Use struts token

Source: Internet
Author: User

What is the value of token. Token?

The following describes how to use the struts token Program (to add a user as an example ):

First, you must use the toadduser. Do URL to access the add user page for the first time.

Implementation Method in toadduseraction class

Public actionforward execute (actionmapping mapping, actionform form,
Httpservletrequest request, httpservletresponse response)
Throws exception {

......
Savetoken (request); // Save the token VALUE IN THE SESSION

......
Return Mapping. findforward ("toadduser ");
}

Use an input value of the hidden category of HTML: logging. Token on the page. You can see the source code of the page.

<Form name = "adduserform" method = "Post" Action = "/dadjpt/adduser. Do" onsubmit = "Return validateform ();" target = "_ parent">

......

<Input type = "hidden" name = "org.apache.struts.taglib.html. Token"

Value = "45dd9d38ebd34db949842fbb7897f3f7">

......

</Form>

In this case, the request will carry this variable when adduser. Do is submitted.

In adduseraction, you can determine whether the token value in the request is the same as the token value in the session. Otherwise, you can go to the page expiration page and reset the token value, if the values are the same, insert the table, reset the token value, and return to the Add interface.

Public actionforward execute (actionmapping mapping, actionform form,
Httpservletrequest request, httpservletresponse response)
Throws exception {

Adduserform = (adduserform) form;

User user = adduserform. getuser ();

If (idtokenvalid (request, true )){

Userdao. Add (User );

......

} Else {

Savetoken (request );

Return Mapping. findforward ("timeoutpage ");

}
Return Mapping. findforward ("toadduser ");
}

In this way, after you press F5 to refresh the latter, you will not submit the form again.

 

The problem mentioned at the beginning of this article has been tested because <IFRAME/> signature is used on the page. the token value remains unchanged (this value can be passed through session. getattribute ("org. apache. struts. action. the token "token is successful, and in the iframetag, org.apache.struts.taglib.html is displayed on every successful page. the token values have been refreshed to the newly generated token values. Therefore, the token values can be effectively submitted. In ifrme, add the document to the body attribute onload. forms [0]. getelementsbytagname ("input") [0]. value = parameter parent.doc ument. getelementbyid ("org.apache.struts.taglib.html. token1 "). and manually add a hidden value of the same name to the external page.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.