tapestry-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Westgate <n...@key-planning.co.jp>
Subject Re: "Token" approach to avoiding double submits
Date Fri, 03 Mar 2006 02:34:22 GMT
Hi Inge.

I use the FlowSynchronizer pattern that Sohail linked to,
and here's how I avoid code duplication.

In my T3 apps the FlowSyncronizer is stored in the Visit object.
My border component includes the token in every page:
<input jwcid="@Hidden" value="ognl:page.visit.flowSynchronizer.token"/>

In addition, I didn't like the exceptions, so instead:
     private boolean resubmit;
     public void setToken(String token)
     {
         // first compare the token
         if (this.token == null || !this.token.equals(token))
         {
             resubmit = true;
         }
         else
         {
             // reset token on match -> subsequent duplicate submission will fail
             this.token = null;
             resubmit = false;
         }
     }

My BasePage class has:
     public boolean isResubmit()
     {
         // check if this cycle is a resubmit (before doing inserts etc)
         Visit visit = (Visit)getVisit();
         return visit.flowSynchronizer.isResubmit();
     }

Then in any page where you need to know, just call isResubmit().

Cheers,
Nick.


Inge Solvoll wrote:
> This is one of the cases where it would be really really sweet to be able to
> extend components, including specifications...
> 
> On 3/2/06, Geoff Longman <glongman@gmail.com> wrote:
> 
>>You could craft your own Form component that handles the hidden and
>>use the tapestry-flash thingy to save the token
>>
>>Geoff
>>
>>On 3/2/06, Inge Solvoll <inge.tapestry@gmail.com> wrote:
>>
>>>I've tried to copy the token-approach from struts into Tapestry, to
>>
>>avoid
>>
>>>crashes when the user hits the "refresh"-button in the browser. Using
>>
>>this
>>
>>>approach, the html rendered can only be submitted once. My problem is
>>
>>that
>>
>>>the code I've written so far requires too much code copying and
>>
>>repeating,
>>
>>>and I was wondering if someone has ideas on how to make the
>>
>>implementation a
>>
>>>bit less intrusive for my pages.
>>>
>>>I could include this code in my base class that all my page classes
>>
>>inherit
>>
>>>from, but then I would have to inject WebRequest into every single page
>>
>>in
>>
>>>my application, and that's not the tapestry way to do page design, is
>>
>>it?
>>
>>>I'm pretty sure that this is functionality that I need in all my pages
>>>(refresh of a post causes crash most of the times in my tapestry code).
>>>Maybe this can be done with a servlet filter, or better, with a HiveMind
>>>service that intercepts the request?
>>>
>>>Here's my code so far:
>>>
>>>public void pageBeginRender(PageEvent event) {
>>>    if (getRequestCycle().isRewinding()) {
>>>      String token = getRequest().getParameter("token");
>>>      if (token == null || !token.equals(getToken())) {
>>>        log.error("Token for page is not valid, redirect to obtain last
>>
>>good
>>
>>>state");
>>>        throw new PageRedirectException(this);
>>>      }
>>>    }
>>>    else {
>>>      setToken(generateToken());
>>>    }
>>>
>>>}
>>>
>>>.html:
>>><input jwcid="@Any" type="hidden" name="token" value="ognl:token"/>
>>>
>>>.page:
>>><property name="token" persist="session"/>
>>>
>>>
>>>An article on the subject:
>>>http://www.javalobby.org/java/forums/m91956568.html
>>>
>>>
>>
>>
>>--
>>The Spindle guy.          http://spindle.sf.net
>>Get help with Spindle:
>>http://lists.sourceforge.net/mailman/listinfo/spindle-user
>>Blog:                     http://jroller.com/page/glongman
>>Feature Updates:          http://spindle.sf.net/updates
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>
>>
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org


Mime
View raw message