If I implement the Synchronizer Token in my struts application, would i need to edit all my forms to add some kind of tag for the token or is that done automatically by struts?
+1
A:
The action’s saveToken() method generates a token and puts it in session scope, then the html:form tag adds the token automatically to your page.
Here is a code snippet from the html:form custom tag handler:
String token = (String) session.getAttribute(Globals.TRANSACTION_TOKEN_KEY);
if (token != null) {
results.append("<input type=\"hidden\" name=\"");
results.append(Constants.TOKEN_KEY);
results.append("\" value=\"");
results.append(token);
if (this.isXhtml()) {
results.append("\" />");
} else {
results.append("\">");
}
}
So, if you are using Struts html:form tags you don’t have to do anything, Struts will take care of adding the field. If instead you use classic HTML form tags, then you have to add the field by yourself.
dpb
2010-02-02 07:37:20