Re: Refresh button and Back button
The back button problem is standard. You need to use a token to prevent sensitive form resubmission. This is documented in Geary's Advanced JSP book and Core J2EEE patterns. They are both put out by Sun. In short, tokens allow you to determine whether the page should be processed in the normal way. You include a token in the request and save a copy in the session. When the page is submitted, you check that they match. If so, you can do normal processing. If not, you need to decide what to do. Struts supports tokens, but the implementation is opaque (IMHO). Geary's book provides a good treatment. However, there is an error in the code he uses to check tokens (don't have book in front right now, so can't spell it out). I think he does not check all the cases he says he does. At any rate, the code is in the book for the test tokens tag he develops. Even if you used the Struts implementation, you would have to use his logic. Bud -- ___ Bud Gibson e-Lab Czar Assistant Professor University of Michigan Business School 701 Tappan Street, C2424 Ann Arbor, MI 48109-1234 ph: 734\647-9200 fax: 734\764-3240 [EMAIL PROTECTED]
Re: DataSource and Factories
This looks interesting, but I am not sure how I would use it. Would the strategy be to set up an action to run when the application is loaded? Would the action then obtain a reference to the data source and stow it in some repository using JNDI for use by the persistenc layer? That is the solution we think will work. Is this different from that? Thanks, Bud DataSource can be obtained either Deployment descriptor as java:comp/jdbc/MyDataSource (associate a Jndi name to the Datasource )
beans:write bug?
We have a bean with properties where the setter takes a float, and the getter returns a string. Using expressions and scriptlets, this all works fine. For instance, I can write the following for a bean contained inside another: %= HagBean.getProduct().getPrice() % and a formatted string with the price will appear. However, when we try the equivalent bean:write, bean:write name=HagBean property=product.price / struts tells us that we are mismatching types with a float and String. Is this a bean:write bug? As I understand beans, setter methods are not even required. I find it odd that bean:write seems to be assuming the type of the setter method and then becoming unhappy when it gets the type returned by the getter method. Thanks, Bud -- ___ Bud Gibson e-Lab Czar Assistant Professor University of Michigan Business School 701 Tappan Street, C2424 Ann Arbor, MI 48109-1234 ph: 734\647-9200 fax: 734\764-3240 [EMAIL PROTECTED]
Using tokens for sensitive form submissions
Hi: We want to use tokens for sensitive form submissions. It looks like struts can do this. However, the feature is hidden (at least to me) and undocumented. Following David Geary's Advanced JSP book (and somewhat Core J2EE Patterns by Alur et al.), I would like to set a token when I send out certain forms and test the token when those forms are resubmitted. At this stage, I have actually written my own action and borrowed Geary's tag library code. If someone submits a form with a stale or no token, my action reroutes them to a default action that figures out what to do with them. If someone submits a form without a stale token, then the form is forwarded to another action that does validation and processing. Have I reinvented the wheel? Is there a built-in capacity to do this within struts? I want to write as little infrastructure code as possible. Thanks, Bud Gibson University of Michigan Business School
