aspose file tools*
The moose likes Struts and the fly likes saveToken() without html:form? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "saveToken() without html:form?" Watch "saveToken() without html:form?" New topic
Author

saveToken() without html:form?

JW Li
Ranch Hand

Joined: Mar 11, 2003
Posts: 33
I tried to use saveToken(), isTokenValid(), and resetToken() to solve form being submitted more than once problem. However, since my application is being accessed via a virtual link, which mapped upto the context name part, so instead of using html:form (which will append context name in front of the action path), we use plain html form tag. This is like company policy, so we can't change this. Without using html:form, struts won't automatically forward the token value from jsp to action class, so isTokenValid() will always return false. Anyone knows a way to easily solve this problem? Thanks a lot!
[ March 06, 2006: Message edited by: JW Li ]
Brent Sterling
Ranch Hand

Joined: Feb 08, 2006
Posts: 948
My guess is that you would just need to add a hidden field to your JSP with the name "org.apache.struts.taglib.html.TOKEN". I am assuming that Struts stores this as a session attribute.

- Brent
JW Li
Ranch Hand

Joined: Mar 11, 2003
Posts: 33
Thanks for your reply. I actually added a hidden value in the jsp file, but after I got the session variable that struts stored in session out, the action still retruned false from isTokenValid().

This is the action class that I save the token to start transaction:



This is the code in my jsp to forward the token:


This is the action class that check the token and process the form:



I think the way I got the token value out from session might not be correct, but I don't know what's wrong. If you find any errors in my code, please let me know. Many Many Thanks!
Brent Sterling
Ranch Hand

Joined: Feb 08, 2006
Posts: 948
hmmm...the code you posted looks about like what I would have tried. Does the token in your page look correct when you view the source of the html page? I have looked at the source code for the methods saveToken(), isTokenValid(), and resetToken() and the code looks pretty simple. Maybe you can get some ideas from there.

- Brent
JW Li
Ranch Hand

Joined: Mar 11, 2003
Posts: 33
Brent, Thanks for your reply!

I printed out token values in editAction (after saveToken()), jsp page, and saveAction (after checking isTokenValid()), and they all had the same string value:

editAction:



in jsp:



in saveAction:


As you can see, the token value in session and request parameter are the same. I don't know how isTokenValid() evaluate a token to be invalid... I hope there's some documentation about the comparison standard, and we don't have to look through the source code But if that ends up to be the only and final way, I guess I will just need to do that. Thanks again for your reply! Relly appreciate your input here

[ March 08, 2006: Message edited by: JW Li ]

[ March 08, 2006: Message edited by: JW Li ]
[ March 08, 2006: Message edited by: JW Li ]
Brent Sterling
Ranch Hand

Joined: Feb 08, 2006
Posts: 948
Okay I see it now...you are using the wrong name for your hidden field. It should be "org.apache.struts.taglib.html.TOKEN". Looking at the Struts code is see that the session attribute is stored with the name "org.apache.struts.action.TOKEN", but the request parameter uses the name "org.apache.struts.taglib.html.TOKEN".

like this:
session.getAttribute("org.apache.struts.action.TOKEN");
request.getParameter("org.apache.struts.taglib.html.TOKEN");

- Brent
JW Li
Ranch Hand

Joined: Mar 11, 2003
Posts: 33
Brent,

Thank you SOOOOOO Much! It's working now!
 
Consider Paul's rocket mass heater.
 
subject: saveToken() without html:form?