Struts2 token interceptor always fails - struts2

Im trying to make it so that once i submit this form i cannot hit the back button, but with the current configuration I cannot even get the page/form to load. I can't seem to figure out why "invalid.token" is always being triggered thus redirecting me to index.jsp no matter what I have the token tag in my form like im supposed to. If i use the "excludeMethods" filter and exclude View then my page loads but I can hit the back button freely so it still does not work properly. I have tried moving the interceptor-ref above and below my noLoginStack but it dosen't make a difference. Based on my debugging my actual java class isn't even being hit, so its failing before then. What am I doing wrong?
My action declaration:
<action name="viewAppointmentLetter" class="edu.ucr.c3.rsummer.controller.instructor.ManageAppointmentLetters">
<interceptor-ref name="noLoginStack"/>
<interceptor-ref name="token" />
<result name="invalid.token">/index.jsp</result>
<result name="error" type="redirectAction">index.do</result>
<result name="input">/instructor/assigned_appts.jsp</result>
<result name="view">/instructor/assigned_appts.jsp</result>
<result type="redirectAction">index.do</result>
</action>
My assigned_appts.jsp:
<s:form action="saveAppointmentLetter" onsubmit="return verifySubmit();">
<s:token name="token" />
.....
</s:form>
If its any clue I always get this in my console
WARN org.apache.struts2.util.TokenHelper - Could not find token name in params.

In struts2 the order of interceptor is very important. you should follow this order.
<interceptor-ref name="token"/>
<interceptor-ref name="noLoginStack"/>

USe TokenSession interceptor.Had to handle result by result name="invalid.token" in struts.xml in specific action.
The page from which your action is generated at that page you have to write <s:token> tag in the header

Related

When using ExecuteAndWait, how to avoid prepare() and validate() methods on each refresh?

Through a recent debugging session I realized that when refreshing a "wait" page during an ExecuteAndWait process, it calls the action's prepare() and validate() methods each time. For some reason I thought Struts would immediately identify the "waiting" Action, and if it wasn't finished, it would immediately return a WAIT result with the running Action at the top of the stack. I now realize since the ExecuteAndWait interceptor is at the end of the interceptor stack - so it obviously doesn't send the WAIT result until all interceptors have been executed.
That said, in some of my long running actions, the prepare() method hits the database for some rather resource heavy database queries. So if I have an ExecuteAndWait page showing the progress status of an Action (refreshing every 2 seconds in my case), this seems incredibly inefficient. Is there a way to avoid this? Am I setting up my Action logic flow incorrectly?
A sample of one of my Action setups in struts.xml:
<action name="ContactDelete" class="com.afs.web.struts.action.contact.ContactDeleteAction">
<interceptor-ref name="myParamsPrepareParamsStack" />
<result>/struts/contact/contactDelete_modal.jsp</result>
<result name="error">/struts/common/error/error_modal.jsp</result>
<result name="login">/struts/common/login/login_modal.jsp</result>
</action>
<action name="ContactDelete_delete" class="com.afs.web.struts.action.contact.ContactDeleteAction" method="delete">
<interceptor-ref name="myDefaultStack"/>
<interceptor-ref name="openSessionExecuteAndWaitInterceptor" >
<param name="delay">0</param>
</interceptor-ref>
<result name="input">/struts/contact/contactDelete_modal.jsp</result>
<result name="wait">/struts/common/progressMonitorWait_modal.jsp</result>
<result>/struts/common/progressMonitorSuccess_modal.jsp</result>
<result name="error">/struts/common/error/error_modal.jsp</result>
<result name="login">/struts/common/login/login_modal.jsp</result>
</action>

Struts won't pass parameter to jsp file

I have an action which (depending on the result) redirects to a suitable file:
<!-- /web/addaccount -->
<action name="addaccount" class="com.x.y.z.WebCreateAccountAction">
<result name="INVALIDLOGIN">/delete/confirm.jsp?err=SIGNIN</result>
<result name="ERROR">/delete/error.html</result>
</action>
For some reason, when redirecting to delete/confirm.jsp, the parameter erris not passed in. I'm at a loss to why this is happening. Is this an incorrect way of passing params to JSP via Struts?
Was just missing a:
type="redirect"
<result name="INVALIDLOGIN" type="redirect">/delete/confirm.jsp?err=SIGNIN</result>
Note: This is advised against, it would redirect directly to a JSP, which would be considered an S2 anti-pattern. See comments below.

Prevent re-execute action in struts

this is probably an old question, but I just couldn't find an answer anywhere...
is there any way to prevent re-execute action in struts (other than re-direct to another page) when user clicks the refresh or back button on the browser?
index.jsp
<form action='call_action'>
<input type='text' name='name'/>
<s:token name="token"></s:token>
</form>
In struts.xml
<action name="call_action" class="controller.ActionClass">
<interceptor-ref name="token" />
<interceptor-ref name="basicStack"/>
<result name="invalid.token">invalid_token.jsp</result>
<result name="success">signup.jsp</result>
</action>
add invalid_token.jsp in your project.if unfortunetly user clicked second time.it automatically forward to invalid_token.jsp Page.

struts 2 and sitemesh localization

i am using struts 2 and sitemesh. I can change locale in my login page without problem just by setting a request parameter named with 'request_locale' parameter. But in all other pages i am using sitemesh for decorating header and footer. And i tried to set same parameter for other pages but no luck. These are some of the other codes that i tried in my Login Action:
request.getSession(false).setAttribute("WW_TRANS_I18N_LOCALE", newLocale);
ActionContext.getContext().setLocale(newLocale);
session.put(I18nInterceptor.DEFAULT_SESSION_ATTRIBUTE, newLocale);
When i write out these settings i see everything is ok.
But when i write out
<c:out value="${pageContext.request.locale.language}"/>
it is always showing browsers Accept-Language and it doesnt make any localization.
How can i make localization to work with sitemesh?
I tried to redirect from login action to an action named home with request locale parameter and then this action redirects to index.jsp. Everything is ok now.
And i set default action as home action so when user enters root page from address bar it is activing home action so i18n interceptor and intercoptors are becaming active.
This is login.action in struts.xml:
<action name="login" class="wateron.login.LoginAction" >
<result type="redirectAction">
<param name="actionName">home?request_locale=${request_locale}</param>
<param name="namespace">/</param>
</result>
</action>
And this is home action in struts.xml :
<package name="default" extends="struts-default" namespace="">
<default-action-ref name="home" />
<action name="home">
<result>/index.jsp</result>
</action>
</package>
Thanks for reference question :
How to use interceptor on the default page?

get invalid.token result at the first time run action

I use struts 2.1.8, I use <s:token> between <s:form> and </s:form>
in my struts.xml like that
............
<package name="user" namespace="/user" extends="struts-default">
<action name="login"class="user.UserAction">
<result type="tiles">login.view</result>
<interceptor-ref name="token"/>
<interceptor-ref name="basicStack"/>
<result name="invalid.token">/pages/error.jsp</result>
</action>
</package>
...............
at the first time, I run login.do action, I alway get error page. Plz give to me some suggestions thank in advance.
You need to add parameter to exclude method on which you dont want to apply interceptor
for example at the very first run I used populate method to populate my page
<interceptor-ref name="token">
<param name="excludeMethods">populate</param>
</interceptor-ref>
if you have more than one method than you can use comma to separate methods
<interceptor-ref name="token">
<param name="excludeMethods">populate,add,save,anyothermethod</param>
</interceptor-ref>
Best Luck !
Regards,
Asit Jaiswal
The problem is that your token is due.
If you choose to ignore the method, then you don't need to add the token tag

Resources