Use struts token

What is the value of token. Token?

The following describes how to use the struts token Program (to add a user as an example ):

First, you must use the toadduser. Do URL to access the add user page for the first time.

Implementation Method in toadduseraction class

Public actionforward execute (actionmapping mapping, actionform form,
Httpservletrequest request, httpservletresponse response)
Throws exception {

......
Savetoken (request); // Save the token VALUE IN THE SESSION

......
Return Mapping. findforward ("toadduser ");
}

Use an input value of the hidden category of HTML: logging. Token on the page. You can see the source code of the page.

<Form name = "adduserform" method = "Post" Action = "/dadjpt/adduser. Do" onsubmit = "Return validateform ();" target = "_ parent">

......

<Input type = "hidden" name = "org.apache.struts.taglib.html. Token"

Value = "45dd9d38ebd34db949842fbb7897f3f7">

......

</Form>

In this case, the request will carry this variable when adduser. Do is submitted.

In adduseraction, you can determine whether the token value in the request is the same as the token value in the session. Otherwise, you can go to the page expiration page and reset the token value, if the values are the same, insert the table, reset the token value, and return to the Add interface.

Public actionforward execute (actionmapping mapping, actionform form,
Httpservletrequest request, httpservletresponse response)
Throws exception {

Adduserform = (adduserform) form;

User user = adduserform. getuser ();

If (idtokenvalid (request, true )){

Userdao. Add (User );

......

} Else {

Savetoken (request );

Return Mapping. findforward ("timeoutpage ");

}
Return Mapping. findforward ("toadduser ");
}

In this way, after you press F5 to refresh the latter, you will not submit the form again.

 

The problem mentioned at the beginning of this article has been tested because <IFRAME/> signature is used on the page. the token value remains unchanged (this value can be passed through session. getattribute ("org. apache. struts. action. the token "token is successful, and in the iframetag, org.apache.struts.taglib.html is displayed on every successful page. the token values have been refreshed to the newly generated token values. Therefore, the token values can be effectively submitted. In ifrme, add the document to the body attribute onload. forms [0]. getelementsbytagname ("input") [0]. value = parameter parent.doc ument. getelementbyid ("org.apache.struts.taglib.html. token1 "). and manually add a hidden value of the same name to the external page.