The Token mechanisms to address with the Struts form to submit duplicate

Struts-Token (token) mechanism can be properly resolved to submit the form to repeat the question, the basic principle is: the server-side in dealing with requests arrive before the request will be included in the token value stored in the current user session in the Token value is compared to see if it matches. After processing the request, and in reply sent to the client before, it will generate a new token, which is passed to the client other than the addition will be saved in the user's session token to replace the old. So, if you just fall back to the submission of a user page and resubmit, then pass over the token the client and server-side token on the inconsistent, thus effectively prevent the occurrence of duplicate submission.

In fact, that is, when two points, first: You need to have the token in the request value, the value of the token in the request how to save, in fact, on the page, and we can usually save some of the information is the same, through hidden fields to save, save the form, such as: <input type="hidden" name="org.apache.struts.taglib.html.TOKEN" value="6aa35341f25184fd996c4c918255c3ae">, this value is TokenProcessor class generateToken () to obtain, is based on the current user's session id and the current time, long value to be calculated. Second: after the submission of the client, we have to judge according to the values contained in the request and the server is the same token, because the server each time you submit will generate a new Token, so, if it is repeated submission of the client Token value and Token server-side value will be inconsistent. Here's to insert a data in the database to illustrate how to prevent duplication of submission.

In the Action in the add method, we need to clear requirements Token value stored in the page, simply adding a statement: saveToken (request);, as follows:

public ActionForward add (ActionMapping mapping, ActionForm form,

HttpServletRequest request, HttpServletResponse response)

/ / In front of the processing is omitted saveToken (request);

return mapping.findForward ( "add");

) In Action of the insert method, we have according to the form of the Token value and the server side of the Token value, as follows:

public ActionForward insert (ActionMapping mapping, ActionForm form,

HttpServletRequest request, HttpServletResponse response)

if (isTokenValid (request, true)) (

/ / Form is not a duplicate submission / / Here is the code to save the data) else (

/ / Form submitted to repeat saveToken (request);

/ / Other processing code)


In fact, very simple to use, give the simplest, most need to use this example:

Repeat to submit general control of the database is mainly used in control operations, such as insert, update, delete and so on, due to update, delete are normally filled by id to operate (for example: updateXXXById, removeXXXById), so the significance of such operational control is not high (do not rule out isolated cases), repeat control also presented mainly in the insertion of the control.

Let me talk about what we are currently doing the project situation:

The current project is to use Struts + Spring + Ibatis, pages with jstl, Struts complex View layer, Spring in the Service layer provides transaction control, Ibatis is used instead of JDBC, to access all the pages are not direct access to the jsp, but a visit to Structs in Action, by the Action to Forward to a Jsp, all against the database operations, such as taking data or modify data, are in the Action which was completed, all of the Action generally inherit BaseDispatchAction, this is the establishment of their own class aims to do for all of the Action unified control, in the Struts layer, for a function, we are generally divided into two Action, an Action inside the function is called Struts validation functionality does not require the (common method names add, edit, remove, view, list) Another is the need to call the Struts validation capabilities (common method names insert, update).

Take the post on the forum for it, post on the forum first need to jump to a page, you can fill in the subject and content of the post, fill out, click "Submit", post on the published, so here, after two steps:

1, go to a new page, in Action where we are commonly referred to as add, for example:

public ActionForward add (ActionMapping mapping, ActionForm form,

HttpServletRequest request, HttpServletResponse response)

throws Exception (

/ / This one is the output of debugging message that the code execution to this section of the log.debug ( ":: action - subject add");

/ / your code here

/ / Here to save the Token value saveToken (request);

/ / Jump to add page, Structs-config.xml inside the definition, for example, jump to subjectAdd.jsp

return mapping.findForward ( "add");


2, in completing the title and contents, choose to submit, will be submitted to the insert method, in the insert method of years to determine whether the repeated submitted.

public ActionForward insert (ActionMapping mapping, ActionForm form,

HttpServletRequest request, HttpServletResponse response) (

if (isTokenValid (request, true)) (

/ / Form is not a duplicate submission / / Here is the code to save the data) else (

/ / Form submitted to repeat saveToken (request);

/ / Other processing code)


A little more detail below (note that all of the following code to make use of angle brackets):

1, you want to Posted, click on the "I want Posted" link inside the code can look like this:

I would like to <html:link action=""> Posted </ html: link> and the method these struct-config.xml I will not say how to define, and click on the link, will implement the add method code as above said, the jump to subjectAdd.jsp page. The code page is probably as follows:

<html:form Action="">

<html:text Property="title" />

<html:textarea Property="content" />

<html:submit Property=" Published " />

<html:reset Property=" Refilling " />


If you add a method of Riga "saveToken (request);" This is one, then the resulting page in the subjectAdd.jsp will be more than a hidden field, similar to this <input type = "hidden" name = "org.apache . struts.taglib.html.TOKEN "value =" 6aa35341f25184fd996c4c918255c3ae ">,

2, click after the form submitted to the inside the insert method, you insert method of years to form the data into a database, if not repeat the submission of the control, then every click of a browser Refresh button, will be the same in the database to insert a record, add the following code, you can control the user's repeated submitted.

if (isTokenValid (request, true)) (

/ / Form is not a duplicate submission / / Here is the code to save the data) else (

/ / Form submitted to repeat saveToken (request);

/ / Other processing code)

Note that you must use the add method inside saveToken (request), you will be able to determine where in the insert, otherwise the save operation is repeated each time you submit.

Keep in mind that, Struts in a time when every time you visit the Action will produce a token, stored in your Session which, if you're inside a function inside the Action, using saveToken (request);, then the token will be stored in this Action by the Forward to the jsp static pages generated inside.

If you're on your way to where the use of Action of the isTokenValid, then Struts will forward your request from your inside to get the token value, and then, and the value of Session where the token comparison, if the two are equal, they will not repeat the submission, If not equal, is to repeat the submission.

Action due to all of our projects are inherited from the BaseDispatchAction this class, so we are basically in this class which has done a form submitted in duplicate control, the default is to control the add method and insert methods, if the need to control the other way, the his hand to write the above code, otherwise, does not require hand-written, the control of the code is as follows:

public abstract class BaseDispatchAction extends BaseAction (

protected ActionForward perform (ActionMapping mapping, ActionForm form,

HttpServletRequest request, HttpServletResponse response)

throws Exception (

String parameter = mapping.getParameter ();

String name = request.getParameter (parameter);

if (null == name) (/ / If you do not specify a method, then the default list

name = "list";


if ( "add". equals (name)) (

if ( "add". equals (name)) (

saveToken (request);


) Else if ( "insert". Equals (name)) (

if (! isTokenValid (request, true)) (

resetToken (request);

saveError (request, new ActionMessage ( "error.repeatSubmit"));

log.error ( "duplicate submission!");

return mapping.findForward ( "error");



return dispatchMethod2 (mapping, form, request, response, name);



分类:Java 时间:2010-03-24 人气:484
blog comments powered by Disqus


  • Save the session id of the method (transfer) 2010-12-22

    Ways to save the session id using cookie, so that the browser in the interactive process in accordance with the rules can be automatically sent to the server to the logo. The cookie can be artificially prohibited, there must be other mechanisms to be

  • PHP通过session id 实现session共享和登录验证的代码 2014-02-05

    PHP通过session id 实现session共享和登录验证的代码,需要的朋友可以参考下 先说说,这个机制的用途吧,到现在为止战地知道这个机制有两个方面的用途: 首先,多服务器共享session问题,这个大家应该都能够理解的,当一个网站的用户量过大,就会使用服务器集群,例如专门有一个登录用的服务器.用户通过登录服务器登录之后,登录服务器保存了用户的登录信息session,而其他受访问的服务器,例如电影服务器没有这个session,那么我们就要通过一个session的唯一标识来共享这个sess

  • cookie and session differences and similarities between the mechanisms 2011-07-04

    These are the basics, but need to do in-depth understanding. Briefly explain. Two definitions: When you visit the website, when, WEB server will first send a little information on your computer, Cookie will help you to play on the website text, or so

  • apache 403 Error You don't have permission to access on this server 2010-09-27

    apache 403 error You don't have permission to access on this server. In the configured Apache server, the test has passed, but your browser to localhost when 403 error occurs, Forbidden You don't have permission to access / on this server Cause of th

  • apache You don't have permission to access /test.php on this server解决方法 2014-12-28

    这篇文章主要介绍了apache You don't have permission to access /test.php on this server解决方法,需要的朋友可以参考下 键字: Apache 403 Forbidden 系统配置: 操作系统:Red Hat Linux 6.2 Web服务器:Apache 3.1.1+jakarta-tomcat 3.1.1 数据库服务器:oracle 8i Apache服务器是目前应用最多的web服务器,据统计在世界上的服务器中有超过一半采用Apa

  • 在RedHat Enterprise Linux server 5.4下安装配置Apache 2012-03-09

    1.下载 httpd-2.2.19.tar.gz 2.删掉系统安装的apache2.2.3 安装下载的apache tar zxvf httpd-2.2.19.tar.gz ./configure –prefix=/usr/Apache2.2.19 –enable-module=most –enable-shared=most –enable-so make make install 启动Apache /usr/Apache2.2.19/bin/apachectl start 转载自 1000S

  • mysql access to the current category and all sub-categories id 2010-08-27

    CREATE FUNCTION `getTreeCategory`(rootId INT) RETURNS VARCHAR(1000) CHARSET utf8 BEGIN DECLARE sTemp VARCHAR(1000);/* To define a temporary fields to hold all the categories and subcategories */ DECLARE sTempChd VARCHAR(1000);/* To define a temporary

  • sql server 2000 with java data type mapping 2011-04-27

    SQL data types and Java data type mapping 2007-09-10 08:54 due to a database table field type and Java data types do not correspond to good, cause the program wrong, special leave to find a correspondence between its mark. The following shows the SQL

  • SQL Server 2005 shortcut key input null 2010-10-26

    Quote Ctrl +0

  • Sharing Session among multiple server solution (change) 2010-03-17

    Session shared between multiple Web server solution Many involved in the development of the user's Session authentication is the question of reservations, this issue is rather interesting, summed up several options, for reference only. [Issues] Large

iOS 开发

Android 开发

Python 开发



PHP 开发

Ruby 开发






Javascript 开发

.NET 开发



Copyright (C), All Rights Reserved. 版权所有 黔ICP备15002463号-1

processed in 0.212 (s). 12 q(s)