Using the token mechanism of struts to resolve form repeat submission

The token (token) mechanism of struts is a good solution to the problem of recurring forms, and the rationale is that the server side will compare the token value contained in the request to the token value saved in the current user session to see if the match is made before the incoming request is processed. After the request is processed, and before the reply is sent to the client, a new token is generated, which, in addition to being passed to the client, replaces the old token saved in the user's session. In this way, if the user returns to the previous submission page and submits the message again, the token from the client is inconsistent with the server-side token, thereby effectively preventing the recurrence of the commit.

This is actually two points, first: you need to have this token value in the request, how to save the token in the request, in fact, and we usually save some information in the page is the same, through the hidden fields to save, save the form such as: 〈input type= "hidden" name= " Org.apache.struts.taglib.html.TOKEN "value=" 6aa35341f25184fd996c4c918255c3ae ", This value is obtained by the Generatetoken () in the Tokenprocessor class, based on the current user's session ID and the long value of the current time. Second: After the client commits, we want to determine whether the value contained in the request is consistent with the server's token, because the server generates a new token each time it commits, so if it is a duplicate commit, the client's token value and the server-side token value will be inconsistent. The next step is to insert a piece of data into the database to illustrate how to prevent duplicate submissions.

In the Add method in action, we need to save the token value explicitly in the page with just one more statement: Savetoken (Request), as follows:

public ActionForward add(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response)
//前面的处理省略
saveToken(request);
return mapping.findForward("add");
}

In the Insert method of the action, we compare the token value in the form to the token value on the server side, as follows:

public ActionForward insert(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response)
if (isTokenValid(request, true)) {
// 表单不是重复提交
//这里是保存数据的代码
} else {
//表单重复提交
saveToken(request);
//其它的处理代码
}
}

In fact, it is very simple to use, for example, the simplest and most need to use this:

General control of repetitive submission is mainly used in the control of database operations, such as inserts, updates, deletes, etc., as updates, deletes are generally through the ID to operate (for example: Updatexxxbyid, Removexxxbyid), So the meaning of this kind of operation control is not very big (do not rule out the individual phenomenon), the control of repetitive submission is mainly in the control of the insertion time.

First of all, we are currently doing the project:

The current project is to use Struts+spring+ibatis, the page with Jstl,struts complex view layer, Spring at the service layer to provide transaction control, Ibatis is used to replace JDBC, all page access is not directly access to JSP, Instead, it accesses the structs action, and then the action forward to a JSP, all operations against the database, such as fetching data or modifying data, are done in action, and all actions are inherited basedispatchaction , this is your own class, the goal is to do some unified control of all the action, in the struts layer, for a function, we generally divided into two action, an action function is not required to invoke the validation of struts (common method name has add, Edit,remove,view,list), another is the validation feature that needs to invoke struts (the common method name is Insert,update).

Take the forum posts to say, forum posts first need to jump to a page, you can fill in the topic and content of the post, fill out, click "Submit", the post is published, so here after two steps:

1, go to a new page, in action we generally called add, for example:

public ActionForward add(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
//这一句是输出调试信息，表示代码执行到这一段了
log.debug(":: action - subject add");
//your code here
//这里保存Token值
saveToken(request);
//跳转到add页面，在Structs-config.xml里面定义，例如，跳转到subjectAdd.jsp
return mapping.findForward("add");
}