It's not a secret anymore!*
The moose likes Struts and the fly likes can anyone explain token mechansim in struts Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "can anyone explain token mechansim in struts" Watch "can anyone explain token mechansim in struts" New topic
Author

can anyone explain token mechansim in struts

ajay bora
Greenhorn

Joined: Mar 31, 2006
Posts: 3
I am experiencing a strange phenomenon with the usage of tokens in my programs. Tokens are supposed to be stored as an hidden parameter in the form and it is to be stored only when he explicitly call saveToken() in the action class. But my tokens are some how disabling my other hidden parameters in my forms . Due to this reason i am not able to submit my forms. I have two jsps which have the same form bean and the second jsp is the jsp which saves all the information .To prevent users from saving twice i used tokens . The problem i am facing right now is that when user clicks submit in step2. It is going back to step1 . Actually i have three steps.
Step1 ,step2 and step save. Step1 and step2 are in same jsp and they are displayed using DIV's and step3 is a different jsp. These two different jsp's are having different beans. Is there any problem in this. In order to solve this problem i had to use sessions and set some values to suggest form completion ,but i dont feel its a good way to do . Can any one clarify this problem for me .
Brent Sterling
Ranch Hand

Joined: Feb 08, 2006
Posts: 948
Your question is not completely clear to me, but maybe I can help out. The token mechanism is pretty simple. Here is my basic understanding. I will use the names "REQUEST_KEY" and "SESSION_KEY" for clarity (plus I am too lazy to look up the real names).

When you call saveToken(), Struts will generate a new key. This key is saved as an attribute on the session named "SESSION_KEY". This value key shows up in your jsp as a hidden value with the name "REQUEST_KEY". When you submit your page, then REQUEST_KEY is submitted as a parameter on the request. The code in isTokenValid checks that the values of REQUEST_KEY and SESSION_KEY match. If they do not, it returns false. When you call resetToken, the session attribute is cleared, so that if the same page is submitted again then isTokenValid will return false.

I am not quite sure what is up in your case.

"disabling my other hidden parameters in my forms": What exactly do you mean that it disables the other hidden parameters?

"i am not able to submit my forms": Why not? What happens?

"when user clicks submit in step2. It is going back to step1": Why is this? Is your action being called? What does your action code and mapping look like? It is failing validation?

- Brent
 
jQuery in Action, 2nd edition
 
subject: can anyone explain token mechansim in struts