This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Struts and the fly likes Need help on understanding ww:token Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Need help on understanding ww:token" Watch "Need help on understanding ww:token" New topic
Author

Need help on understanding ww:token

Tony Evans
Ranch Hand

Joined: Jun 29, 2002
Posts: 573
As i understand it <ww.token/> is used to help with the double click problem.

The wording in the document is "It is needed if you are using the TokenInterceptor or the TokenSessionInterceptor"

Should that be you set <ww.token/> and then use the TokenInterceptor or the TokenSessionInterceptor. And the purpose of the TokenInterceptor or the TokenSessionInterceptor is to make sure that struts does not try to set the token on the action.

All parameters are matched and set on the actioion otherwise a exception is called, so TokenInterceptor or the TokenSessionInterceptor filter out the token so struts does not look for a setToken on any object held by the action.
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

I'm not really sure what you just said.

In any case, the easiest way to find out how it works is to look at the code for the TokenInterceptor and the code for the tag.

To be honest, I'd rather just disable the button/link after it's clicked.
Tony Evans
Ranch Hand

Joined: Jun 29, 2002
Posts: 573
Hi Dave never used struts before but now I have to maintain a struts app

well in my JSP page in my form editDevice I have <ww:token/>

in my xword-device.xml I have

<action name="editDevice" class="com.web.DeviceAction" method="edit">
<interceptor-ref name="token"/>
<interceptor-ref name="defaultStack"/>
<result name="success">/WEB-INF/pages/device.jsp</result>
</action>

when I select edit I get the following exception : Although there are lots of examples of this exception on the web there is no real explanation.

All I know is that action mapper is trying to set a token on a null object. But I cant work out the reason why.

Is it worth raising a bug with struts

04-May-2010 14:07:31 com.opensymphony.xwork2.util.logging.commons.CommonsLogger warn
WARNING: Error setting value
ognl.OgnlException: target is null for setProperty(null, "token", [Ljava.lang.String;@304c885c)
at ognl.OgnlRuntime.setProperty(OgnlRuntime.java:1651)
at ognl.ASTProperty.setValueBody(ASTProperty.java:101)
at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:177)
at ognl.SimpleNode.setValue(SimpleNode.java:246)
at ognl.ASTChain.setValueBody(ASTChain.java:172)
at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:177)
at ognl.SimpleNode.setValue(SimpleNode.java:246)
at ognl.Ognl.setValue(Ognl.java:476)
at com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:192)
at com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:155)
at com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:143)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.setParameters(ParametersInterceptor.java:273)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:187)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:148)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:89)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:126)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:148)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:138)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:128)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at com.mfuse.novo.provisioning.web.interceptors.LoginInterceptor.intercept(LoginInterceptor.java:31)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:176)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:52)
at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:468)
at org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:77)
at org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter.doFilter(StrutsExecuteFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter.doFilter(StrutsPrepareFilter.java:65)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:164)
at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:141)
at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:90)
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:417)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
at java.lang.Thread.run(Thread.java:619)
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Is it worth raising a bug with struts

Not yet, because in all likelihood it's a configuration or expectation issue on your end.

Unless you TellTheDetails, though, it's impossible to help. Version? Interceptor stack and config?
Tony Evans
Ranch Hand

Joined: Jun 29, 2002
Posts: 573
Hi David thanks for helping

I really am stumped on this.

I am using struts2-core2.1.6
xwork-2.1.2
ognl-2.6.11


in my xworks-device.xml

<action name="editDevice" class="com.mfuse.novo.provisioning.web.DeviceAction" method="edit">
<result name="success">/WEB-INF/pages/device.jsp</result>
<interceptor-ref name="tokenSession"/>
<interceptor-ref name="defaultStack"/>
</action>


I have a form

<ww:form action="editDevice" method="post">
<ww:token/>
<ww:actionerror />
<ww:hidden name="entity.id" value="%{entity.id}"/>
<ww:hidden name="entity.version" value="%{entity.version}" />
<thead>
<tr><td ><ww:text name="%{entity.name}"/></td></tr>
</thead>
<tbody>
<ww:label label="%{getText('label.name')}" name="entity.name" value="%{entity.name}" />
<ww:label label="%{getText('label.userAgentString')}" name="entity.userAgentString" value="%{entity.userAgentString}" />

