When saveToken() is called, a hidden field will automatically be added to forms in your jsps (assuming you use html:form). The Struts
servlet stores [in session] the most recent token.
isTokenValid() checks to see if the hidden variable submitted with the form matches the most recent one set through the saveToken method.