This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes EJB and other Java EE Technologies and the fly likes protection against 'crazy user' Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "protection against Watch "protection against New topic
Author

protection against 'crazy user'

Lucas Smith
Ranch Hand

Joined: Apr 20, 2009
Posts: 804
    
    1

Hi,

I have a web application that uses JBoss 7.1, MySQL, EJB3.1, JPA2.0 and JSP.

I have a table with users. The user can be deleted. When 'Delete' link is clicked - the request goes as follows: -> servlet -> ejb ->persistence manager -> send redirect to jsp.
Everything works fine but it takes a second to present final jsp. The user can hit 'Delete' link a couple of times on the same record and the result is:

javax.ejb.EJBException: java.lang.IllegalArgumentException: attempt to create delete event with null entity

Is there anything that can prevent such situations? Is it a common problem?

SCJP6, SCWCD5, OCE:EJBD6.
BLOG: http://leakfromjavaheap.blogspot.com
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30130
    
150

There are two approaches you can use (using both is probably best)
1) Use JavaScript to submit preventing the form again while waiting for a reply. (or use a token to prevent duplicate submits)
2) Add a null check so it fails quieter. If it has already been deleted, mission accomplished. No need to error.

And yes, it is common. Especially if the website is slow or the user has low bandwidth.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Lucas Smith
Ranch Hand

Joined: Apr 20, 2009
Posts: 804
    
    1

Thank you.

I have realized that 'crazy user syndrome' is very usual, even in different situation. Let's say that we have two users and they both click 'Delete' button at the same time. It is something similar to multiple clicks performed by the same user. Null checking has solved the problem.
Henry Wong
author
Sheriff

Joined: Sep 28, 2004
Posts: 18538
    
  40

Lucas Smith wrote:
I have realized that 'crazy user syndrome' is very usual, even in different situation. Let's say that we have two users and they both click 'Delete' button at the same time. It is something similar to multiple clicks performed by the same user. Null checking has solved the problem.


To be blunt, this should not be usual at all -- what you call "crazy user syndrome", I call good QA behavior. Clicking stuff in patterns not expected is the job of QA -- and if any QA person can't catch a delete twice issue, he/she is not doing their job.

Henry


Books: Java Threads, 3rd Edition, Jini in a Nutshell, and Java Gems (contributor)
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: protection against 'crazy user'
 
Similar Threads
How to link different buttons to different action methods
event generation in jsp
Enabling links according to user's authorization
Spring security autorisation
delete records