blob: e05a813c6c4aaf81f3b02e7e82e84a2ef7ce2742 [file] [log] [blame] [view]
---
layout: default
title: Token Interceptor
parent:
title: Interceptors
url: interceptors.html
---
# Token Interceptor
Ensures that only one request per token is processed. This interceptor can make sure that back buttons and double clicks
don't cause un-intended side affects. For example, you can use this to prevent careless users who might double click on
a "checkout" button at an online store. This interceptor uses a fairly primitive technique for when an invalid token is
found: it returns the result `invalid.token`, which can be mapped in your action configuration.
A more complex implementation, {@link TokenSessionStoreInterceptor}, can provide much better logic for when invalid
tokens are found.
> Note: To set a token in your form, you should use the <b>token tag</b>. This tag is required and must be used
> in the forms that submit to actions protected by this interceptor. Any request that does not provide a token (using
> the token tag) will be processed as a request with an invalid token.
Internationalization Note: The following key could be used to internationalized the action errors generated by this
token interceptor:
- `struts.messages.invalid.token`
> NOTE: As this method extends off MethodFilterInterceptor, it is capable of deciding if it is applicable only
> to selective methods in the action class. See `MethodFilterInterceptor` for more info.
## Parameters
There are no parameters for this interceptor.
## Extending the Interceptor
While not very common for users to extend, this interceptor is extended by the `TokenSessionStoreInterceptor`.
The `#handleInvalidToken` and `#handleValidToken` methods are protected and available for more interesting logic,
such as done with the token session interceptor.
## Examples
```xml
<action name="someAction" class="com.examples.SomeAction">
<interceptor-ref name="token"/>
<interceptor-ref name="basicStack"/>
<result name="success">good_result.ftl</result>
</action>
<!-- In this case, myMethod of the action class will not
get checked for invalidity of token -->
<action name="someAction" class="com.examples.SomeAction">
<interceptor-ref name="token">
<param name="excludeMethods">myMethod</param>
</interceptor-ref>
<interceptor-ref name="basicStack"/>
<result name="success">good_result.ftl</result>
</action>
```