<ww:if test="entity.UAProfUrl != null && entity.UAProfUrl.length() > 0">
<ww:label label="%{getText('label.uaProfUrl')}" name="entity.UAProfUrl" value="%{entity.UAProfUrl}" />
</ww:if>

<ww:if test="entity.manufacturer != null">
<ww:label label="%{getText('label.manufacturer')}" name="entity.manufacturer.name" value="%{entity.manufacturer.name}" />
</ww:if>

<ww:if test="entity.model != null">
<ww:label label="%{getText('label.phoneModel')}" name="entity.model" value="%{entity.model}" />
</ww:if>

<ww:label label="%{getText('label.parent')}" name="entity.parent.name" value="%{entity.parent.name}" />
<ww:label label="%{getText('label.actualRoot')}" name="entity.actualRoot" value="%{entity.actualRoot}" />
<ww:label label="%{getText('label.enabled')}" name="entity.enabled" value="%{entity.enabled}" />
</tbody>

<tfoot>
<tr>
<td >
<a class="submitButton" href="<ww:url action="listDeviceCapabilities">
<ww:param name="entity.id" value="%{entity.id}"/>
</ww:url>">
<ww:text name="label.viewCapabilities"/>

<a class="submitButton" href="<ww:url action="listComments">
<ww:param name="device.id" value="%{entity.id}"/>
<ww:param name="device.name" value="%{entity.name}"/>
</ww:url>">
<ww:text name="label.viewComment"/>

<ww:submit
action="editDevice"
type="submit"
value="%{getText('label.edit')}"
cssClass="submitButton"
theme="simple"/>
<ww:submit
action="deleteDevice"
type="submit"
value="%{getText('label.delete')}"
cssClass="submitButton"
theme="simple"/>
</td>
</tr>
</tfoot>
</ww:form>


when I selecte editDevice I get the following error

04-May-2010 14:07:31 com.opensymphony.xwork2.util.logging.commons.CommonsLogger warn
WARNING: Error setting value
ognl.OgnlException: target is null for setProperty(null, "token", [Ljava.lang.String;@304c885c)
at ognl.OgnlRuntime.setProperty(OgnlRuntime.java:1651)
at ognl.ASTProperty.setValueBody(ASTProperty.java:101)
at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:177)
at ognl.SimpleNode.setValue(SimpleNode.java:246)
at ognl.ASTChain.setValueBody(ASTChain.java:172)
at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:177)
at ognl.SimpleNode.setValue(SimpleNode.java:246)
at ognl.Ognl.setValue(Ognl.java:476)
at com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:192)
at com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:155)
at com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:143)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.setParameters(ParametersInterceptor.java:273)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:187)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:148)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:89)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:126)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:148)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:138)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:128)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at com.mfuse.novo.provisioning.web.interceptors.LoginInterceptor.intercept(LoginInterceptor.java:31)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:176)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:52)
at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:468)
at org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:77)
at org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter.doFilter(StrutsExecuteFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter.doFilter(StrutsPrepareFilter.java:65)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:164)
at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:141)
at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:90)
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:417)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
at java.lang.Thread.run(Thread.java:619)




David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Please UseCodeTags, otherwise it's essentially illegible.
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

So far, I don't know why it would be throwing this exception; please post the rendered HTML for the token tag.
Tony Evans
Ranch Hand

Joined: Jun 29, 2002
Posts: 573
Tony Evans
Ranch Hand

Joined: Jun 29, 2002
Posts: 573
YThis is the view source for the rendered page


Tony Evans
Ranch Hand

Joined: Jun 29, 2002
Posts: 573
I downloaded the source code for ognl-2.6.11

And put a breakpoint on the exception


public static final void setProperty( OgnlContext context, Object target, Object name, Object value ) throws OgnlException
{
PropertyAccessor accessor;

if (target == null) {
throw new OgnlException("target is null for setProperty(null, \"" + name + "\", " + value + ")");
}
if ((accessor = getPropertyAccessor(getTargetClass(target))) == null) {
throw new OgnlException("No property accessor for " + getTargetClass(target).getName());
}
accessor.setProperty( context, target, name, value );
}

value is set to LV1PRIXKJNJXKWF2CBDBYPJBHXFDY3PY

name is set to token
but the target is null.

