This week's giveaway is in the EJB and other Java EE Technologies forum.
We're giving away four copies of EJB 3 in Action and have Debu Panda, Reza Rahman, Ryan Cuprak, and Michael Remijan on-line!
See this thread for details.
The moose likes Struts and the fly likes How does strut actions cope with hidden fields such as token Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "How does strut actions cope with hidden fields such as token" Watch "How does strut actions cope with hidden fields such as token" New topic
Author

How does strut actions cope with hidden fields such as token

Tony Evans
Ranch Hand

Joined: Jun 29, 2002
Posts: 556
When submitting a form you have hidden params such as token

<input name="struts.token.name" value="struts.token" type="hidden">


used to check for double clicking how does struts handle these hidden parameters so it does not try to map them to an action
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

From http://struts.apache.org/2.x/docs/struts-defaultxml.html:Remember--having access to the source allows us to answer a lot of these questions relatively easily :)
Glen Divers
Ranch Hand

Joined: Jan 21, 2010
Posts: 61
David Newton wrote:From http://struts.apache.org/2.x/docs/struts-defaultxml.html:Remember--having access to the source allows us to answer a lot of these questions relatively easily :)


Specifically for the token tag, isn't it the TokenInterceptor (or TokenSessionStoreInterceptor) that takes care of things?
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

It takes care of the session part. The params filter is what filters the parameter, as shown above.
Tony Evans
Ranch Hand

Joined: Jun 29, 2002
Posts: 556
ok so the filter in struts-default.xml

<interceptor-ref name="params">
<param name="excludeParams">dojo\..*</param>
</interceptor-ref>


will handle or should handle the hidden field token so that it does not map to an action. That is kind of what I though it did, or does.

But I am getting this ONGL problem where it is trying to map a value to object usind the name token, so setToken to an object. That does not exist.

I am trying to go through the work flow before any of the params are mapped to there respective objects with corresponding setters, it should filter out all the hidden fields such as token and preventCache.

My application is using
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:187)

To intercept the params it should still call struts-default.xml

o
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Check your interceptor order.
Tony Evans
Ranch Hand

Joined: Jun 29, 2002
Posts: 556
Well in my action set up I have

<action name="editDevice" class="com.myapp.DeviceAction" method="edit">
<interceptor-ref name="tokenSession"/>
<interceptor-ref name="defaultStack"/>
<result name="success">/WEB-INF/pages/device.jsp</result>
</action>

but it still causes the ttoken error I tried to remove <ww:token/> but it causes a page rendering error. Have to go way think about this over the weekends
Tony Evans
Ranch Hand

Joined: Jun 29, 2002
Posts: 556
Removed <www.token/> and the filters and I did not get the error

ognl.OgnlException: target is null for setProperty(null, "token", [Ljava.lang.String;@304c885c)
at ognl.OgnlRuntime.setProperty(OgnlRuntime.java:1651)
at ognl.ASTProperty.setValueBody(ASTProperty.java:101)
at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:177)
at ognl.SimpleNode.setValue(SimpleNode.java:246)
at ognl.ASTChain.setValueBody(ASTChain.java:172)
at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:177)
at ognl.SimpleNode.setValue(SimpleNode.java:246)
at ognl.Ognl.setValue(Ognl.java:476)


so it is trying to map the token to a object and is not being filtered out by

<interceptor-ref name="tokenSession"/>
<interceptor-ref name="defaultStack"/>
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How does strut actions cope with hidden fields such as token
 
Similar Threads
servlet 4b checking password in VideoLoginServlet
SAML with weblogic 10
Hidden form fields
java platform independent?
submitting the invoice twice when submitt button is clicked