implement the synchronizer token patter.
>>
>>Thanks,
>>Satish
>>
>>
>>
>>-----Original Message-----
>>From: Erik Weber [mailto:erikweber@mindspring.com] 
>>Sent: Monday, July 26, 2004 11:11 AM
>>To: Struts Users Mailing List
>>Subject: Need a synchronizer token
>>
>>
>>I know I've seen somewhere that Struts handles the synchronizer token 
>>pattern -- where a synchronizer token is embedded as a hidden form field
>>
>>and compared with an expected value stored as a session attribute before
>>
>>a write action is performed -- but I don't know exactly where to look.
>>
>>Can someone tell me the Struts way to handle this?
>>
>>Thanks,
>>Erik
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>For additional commands, e-mail: user-help@struts.apache.org
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>For additional commands, e-mail: user-help@struts.apache.org
>>
>>
>> 
>>
>>    
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>
>  
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message