6

I tried to implement token interceptor with the <s:url .. tag but its showing error on the first click. i.e.

The form has already been processed or no token was supplied, please try again.

I want to implement this interceptor, because if users already deleted a row and refresh the page once again then the same action should not perform once again.

<s:url id="linkdelete" action="DeleteLatestUpload.action" namespace="/admin/insecure/upload">
     <s:param name="latestUploadId" value="latestUploadId"></s:param>
     <s:token name="token"></s:token>
</s:url> 
<a href='<s:property value="#linkdelete"/>' style="color: white;text-decoration:  none;" class="delbuttonlink">Clear current Uploads</a>

and my struts.xml:

 <action name="DeleteLatestUpload" class="v.esoft.actions.UploadExcel" method="deleteUploads">                   
     <interceptor-ref name="token"></interceptor-ref>
     <interceptor-ref name="basicStack"></interceptor-ref>  
     <result name="success" type="tiles"> uploadforward</result>
     <result name="invalid.token" type="tiles">uploadforward </result>
 </action>
Roman C
  • 49,761
  • 33
  • 66
  • 176
beginner
  • 665
  • 6
  • 14
  • 31
  • Just do redirect after post. See http://en.wikipedia.org/wiki/Post/Redirect/Get and http://struts.apache.org/development/2.x/docs/redirect-after-post.html. – Aleksandr M Sep 16 '13 at 09:07
  • @AleksandrM previously i was redirecting , but while redirecting i loosed the `` while redirecting. – beginner Sep 16 '13 at 10:25
  • For storing action messages there is `store` interceptor: http://struts.apache.org/development/2.x/docs/message-store-interceptor.html. – Aleksandr M Sep 16 '13 at 10:30
  • @AleksandrM thanks for that info, is the `store` interceptor is newly created in struts2? Because , before 4 month ago, i did not heard the name of this interceptor – beginner Sep 16 '13 at 10:36
  • If you still want to use token in link then see my answer. – Aleksandr M Sep 16 '13 at 19:25

2 Answers2

7

The s:token tag merely places a hidden element that contains the unique token.

There's not need to use token with url, because the form should be submitted. If you want to pass some token as a parameter then you need to use s:param tag.

Define the parameter

  private String token;

  public String getToken() {
    return token;
  }

  public void setToken(String token) {
    this.token = token;
  }

  public String execute() throws Exception {
    Map<String, Object> context = ActionContext.getContext().getValueStack().getContext();
    Object myToken = context.get("token");
    if (myToken == null) {
        myToken = TokenHelper.setToken("token");
        context.put("token", myToken);
    }
    token = myToken.toString();
    return SUCCESS;
  }

in the JSP 

<s:url var="linkdelete" namespace="/admin/insecure/upload" action="DeleteLatestUpload" ><s:param name="struts.token.name" value="%{'token'}"/><s:param name="token" value="%{token}"/></s:url>
Roman C
  • 49,761
  • 33
  • 66
  • 176
  • How? did you mean that , i have to use `` instead of `` ? , followed by rest of my above codes. here `23424223` is some unique number. – beginner Sep 16 '13 at 10:29
  • Tokens are implemented as `hidden` field which contain the value of the the unique token. It's passed as parameter when you submit the form. if you don't submit it struts2 may not get it as a parameter. – Roman C Sep 16 '13 at 10:41
  • 1
    can you modify my above code and implement it with the `s:param ..` ? as you said, let me see by watching your updates for full understanding. – beginner Sep 16 '13 at 10:48
  • Thanks for your support, though i have not tested your code but it looks cool. I will accept your answer once after testing & implementing this piece of code with my app. – beginner Sep 16 '13 at 19:40
5

The most simple way to use token with url is to use <s:token/> tag to set token value into session and retrieve it in <s:param> tag.

<s:token/>

<s:url var="..." action="...">
  <s:param name="struts.token.name" value="'token'"/>
  <s:param name="token" value="#session['struts.tokens.token']"/>
</s:url>
Aleksandr M
  • 24,264
  • 12
  • 69
  • 143