continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Deng Ching <och...@apache.org>
Subject Re: svn commit: r1092648 - in /continuum/branches/continuum-1.3.x: ./ continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/ continuum-webapp/ continuum-webapp/src/main/java/org/apache/continuum/web/interceptor/ continuum-webapp/src/mai
Date Mon, 18 Apr 2011 05:58:48 GMT
Hi Brett,

In the projectGroupSummary page, another action (see snippet below) that is
always executed is present:

<s:action name="projectSummary" executeResult="true" namespace="component">
>
>       <s:param name="projectGroupId"><c:out
>> value="${projectGroupId}"/></s:param>
>
>       <s:param name="projectGroupName"><c:out
>> value="${projectGroup.name}"/></s:param>
>
>     </s:action>
>
>
When one of the forms in the page is submitted, like the removeProjectGroup
form, that action would always get executed. This causes a double submit to
happen which in turn causes the token interceptor to fail as the current
token in the session no longer match the one submitted.

I'm not sure how we can restructure the projectGroupSummary page as each of
the buttons in there has it's own form and action.. (
http://svn.apache.org/repos/asf/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp
)

Maybe you have other ideas? :)

Thanks,
Deng

On Mon, Apr 18, 2011 at 1:02 PM, Brett Porter <brett@apache.org> wrote:
> This seems like a complicated solution, and I don't quite understand the
reason the problem existed with the previous solution. Was there a way the
projectGroupSummary page could be restructured so that this wasn't an issue?
>
> - Brett
>
> On 15/04/2011, at 8:01 PM, oching@apache.org wrote:
>
>> Author: oching
>> Date: Fri Apr 15 10:01:18 2011
>> New Revision: 1092648
>>
>> URL: http://svn.apache.org/viewvc?rev=1092648&view=rev
>> Log:
>> [CONTINUUM-2622]
>> o do an explicit check for a random generated value in the action on
remove project group (built-in token session interceptor doesn't work for
projectGroupSummary page because
>> the <s:action> tag (which executes result) for getting the projects in
the group in the page causes a double submit
>> o enabled selenium test for remove project group csrf check
>
> --
> Brett Porter
> brett@apache.org
> http://brettporter.wordpress.com/
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message