RE: Need a synchronizer token

Mon, 26 Jul 2004 01:52:44 -0700 

Try org.apache.struts.taglib.html.FormTag.java Line 513, 636?rendered under the hidden 
paramter 
"org.apache.struts.taglib.html.TOKEN"

        If the form tag finds a token saved (can be done by calling saveToken in the 
action class) it automatically renders it under as a hidden parameter undere that 
name. We can call to saveToken again to generate a new token and save it once 
processed. So that a duplicate request would hold some previous value of the token 
leading to the failure of isTokenValid. 

:) 


-----Original Message-----
From: Erik Weber [mailto:[EMAIL PROTECTED]
Sent: Monday, July 26, 2004 11:56 AM
To: Struts Users Mailing List
Subject: Re: Need a synchronizer token


Thanks, Kataria. But, after looking at these methods, I'm still not sure 
how you set the hidden field in the form. For example, what name do you 
use for the parameter? Or is this handled by a Struts tag?

Erik



Kataria, Satish wrote:

>Refer to the documentation of the action class. It has savetoken() &
>istokenvalid() method to implement the synchronizer token patter.
>
>Thanks,
>Satish
>
>
>
>-----Original Message-----
>From: Erik Weber [mailto:[EMAIL PROTECTED] 
>Sent: Monday, July 26, 2004 11:11 AM
>To: Struts Users Mailing List
>Subject: Need a synchronizer token
>
>
>I know I've seen somewhere that Struts handles the synchronizer token 
>pattern -- where a synchronizer token is embedded as a hidden form field
>
>and compared with an expected value stored as a session attribute before
>
>a write action is performed -- but I don't know exactly where to look.
>
>Can someone tell me the Struts way to handle this?
>
>Thanks,
>Erik
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>  
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to