Return-Path: Delivered-To: apmail-jakarta-struts-user-archive@apache.org Received: (qmail 70158 invoked from network); 27 Nov 2002 04:25:58 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 27 Nov 2002 04:25:58 -0000 Received: (qmail 12245 invoked by uid 97); 27 Nov 2002 04:26:11 -0000 Delivered-To: qmlist-jakarta-archive-struts-user@jakarta.apache.org Received: (qmail 12155 invoked by uid 97); 27 Nov 2002 04:26:10 -0000 Mailing-List: contact struts-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Struts Users Mailing List" Reply-To: "Struts Users Mailing List" Delivered-To: mailing list struts-user@jakarta.apache.org Received: (qmail 12068 invoked by uid 98); 27 Nov 2002 04:26:09 -0000 X-Antivirus: nagoya (v4218 created Aug 14 2002) X-Sent: 27 Nov 2002 04:25:01 GMT From: "James Mitchell" To: "Struts Users Mailing List" Subject: RE: invokes processActionForward twice when submit???? Date: Tue, 26 Nov 2002 23:25:00 -0500 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_000A_01C295A3.0A689870" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <5C5C9EC8EB084742A04507B49990A40512D815@adcexch1.PHSADC.NET> X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N ------=_NextPart_000_000A_01C295A3.0A689870 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Have you searched the mail archives? That exact question gets asked about once a week here. Here's 4 message from past discussions. -- James Mitchell Software Engineer/Struts Evangelist http://www.open-tools.org "If you were plowing a field, which would you rather use? Two strong oxen or 1024 chickens?" - Seymour Cray (1925-1996), father of supercomputing > -----Original Message----- > From: Tuan H. Le [mailto:tuan.le@phsadc.com] > Sent: Tuesday, November 26, 2002 9:50 PM > To: Struts Users Mailing List (E-mail) > Subject: invokes processActionForward twice when submit???? > > Hi, > > I have noticed that when we submit an HTML form to a Struts action servlet, it called processActionForward twice. Is it possible? If so, how do we prevent it? > > Thanks, > Tuan > << File: ATT00002.txt >> ------=_NextPart_000_000A_01C295A3.0A689870 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: attachment Reply-To: "Struts Users Mailing List" From: "Xavier Combelle" To: "Struts Users Mailing List" Subject: Did not found doc about Tokens Date: Fri, 8 Nov 2002 05:40:22 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-Received: 8 Nov 2002 10:39:58 GMT Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <003a01c2864f$2eb44660$1b01a8c0@intern.morelogs.de> List-Unsubscribe: List-Help: List-Subscribe: X-UIDL: PcuUf9HkINFkpgE X-Antivirus: nagoya (v4218 created Aug 14 2002) X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N I post this message because I did not found any doc about the createToken, isTokenValid, resetToken API. So I will explain what I understood about it from the struts-exemple if something is wrong, I would like that someone will say to me and if there is some doc tell me where ... The token API is created to avoid that the user to submlit twice the same form. It is used with one ActionForm and two Action: - the SomethingForm which contain the user's input - the EditSomethingAction which populate the SomethingForm from the DB or clear all the field if it is a create Case - the SaveSomethingAction which save the SomethingForm in the DB To avoid that the user call submit twice the SomethingForm and save twice the same data in the DB, the struts framework propse the xxxToken API. It is used as following in EditSomethingAction, make a call to createToken(request) and that all ! in SaveSomethingAction, make a call to isTokenValid(request) and resetToken(request) as in the following algorithm if ( ! isTokenValid(request) ) { /* * return forward towards an error page * saying to the user that he has submit twice * or * forward toward the succes page if we don't want the user see anithing */ } else { /* * process the save in the DB */ if ( allTheSaveHasSucceed ) { resetToken(request) ; } } You much take care that there is only one token in the session so that this process can't support nested transactions. So you should keep simple use of it. The