There's an example in the example web app in WW2.
The
TokenSessionInterceptor goes on the Action the Token is going to, so it's the
one the form post is handled by.
The
difference between the TokenInterceptor and the TokenSessionInterceptor is that
the TokenInterceptor just checks for a valid Token, and returns "invalid.token"
if there is no valid token. The TokenSessionInterceptor saves the
ActionInvocation into the Session if there's a valid Token, then gets it from
the session if a duplicate token comes in and re-renders the same result.
Yes,
both require you to put a TokenTag into your page. This does 2
things:
1) Put
a pair of hidden form fields in your form, one with the name of the token, and
the other with the token value
webwork.token.name = tokenName
tokenName = ....some long token value...
2) Put
the tokenName = token value into a Map stored in the Session
The
reason for the token name is so that you can have different groups of forms
which can only have one active. Otherwise users could never use 2 parts of your
site at the same time.
Then
you need one of the Token Interceptors in your Interceptors for the Action which
handles the form.
A
redirect doesn't give you any access to the new request. You basically send back
a header telling the browser to hit this other URL.
Hope
that helps,
Jason
�-----Original Message-----
From: Drew McAuliffe [mailto:[EMAIL PROTECTED]
Sent: Sunday, February 01, 2004 12:41 AM
To: [EMAIL PROTECTED]
Subject: RE: [OS-webwork] Action messages between redirectCan you give a brief example of using this? I'm not sure which action the token interceptor goes on. Also, what's the difference between the token interceptor and the token session interceptor? To work, do both require a tag on my form? Also, what's the easiest way to put the tag on a form if I'm using velocity? Just a "#tag" directive?One possible answer to my original question might be some sort of special redirect result that can also do chaining. I'm a little unclear of how chaining works at a low level, but it appears that it _might_ be possible to take the contents of an action and stick them back onto a request after a redirect. Or does a redirect offer no way to gain access to the new request (I guess that's more of a servlet api question).Sorry if my questions sound dumb but I've been burning the midnight oil for a couple of weeks straight.Thanks,Drew
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Carreira
Sent: Friday, January 30, 2004 5:54 PM
To: [EMAIL PROTECTED]
Subject: RE: [OS-webwork] Action messages between redirectAnother option is to use the com.opensymphony.webwork.interceptor.TokenSessionStoreInterceptor (mapped as "token-session" in webwork-defaults). If you have a <ww:token> tag in your form page which you submit, then the token-session interceptor will check for the token in your form... If it gets a duplicate form post (like if they refresh and tell it to re-post) then it will just re-render the same page again without executing the action. This includes if you chain to another Action.-----Original Message-----
From: Drew McAuliffe [mailto:[EMAIL PROTECTED]
Sent: Friday, January 30, 2004 5:50 PM
To: [EMAIL PROTECTED]
Subject: [OS-webwork] Action messages between redirectIs there any standard way for dealing with messages that are passed between an action and a redirect result? As I understand it, once a redirect is done, a new request is created and any messages you may have stored in an action (via actionErrors or something hanging off of the action itself) are gone.The scenario I'm trying to deal with is an administrative password reset function. It autogenerates a password, then does a redirect back to the user detail page. I want a message to say what the new password is. It works if I do it as a chaining result, but that has a problem. On a chain action, after a successful change, the URL is still pointing to the reset action. If the user hits "refresh", instead of getting a refreshed view page, they'll end up calling the action again. For something like this, that could cause problems. I usually do a redirect after add and save actions without any problem, because I usually never need to display a message. But in this case, if I don't display a message, the user won't know what the password was reset to! Note that this is only one example, but I can think of a ton of other things that a similar pattern would help address.I think Struts maintained some sort of information on the session, and that may be the only way to handle this, but I wanted to see what others had experienced.Thanks,Drew
