• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Multiple Form submission Restriction Using Struts2 Token Interceptors

 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
HI JavaLovers,

i have implemented Token Interceptor concept to restrict the Multiple Form Submission in my application. But its not working in Firefox 11.0 only. In IE and Chrome working fine. I am not able to find the problem also? Please help me on this.
I am applying this concept in Login Page.

IN Login JSP Page:

<s:form action="loginAct" id="loginForm" method="post" onLoad="autoCompleteOff();" ><br/>
<input type="text" name="strUserID" id="strUserID" value="User ID" onclick="if(this.value == 'User ID') {this.value = '';}" onblur="if (this.value == '') {this.value = 'User ID';}"/><br/><br/>
<input type="password" NAME="strPassword" id="strPassword" value="Password" onfocus="if (this.value == 'Password') {this.value = '';}" onblur="if (this.value == '') {this.value = 'Password';}" onKeyPress="enterKeyPress(event);" autocomplete="off"/><br/>
<input align="middle" type="button" Value="LOGIN" onclick="login()"/>
<s:token/>
<label><a href="#" onclick="gotoForgotPassword();">Forgot Password?</a></label>
</s:form>


In Struts Page:

<interceptors>
<interceptor-stack name="defaultSecurityStack">
<interceptor-ref name="token">
<param name="excludeMethods">*</param>
<param name="includeMethods">loginExecute</param>
</interceptor-ref>
<interceptor-ref name="ClearCachingInterceptor"/>
<interceptor-ref name="defaultStack"/>
</interceptor-stack>

<interceptor name="SessionCheckInterceptor" class="com.igate.qatool.util.SessionCheckInterceptor" />
<interceptor name="ClearCachingInterceptor" class="com.igate.qatool.util.CachingHeadersInterceptor" />

<interceptor-stack name="testSessionValidationStack">
<interceptor-ref name="SessionCheckInterceptor" />
<interceptor-ref name="defaultStack" />
</interceptor-stack>
</interceptors>

<default-interceptor-ref name="defaultSecurityStack" />

<action name="loginAct" method="loginExecute" class="com.igate.qatool.actions.LoginAction">
<result name="success" type="tiles">/home_page</result>
<result name="failure">/jsp/login.jsp</result>
<result name="tologin" type="redirect">/index.jsp</result>
</action>


This code is working in IE9 and Chrome but its not working in Firefox 11.0
 
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Have you tried the current version (25) of Firefox? Your version was released March 13, 2012 and superseded by version 12 a month later.
 
lokesh pushpa
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have installed latest Firefox still i am facing same problem. i have searched about this problem in google. They are saying, Mozilla uses same session for all form submission due to this one double submission wont work in Firefox. Please check the below link:
https://bugzilla.mozilla.org/show_bug.cgi?id=338278

But i am not getting how to overcome this issue

Please advise me with proper solution.

 
Joe Ess
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Let's make sure we're talking about the same thing. By "Multiple Form submission" do you mean someone clicks the "submit" button twice on the same form or someone uses two different windows to access the application, submits a form in window 1, then submits the same form in window 2 overwriting the first submission?
The Token Interceptor is written to prevent the former. The latter problem is what the Firefox bug report would concern (I think, after the minute or two I've thought about it).
Were you able to find a bug for Struts that referenced Firefox? I'd think that would be a big deal, given that the Firefox bug has been around for 10 years or so.
 
lokesh pushpa
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
First i am glad to say Thanks Joe for reply

I am facing the problem what you mentioned first one "Multiple Form submission". For this Struts Tokenizer is the implementation. But its not working in Mozilla. After this one i got one more approach for login screen. I have checked in banking sites also they are not implementing for Login Page. They are just implementing when ever login button hits they are disabling the button. So there is no chance for double submission.
So i am going to implement this approach for login screen. After login i am able to restrict the refresh and back button using Struts Token.

Thank you very much for reply



 
Joe Ess
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

lokesh pushpa wrote:They are just implementing when ever login button hits they are disabling the button. So there is no chance for double submission.



This a common solution for solving double submission.
I'm not convinced the Token Interceptor is broken. One problem I've seen in the past is that one will create a submit button and add a javascript form submit call to it. This effectively calls the action twice. Do you have anything like that?
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic