Am Freitag, 21. November 2003 19:56 schrieb Edgar P Dollin: > I haven't seen any but there isn't really much to document. You put > an integer into the form with a value that is updated by the action. > This value must change from request to request, typically it is > incremented. You must carry a hidden field in the jsp to carry the > token to the following request (if you don't have the hidden field > and are using session beans the value will always be correct, with > request beans it will always be incorrect). The load action also > puts the token value into the session so the next action can check > the value. When the target action is invoked, it picks up the token > and checks the value against the actionform. If the value is not the > same, i.e. the user hit the back button and resubmitted, you have an > error situation. You can forward to an error page or take whatever > action you deem necessary at that point. > > Edgar
Just to add that Struts already has integrated transaction support on a MD5 token basis which is automatically supported by the HTML tags when a token is detected. Then, the whole thing boils down to properly making use of the saveToken(), isTokenValid() and resetToken() methods in your Action. The only thing you may have to retrofit your JSPs with is adding the 'transaction="true" attribute to possible <html:link>s; <html:form>s have built-in transaction support anyway. Nice feature. -- Chris. > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > > Sent: Friday, November 21, 2003 11:52 AM > > To: [EMAIL PROTECTED] > > Subject: RE: Token documentation -- CLIP! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
