Struts2 prevents repeated forms from being submitted

Recently, the problem of repeated form submission is involved in the development. We will make a summary through research.

To prevent repeated form submission, the main labels used are <s: token/>, interceptor <Interceptor-ref name = "token"/>, there is also a default return value <result name = "invalid. token ">/input. JSP </result>

 

During page loading, <s: token/> generates a hidden input box with a guid (globally unique identifier) value, for example:

 

<Input type = "hidden" name = "struts. Token. Name" value = "struts. Token"/>
<Input type = "hidden" name = "struts. Token" value = "bxpnndg6bb11zxhpi4e1_cz5k7vnmhr"/>

 

Meanwhile, put the guid In the session. Before the action is executed, the "token" interceptor compares the session token with the request token. If the two are the same, the token in the session is deleted and executed. Otherwise, an error message is added to actionerrors. In this way, if the user submits two identical requests by some means, the two tokens will be different.

 

The following is the action code.

 

Import com. opensymphony. xwork2.actionsupport;

 

Public class testaction extends actionsupport {
Private Static final long serialversionuid = 6820659617470261780l;

Private string message;

Public String getmessage (){
Return message;
}

Public void setmessage (string message ){
This. Message = message;
}

@ Override
Public String execute (){
System. Out. println ("executing action, your message is" + message );
Return success;
}
}

 

Let's take a look at JSP writing.

<% @ Page Language = "Java" contenttype = "text/html; charset = UTF-8" pageencoding = "UTF-8" %>
<% @ Taglib prefix = "S" uri = "/Struts-tags" %>

<! Doctype HTML public "-// W3C // dtd xhtml 1.0 transitional // en" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML xmlns = "http://www.w3.org/1999/xhtml">
<Head>
<Title> struts2 test token </title>
<S: Head/>
</Head>
<Body>
<S: actionerror/>
<S: Form Action = "testaction">
<S: textfield name = "message" label = "message"/>
<S: token/> <% -- note here -- %>
<S: Submit/>
</S: Form>
</Body>
</Html>

 

The following is the configuration file of struts2.

<? XML version = "1.0" encoding = "UTF-8"?>

<! Doctype struts public
"-// Apache Software Foundation // DTD struts configuration 2.0 // en"
Http://struts.apache.org/dtds/struts-2.0.dtd>

<Struts>
<Package name = "test" extends = "struts-Default" namespace = "/testtoken">
<Action name = "test" class = "com. fhx. testaction">
<Result name = "invalid. Token">/input. jsp </result>
<Result>/input. jsp </result>

<Interceptor-ref name = "defaultstack"/>
<Interceptor-ref name = "token"/>

</Action>
</Package>
</Struts>

 

Note that the "token" interceptor and "invalid" are added to the above XML segment values. token result, because the "token" interceptor will directly return "invalid" when the session token is inconsistent with the request token. token.

 

Truts2 token defines its own

The token in struts2 prevents repeated submission. You can add <s: token name = "token"> </S: token> to the page, but in struts. add the token Interceptor to XML, <Interceptor-ref name = "token"> </interceptor>

Add the default interceptor <Interceptor-ref name = "defaultstack"> </interceptor>

This is OK, but the English displayed on the page,

The form has already been processed or no token was supplied, please try again.

How can we define what we want? It's not hard, you find struts2-core.jar

Open this file and find a struts-message.properties file under org. Apache. struts2. Open it and see if there is

Struts. Messages. invalid. Token = the form has already been processed or no token was supplied, please try again.

Okay, the previous key is what we want struts. messages. invalid. token to copy it to your defined. in the properties file, struts. messages. invalid. token = \ u5bf9 \ u4e0d \ u8d77 \ uff0c \ u4e0d \ u80fd \ u91cd \ u590d \ u63d0 \ u4ea4

This time, let's see if it's okay.