Take a look at the token-based solution posted in 2 year old article:
http://article.gmane.org/gmane.comp.java.tapestry.user/9650/match=colleague+bernhard+woditschka
Here are few lines at the beginning of the article:
======================
We recently brought a Tapestry app into operation, about 80 pages
and components.
My colleague Bernhard Woditschka implemented the SynchronizerToken
there from "Core J2EE Patterns" by Alur, Crupi and Malks
(http://www.refactoring.com/catalog/introduceSynchronizerToken.html),
addressing the following issues:
- prevent use of browser "Back" button
- prevent multiple concurrent submissions of a form
- prevent operation in multiple browser windows using the same HTTP session
The implementation is 100% server side, and it is somewhat strict in
that upon detecting disallowed action on any page, an error page is
activated in any case.
============================================================
Sohail Aslam
sohail dot aslam at google mail dot calm
Mark Stang wrote:
Inge,
I have been looking at this issue also, but haven't made any progress.
My plan was to generate a random value for each page so that Tapestry would catch it
during the rewind and then abort the rest of the comparing that goes on. I was going to
create a component that was embedded in my "Border component/Frame Component".
That way as each page is rendered I could have a unique value. One of my issues is what
do I do with DirectLinks?
I would really appreciate if you posted your results back to the list.
regards,
Mark
-----Original Message-----
From: Inge Solvoll [mailto:[EMAIL PROTECTED]
Sent: Thu 3/2/2006 8:33 AM
To: Tapestry users
Subject: Re: "Token" approach to avoiding double submits
I'll try that, thanks Geoff!
I'll try to get into this, anyone else who has done something similar and
has some code to share? If not, I will send excerpts of my code when I'm
done.
Inge
On 3/2/06, Geoff Longman <[EMAIL PROTECTED]> wrote:
You could craft your own Form component that handles the hidden and
use the tapestry-flash thingy to save the token
Geoff
On 3/2/06, Inge Solvoll <[EMAIL PROTECTED]> wrote:
I've tried to copy the token-approach from struts into Tapestry, to
avoid
crashes when the user hits the "refresh"-button in the browser. Using
this
approach, the html rendered can only be submitted once. My problem is
that
the code I've written so far requires too much code copying and
repeating,
and I was wondering if someone has ideas on how to make the
implementation a
bit less intrusive for my pages.
I could include this code in my base class that all my page classes
inherit
from, but then I would have to inject WebRequest into every single page
in
my application, and that's not the tapestry way to do page design, is
it?
I'm pretty sure that this is functionality that I need in all my pages
(refresh of a post causes crash most of the times in my tapestry code).
Maybe this can be done with a servlet filter, or better, with a HiveMind
service that intercepts the request?
Here's my code so far:
public void pageBeginRender(PageEvent event) {
if (getRequestCycle().isRewinding()) {
String token = getRequest().getParameter("token");
if (token == null || !token.equals(getToken())) {
log.error("Token for page is not valid, redirect to obtain last
good
state");
throw new PageRedirectException(this);
}
}
else {
setToken(generateToken());
}
}
.html:
<input jwcid="@Any" type="hidden" name="token" value="ognl:token"/>
.page:
<property name="token" persist="session"/>
An article on the subject:
http://www.javalobby.org/java/forums/m91956568.html
--
The Spindle guy. http://spindle.sf.net
Get help with Spindle:
http://lists.sourceforge.net/mailman/listinfo/spindle-user
Blog: http://jroller.com/page/glongman
Feature Updates: http://spindle.sf.net/updates
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