<input type="hidden" name="struts.token" value="LV1PRIXKJNJXKWF2CBDBYPJBHXFDY3PY"

So it does look as if ww.token is not being handled properly>
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

The default "params" interceptor will ignore parameters starting with "struts\.":So while it's possible, I'm skeptical, since it seems to work for other people.

Please include only the bits asked for or relevant; that was nearly 500 lines of HTML, which needlessly obfuscates the underlying issue(s).

I don't see how the OGNL contexttarget could be null barring an underlying issue.
Tony Evans
Ranch Hand

Joined: Jun 29, 2002
Posts: 573
The OgnlContext is not set to null

its the target that is set to null. The target is the object that the token value in this case is to be set to "2E8MM4FVF0LS74SKIJCZ1WFZEKCP4XSG"

in my code I have


Debugging into OgnlRuntime



value is set to 2E8MM4FVF0LS74SKIJCZ1WFZEKCP4XSG

where target is set to null. hence it falling over with an exception.

now



should filter out the token so it should never get to the OgnlRuntime.

Now in the examples they use struts.xml while we use xwork-device.xml

in struts.xml I have


could it be a problem in the set up of struts.xml



David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

If you're specifically setting the stack for that particular action the interceptor stack should be precisely what you're defined; "token" followed by "defaultStack" (assuming "defaultStack" hasn't been redefined, and the declaration of the "params" interceptor hasn't been modified to break the parameter filtering).
Tony Evans
Ranch Hand

Joined: Jun 29, 2002
Posts: 573
Sorry David Newton

Like I said totally new to struts


I am just working of the code that is already there.

First just for my own understanding

ww.token is used to solve the double click problem
To stop token being picked up as a parameter an assigned to a setter on a object via a action we have a interceptor


<interceptor-ref name="tokenSession" /> followed by <interceptor-ref name="defaultStack"/> which I have set in the file xwork-device.xml.

Is this correct so far.

In struts.xml

I have the following


Not sure what this is used for since the interceptors are already set up in xwork-device.xml

I have downloaded the struts2 src code an it does go into the TokenInterceptor code although its is slightly out of sync
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Without knowing what the other interceptors do, or how "bottomStack" is configured, it's impossible to help.

But if your action is configured as you showed earlier, it doesn't matter what "tokenStack" is--it wouldn't be used. If an action is configured with interceptors, those are the *only* interceptors used for that action.
Tony Evans
Ranch Hand

Joined: Jun 29, 2002
Posts: 573
Im my struts2-core2.1.6

I see I have a TokenInterceptor.java and a TokenSessionStoreInterceptor.java

is the TokenSessionStoreInterceptor.java used for <interceptor-ref name="tokenSession"/>

I am just trying to figure out the best postion to start debugging.
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Yes.

But IMO you're jumping into Java code before you need to.

There's no need to ask questions like that though--the classes are defined in the internal S2 configuration files.
Tony Evans
Ranch Hand

Joined: Jun 29, 2002
Posts: 573
well I was hoping by debugging into TokenSessionStoreInterceptor.java I can try an find out why it is not intercepting ww.token

At the moment it does enter TokenSessionStoreInterceptor but for some resaon I cant get debug working, properly so I cant trace it through the code.

But TokenSessionStoreInterceptor is being called before OgnlRuntime.

I forgot to add this is on a tomcat app not jboss not sure if that would make a differance.

Thanks for your help.
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

You've misunderstood how it works, another reason to take a step back and debug it at a higher level.
Tony Evans
Ranch Hand

Joined: Jun 29, 2002
Posts: 573
Cheers David, now I understand, I thought the TokenSession filtered out the token as well as handling it.
I didnt relaise that you had to set up your own parameter interceptors.

for anyone else the fix is

David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

It was misleading, then, to post the config fragment that had the "defaultStack" in it :/ And recall that I mentioned a couple of times about the params interceptor filtering.

In any case, glad it got resolved.
 
jQuery in Action, 2nd edition
 
subject: Need help on understanding ww:token
 
Similar Threads
ClassNotFound when everything is in place
request.setAttribute in firefox
Problem with my first struts application
How does strut actions cope with hidden fields such as token
Problem with validator