• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How does strut actions cope with hidden fields such as token

 
Tony Evans
Ranch Hand
Posts: 598
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When submitting a form you have hidden params such as token

<input name="struts.token.name" value="struts.token" type="hidden">


used to check for double clicking how does struts handle these hidden parameters so it does not try to map them to an action
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From http://struts.apache.org/2.x/docs/struts-defaultxml.html:Remember--having access to the source allows us to answer a lot of these questions relatively easily :)
 
Glen Divers
Ranch Hand
Posts: 61
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
David Newton wrote:From http://struts.apache.org/2.x/docs/struts-defaultxml.html:Remember--having access to the source allows us to answer a lot of these questions relatively easily :)


Specifically for the token tag, isn't it the TokenInterceptor (or TokenSessionStoreInterceptor) that takes care of things?
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It takes care of the session part. The params filter is what filters the parameter, as shown above.
 
Tony Evans
Ranch Hand
Posts: 598
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ok so the filter in struts-default.xml

<interceptor-ref name="params">
<param name="excludeParams">dojo\..*</param>
</interceptor-ref>


will handle or should handle the hidden field token so that it does not map to an action. That is kind of what I though it did, or does.

But I am getting this ONGL problem where it is trying to map a value to object usind the name token, so setToken to an object. That does not exist.

I am trying to go through the work flow before any of the params are mapped to there respective objects with corresponding setters, it should filter out all the hidden fields such as token and preventCache.

My application is using
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:187)

To intercept the params it should still call struts-default.xml

o
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Check your interceptor order.
 
Tony Evans
Ranch Hand
Posts: 598
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well in my action set up I have

<action name="editDevice" class="com.myapp.DeviceAction" method="edit">
<interceptor-ref name="tokenSession"/>
<interceptor-ref name="defaultStack"/>
<result name="success">/WEB-INF/pages/device.jsp</result>
</action>

but it still causes the ttoken error I tried to remove <ww:token/> but it causes a page rendering error. Have to go way think about this over the weekends
 
Tony Evans
Ranch Hand
Posts: 598
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Removed <www.token/> and the filters and I did not get the error

ognl.OgnlException: target is null for setProperty(null, "token", [Ljava.lang.String;@304c885c)
at ognl.OgnlRuntime.setProperty(OgnlRuntime.java:1651)
at ognl.ASTProperty.setValueBody(ASTProperty.java:101)
at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:177)
at ognl.SimpleNode.setValue(SimpleNode.java:246)
at ognl.ASTChain.setValueBody(ASTChain.java:172)
at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:177)
at ognl.SimpleNode.setValue(SimpleNode.java:246)
at ognl.Ognl.setValue(Ognl.java:476)


so it is trying to map the token to a object and is not being filtered out by

<interceptor-ref name="tokenSession"/>
<interceptor-ref name="defaultStack"/>
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic