struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 22093] New: - examination of token not possible prior to population
Date Sun, 03 Aug 2003 16:32:56 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22093>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22093

examination of token not possible prior to population

           Summary: examination of token not possible prior to population
           Product: Struts
           Version: 1.1RC2
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Controller
        AssignedTo: struts-dev@jakarta.apache.org
        ReportedBy: bss@insightoutsight.com.au


A severe difficiency exists whereby a requests transaction token cannot be
examined prior to form bean population.  Examination of the token can only be
performed and action on in an actions execute (or equivalent dispatch) method.

This isn't sane because in most cases where a transaction token is invalid
population of the form bean is not desired (especially in the case of session
scoped form beans).  The inability for something to examine the token and
intervine prior to population leaves back button handling + indexed elements
something to be desired.

For example, a user submits a form that results in an indexed field being
removed from the form bean instance.  The user then stupidly decides to click
the back button and submit the form again.  The result is an index out of bounds
exception because the cached version of the page contains the extra field that
no longer has a corresponding element in a collection in the form bean.

This is just one example there are other scenarios where it would be desirable
to ignore population depending on some condition (not necessarily transaction
checking)

Ideally there would be some "default" method called prior to population that
returned some boolean, where (if implemented) it returned true then and only
then would population occur.

---------------------------------------------------------------------
To unsubscribe, e-mail: struts-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-dev-help@jakarta.apache.org


Mime
View raw message