[ http://issues.apache.org/struts/browse/SHALE-287?page=comments#action_38602 ] Adrian Mitev commented on SHALE-287: ------------------------------------
Hi! I've downloaded the Token source code from the repository and make myself a test project. I have the following: page.jsp with source code: <h:form id="helloForm"> <s:token id="token" messageDetail="double submit" messageSummary="double submit" /> <h:messages /> <t:inputText required="true" value="#{GetNameBean.userName}"> <f:validateLength minimum="2" maximum="20"/> </t:inputText> <t:commandButton id="submit" action="sayhello" value="Say Hello" /> </h:form> When i submit the page without any value inputted i get validation error and the page is redisplayed. I input value in the input field and submit the form again, then i got error message from the token - "double submit". I've debugged a little bit and saw that when validation error occurred and the page is redisplayed the token value was not changed (no new token is generated): Check the class: org.apache.shale.component.Token, method: public String getToken() the code if (value != null) { return value; } This condition is always true after the page is rendered for the first time. > Faulty behavior of the "token" component with Apache MyFaces >1.1.1 > ------------------------------------------------------------------- > > Key: SHALE-287 > URL: http://issues.apache.org/struts/browse/SHALE-287 > Project: Shale > Issue Type: Bug > Components: Core > Environment: OS: Microsoft Windows XP SP2 > Servlet Container: jakarta-tomcat-5.5.9 > Reporter: Mike Meessen > Assigned To: Craig McClanahan > Attachments: ShaleIssueDemo.zip > > > This issue appears when using Apache MyFaces as of version 1.1.2. The MyFaces > project states the following about their 1.1.2 release: > [Quote] > This is the first official release of what we are now calling the "core." The > core refers to the JSF 1.1 implementation as specified by JSR-127. It has > passed Sun's TCK and is considered to be 100% compliant with the spec. > [/Quote] > So as a conclusion, I think everyone who's still using MyFaces 1.1.1 should > hurry upgrading his code to be 1.1.2 compliant. > Allthough Shale should be JSF-implementation-independant, it seems this issue > appears or not depending on the used MyFaces version. > Steps to reproduce the issue: > * Use a simple JSF submission form to which you add Shale's Token tag to > check for illegal form resubmissions. > * As long as you submit the form correctly, everyting works fine. > * Press F5 (page refresh) once, the browser warns about HTTP POST data > resubmission. > * Discard the warning and go on resending the same HTTP request. > * Shale recognizes the resubmission and acts correctly (no application logic > gets invoked). > **** This is the part where the behavior changes according to what MyFaces > version is used: > With MyFaces 1.1.1 > -------------------------- > * Resubmit the form correctly (using the submit button). > ==> The workflow goes on and the form is correctly submitted. > With MyFaces 1.1.2 and above > ----------------------------------------- > * Resubmit the form correctly (using the submit button). > ==> Nothing happens. No new token is generated, so no application logic gets > invoked and the workflow stucks. > I attached a sample project which demoes the issue. > -- EDIT: > I forgot to mention that with both MyFaces versions, I set the context-param > "org.apache.myfaces.ALLOW_JAVASCRIPT" to false. In theory, this shouldn't > make a difference since I'm using HTTP POST just as the javascript would do, > but I think it's worth the hint. > Regards, > Mike -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/struts/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira