When I originally implemented this
I had a custom tag that generated the token.
<struts-ext:token/>
I had envisioned having the <html:form> tag
generate the token for you.
However, that is not they way Craig eventually
implemented it.
Alternatively, you can download the old implementation:
http://marc.theaimsgroup.com/?l=struts-dev&m=97119585909952&w=2
http://marc.theaimsgroup.com/?l=struts-dev&m=97119647211699&w=2
These are a separate set of classes not tied to struts
so they will still work. There is JavaDoc for it.
If this method works for you then that would be a good
reason to take a look at the custom tag approach again.
-ROb
Richard Reich wrote:
>
> The transaction enforcement support in class Action assumes that the key
> will be returned in the request attributes. This is not the case with pages
> that require multipart support (for file uploads, for example). A direct
> work-around exists -- just use the generateToken() and saveToken() methods,
> handle schlepping the key in the form yourself, and write your own one-liner
> to compare the schlepped key with the stored one.
>
> It took me an embarrassingly long time to find this problem because of my
> (deserved) faith in Struts. <g> Maybe it should be documented, though
> devoting resources to fix it now is probably not necessary.
>
> -r
>
> Richard Reich
> http://reich.com
> http://calendar.yahoo.com/richard+reich