same API can be used to avoid that the user click twice on a link by setting the 'transaction' attribute at "true" of the tag the Action called by the link should follow the same process than SaveSomethingAction -- To unsubscribe, e-mail: For additional commands, e-mail: ------=_NextPart_000_000A_01C295A3.0A689870 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: attachment Reply-To: "Struts Users Mailing List" From: "Manfred Wolff" To: "Struts Users Mailing List" Subject: AW: Help about transaction tokens aim Date: Wed, 3 Jul 2002 03:44:23 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-Received: 3 Jul 2002 08:44:50 GMT Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <2C1BAF8F8E1DD611862B0002A5D4C3FC30E836@RENEXCH3.rennes.thmulti.com> List-Unsubscribe: List-Help: List-Subscribe: X-UIDL: PSK5g9HkINMkKQE X-Antivirus: nagoya (v4198 created Apr 24 2002) X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) X-Virus-Scanned-altec: by AMaViS perl-11 on altec Hi. The struts transaction token prevents that users klick the back-button in the browser. Some Applications , e.g. workflow driven apps, can not deal with back-buttons, because it may be, that a database transaction is fullfilled, and there is no chance for a rollback. The method saveToken(request); called in the execute-Method (Struts 1.1) of the action saves the token. At the next action you can look, if the token is already valid. if (!isTokenValid(request)) { // error } With the method resetToken(request); you can reset the token. The mechanism is quite tricky: The tag reads the token out of the session and writes it in the request. So if someones goes back (browser back) the form responds an old (a different) token. If you not deal with some tags has a attribute transaction, that you can switch to true. Very fine mechanism, really Manfred -----Urspr�ngliche Nachricht----- Von: struts-user-return-39487-wolff=pointers.de@jakarta.apache.org [mailto:struts-user-return-39487-wolff=pointers.de@jakarta.apache.org]Im Auftrag von Heligon Sandra Gesendet: Mittwoch, 3. Juli 2002 10:29 An: 'struts-user@jakarta.apache.org' Betreff: Help about transaction tokens aim Hi, I search documentation and examples about transaction token mechanism. I know transaction mechanism with database but I don't know "transaction token", can somebody explain why is it important to use this mechanism in the web application ? Thanks -- To unsubscribe, e-mail: For additional commands, e-mail: -- To unsubscribe, e-mail: For additional commands, e-mail: ------=_NextPart_000_000A_01C295A3.0A689870 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: attachment Reply-To: "Struts Users Mailing List" From: "Craig R. McClanahan" To: "Struts Users Mailing List" Cc: "Ivan D. Sager" Subject: Re: mapping Date: Fri, 28 Jun 2002 14:10:20 -0500 Message-ID: <20020628120146.L4821-100000@icarus.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-Received: 28 Jun 2002 19:10:46 GMT Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <20020628105403.D88220-100000@icarus.apache.org> List-Unsubscribe: List-Help: List-Subscribe: X-UIDL: PRy0ttHkINMKCQE X-Antivirus: nagoya (v4198 created Apr 24 2002) X-Spam-Rating: localhost 1.6.2 0/1000/N Sorry ... it the send key by accident ... The browser shows the ".do" url because it has no clue you did a forward. If you really need it to change, you'll need to use a redirect instead of a forward, which costs you a *lot* in terms of performance (extra round trip to the client) and flexibility (cannot use request attributes to forward information to the page). Usually, it's better to train your users that the location bar is totally irrelevant in web applications (versus web sites). Sometimes, you have to get a little more blatant (use frames so that the location bar never changes, or open a window without a location bar ...). To deal with resubmits, the most important issue is to avoid updating the database twice when the user accidentally resubmits the same form. Struts has a feature called "transaction control tokens" that help you avoid this, which is very simply used as follows: * In the Action that sets up your input form (i.e. before you forward