<form action="/sug!addSug.action" method="post">
<s:token />
</form>
<s:token/> 生成如下的内容:(struts.token.name 标识哪个隐藏域存了 token 值)
<input type="hidden" name="struts.token.name" value="struts.token"/><input type="hidden" name="struts.token" value="7GXL55LPSGU19SDC9D3VP54I20XT3BVA"/>
配置token拦截器(struts.xml)
普通配置:
- <package name="TestStruts" extends="struts-default">
- <interceptors>
- <interceptor-stack name="myStack">
- <interceptor-ref name="token">
<!-- includeMethods表示包含指定的方法,即对标记为includeMethods的方法进行拦截 -->
<param name="includeMethods">saveCinema,saveCinemaAndtoAddScreen,updateCinema</param>
<!-- 定义被排除的方法名,也就是你action中不被这个拦截器拦截的方法名 -->
<param name="excludeMethods"></param>
-->
</interceptor-ref> - <interceptor-ref name="token-session"/>
- <interceptor-ref name="defaultStack" />
- </interceptor-stack>
- </interceptors>
- <default-interceptor-ref name="myStack" />
- <action name="Login" class="com.unmi.struts2.action.LoginAction">
- <result name="input">/login.jsp</result>
- <result name="invalid.token">/exception.jsp</result>
- </action>
零配置:
@ParentPackage(value="default")
@Namespace("/")
@Action(value = "sug",interceptorRefs={@InterceptorRef("token"),@InterceptorRef("defaultStack")},results={
@Result(name = "about", location = "/WEB-INF/page/proscenium/about.jsp"),
@Result(name = "invalid.token", location = "/WEB-INF/page/systemPage/error.jsp"),
})
注意 token、token-session 和 defaultStack 的顺序要保证,还需要加上名为 "invalid.token" 的 result,当发现重复提交时转向到这个逻辑页,如 /exception.jsp,在 /exception.jsp 加上 <s:actionerror /> 在出现重复提交时就会提示:The form has already been processed or no token was supplied, please try again.
) 为包启用 token 和 token-session
- <packagename="TestStruts" extends="struts-default">
-
<interceptors> -
<interceptor-stackname="myStack"> -
<interceptor-refname="token"/> -
<interceptor-refname="token-session"/> -
<interceptor-refname="defaultStack" /> -
</interceptor-stack> -
</interceptors> -
<default-interceptor-refname="myStack" /> -
<actionname="Login" class="com.unmi.struts2.action.LoginAction"> -
<resultname="input">/login.jsp</result> -
<resultname="invalid.token">/exception.jsp</result> -
</action> - ............................................................................
2) 为 Action 启用 token 和 token-session
- <actionname="Login" class="com.unmi.struts2.action.LoginAction">
-
<interceptor-refname="token" /> -
<interceptor-refname="token-session" /> -
<interceptor-refname="defaultStack" /> -
<resultname="input">/login.jsp</result> -
<resultname="invalid.token">/exception.jsp</result> - </action>