Tokens can prevent one of our forms from being submitted repeatedly
When the user encounters network congestion in the process of submitting the form, he will roll back or repeatedly click the submit button. If we do not do anything with it, the program running on the server will crash. So Struts2 provides us with a set of methods to solve the repeated submission of forms ----- token mechanism
The rationale for this method is:
Before processing the incoming request , the server will compare the token value in the request with the token value stored in the current user session to see if it matches. After the request is processed and before the response is sent to the client, a new Token will be generated , which will not only be passed to the client, but will also replace the old Token saved in the user session . In this way, if the user returns to the previous submission page and submits it again, the Token value sent by the client side is inconsistent with the server side, thus effectively preventing the occurrence of repeated submissions.
Token generation flow chart:
Token verification flow chart:
Implement the token verification step
The first step: jsp page to add tag support
<%@ taglib prefix="s" uri="/struts-tags" %>Step 2: Add to the form
<s:token></s:token>
Step 3: Add a verification interceptor to the action that needs to verify repeated submissions in struts.xml
<interceptor-ref name="token" /> <result name="invalid.token">repeatsubmit.jsp</result>
The specific configuration file is
<package name="chapter06" extends="struts-default">
<action name="ch06LoginAction" class="cn.lovepi.chapter06.action.LoginAction">
<!--Add the corresponding interceptor-->
<interceptor-ref name="token"/>
<!--Default interceptor must be added-->
<interceptor-ref name="defaultStack"/>
<result name="success">index.jsp</result>
<result name="invalid.token">error.jsp</result>
</action>
</package>
Form configuration
<%--
Created by IntelliJ IDEA.
User: icarus
Date: 2016/7/2
Time: 11:16
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ taglib prefix="s" uri="/struts-tags" %>
<html>
<head>
<title>index</title>
</head>
<body>
<s:text name="login.title"/>
<s:form action="ch06LoginAction" method="POST">
<s:textfield name="username" key="login.username"/>
<s:password name="password" key="login.password"/>
<s:token></s:token>
<%--The value of the value in submit here cannot be configured in the previous way
This is a loophole in struts2 internationalization, you can't use key, but use value
<s:submit key="login.submit"/>
--%>
<s:submit value="%{getText(login.submit)}"/>
</s:form>
<s:a href="ch06LoginAction.action?request_locale=zh_CN">中文</s:a>
<s:a href="ch06LoginAction.action?request_locale=en_US">English</s:a>
</body>
</html>
Error interface:
<%--
Created by IntelliJ IDEA.
User: icarus
Date: 2016/7/10
Time: 13:31
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>Form submitted repeatedly........</h1>
</body>
</html>
Corresponding Action
package cn.lovepi.chapter06.action;
import com.opensymphony.xwork2.ActionSupport;
/**
* Created by icarus on 2016/7/10.
* International demo
*/
public class LoginAction extends ActionSupport{
private String username;
private String password;
@Override
public String execute() throws Exception {
// You can get the corresponding information in the configuration file in this way
System.out.println(getText("login.username"));
return SUCCESS;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
Repeatedly submit the form test, you can see that the error interface has been successfully jumped, indicating that our token mechanism has been successfully set up.