to it), execute the following saveToken(request) to save a special value in the user's session that will be used in the next step. * In the Action that receives the form and updates the database, add the following logic before you do the update: if (isTokenValid(request, true)) { ... this is a resubmit, so go display an error ... } The "true" parameter causes the token to be removed from the session so that it doesn't interfere with subsequent form submits. This way, the submit will work the first time, but fail on any accidental or on-purpose resubmit, and you avoid adding the information to the database twice. It also prevents the user from navigating directly to the "myDB.do" URL without going through your normal setup actions -- because the transaction token would not have been placed in the session, so the isTokenValid() test would fail. Craig On Fri, 28 Jun 2002, Craig R. McClanahan wrote: > Date: Fri, 28 Jun 2002 10:54:23 -0700 (PDT) > From: Craig R. McClanahan > Reply-To: Struts Users Mailing List > To: Struts Users Mailing List , > Ivan D. Sager > Subject: Re: mapping > > > > On Fri, 28 Jun 2002, Ivan D. Sager wrote: > > > Date: Fri, 28 Jun 2002 13:49:48 -0400 > > From: Ivan D. Sager > > Reply-To: Struts Users Mailing List , > > Ivan D. Sager > > To: Struts Users Mailing List > > Subject: mapping > > > > I have an ActionClass that loads a database on the final page that is > > displayed to the user. > > > > The problem is that the url is still showing http://xxx/myDB.do so when the > > user clicks refresh on the browser it, reloads the action and adds records > > into the database. > > > > "STRUTS" what have you got to support that postback? > > > > Thanks > > ________________________________________ > > Ivan D. Sager > > Yahoo Messenger :ivansager > > Hotmail Messenger :ivansager@hotmail.com > > > > > > > > > > -- > > To unsubscribe, e-mail: > > For additional commands, e-mail: > > > > > > > -- > To unsubscribe, e-mail: > For additional commands, e-mail: > > -- To unsubscribe, e-mail: For additional commands, e-mail: ------=_NextPart_000_000A_01C295A3.0A689870 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: attachment Reply-To: "Struts Users Mailing List" From: "Craig R. McClanahan" To: "Struts Users Mailing List" Subject: Re: Synchronization Token for forms - any coding required? Date: Fri, 16 Aug 2002 11:12:00 -0500 Message-ID: <20020816090845.F50362-100000@icarus.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-Received: 16 Aug 2002 16:12:26 GMT Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <001101c2453d$455a69b0$9003a8c0@cruegger2000> List-Unsubscribe: List-Help: List-Subscribe: X-UIDL: PV0ka9HkINJDlgE X-Antivirus: nagoya (v4198 created Apr 24 2002) X-Spam-Rating: localhost 1.6.2 0/1000/N On Fri, 16 Aug 2002, Chris Ruegger wrote: > Date: Fri, 16 Aug 2002 11:54:57 -0400 > From: Chris Ruegger > Reply-To: Struts Users Mailing List > To: Struts Users Mailing List > Subject: Synchronization Token for forms - any coding required? > > I have read that Struts uses the Token Synchronization > pattern to detect and avoid duplicate form submissions. > > Question: Is all of this handled transparently for me > or do I need to code some logic in the perform() method > to enable this and/or ignore a duplicate submission? > See the Struts example application's use of this feature -- for example: * In EditRegistrationAction, you see the line: saveToken(request); * In SaveResgistrationAction, you see the code: if (!isTokenValid()) { ... deal with the error ... } >From the page author's view, this is transparent -- the tag does the necessary magic to include the token as a hidden field in the submit. It's not transparent to the person writing your actions, but it's real easy to call saveToken() in the action that sets up your input form's data. And you have total control over dealing with the token not being valid as well. > Thanks > > Craig -- To unsubscribe, e-mail: For additional commands, e-mail: ------=_NextPart_000_000A_01C295A3.0A689870 Content-Type: text/plain; charset=us-ascii -- To unsubscribe, e-mail: For additional commands, e-mail: ------=_NextPart_000_000A_01C295A3.0A689870--