Prevent Double Click

If you use struts, there will be only one Servlet which acts as a controller (MVC) pattern.

If your webapp is very simple then there is no need to use struts. If the application is big like any banking application etc, then you should use Struts as it is very robust, makes the things simple, it Also has lot of readily available security features etc…
Explain about token feature in Struts ? How to prevent double click button form submission?
Tokens are used to check for invalid path for by the user:
1) if the user presses back button and submits the same page
2)or if the user refreshes the page which will result to the resubmit of the previous action
and might lead to unstabality..

to solve the above problems we use tokens
1) in previous action type saveTokens(HttpServletreuest)
2) in current action check for duplication button action

– Another important usage of tokens is to trap an event when the user hits the Submit button twice.
Tokens allows to prevent duplicate processing for such a request.

– Tokens are used to prevent multi click problem in struts.
In Action class method at the begining of the code need to call the saveToken() that generates an unique identifier for the “request url” and stores it in the session and also in the jsp as hidden param to which the request forwarded to. The hidden param in jsp is automatically created by struts
if we use <html:form> tag isTokenValid() compares the users session token with the token given as a request
parameter (either through hidden form field (form tag) or through additional parameter on a url (link tag)).
resetToken() removes the token from the session.

– Typically when a Struts action is going to forward to a page that will post information the action will call Action.saveToken(HttpServletRequest). Struts will then automatically add the token to the form when the <html:form> tag is rendered.

When the post occurs the action should perform
Action.isValidToken(HttpServletRequest true) to verify and invalidate the token.
Any succeeding posts with the token will be cause isValidToken() to return false.

Explain saveToken() function?
– saveToken() method is used for duplicate form submission. Let’s take an example i.e. yahoo email registration form You filled the form and press the “submit” button more than once. For each action you do there is a request object associted with that. So when you press the submit button twice that means you are sending
the same request twice so it will update the database twice which is an overhead.
To check this struts have saveToken() along with isTokenValid()
The purpose of saveToken is to avoid duplicate submittion. The token is actually a generated unique key.
Struts has 3 methods use for the token, saveToken(), isTokenValid() and resetToken().
saveToken() – generate the token key and save to request/session attribute.
isTokenValid() – validate submitted token key against the 1 store in request/session.

resetToken() – reset the token key.
How it works:
1. Upon loading the form, invokes saveToken() on the action class to create and store the token key.
Struts will store the generated key in request/session. If the token successfully created, when view source on the browser you will see something similar to the following, the token key is stored as a hidden field:
<form …><input type=”hidden” name=”org.apache.struts.taglib.html.TOKEN” value=”…”>

2. Once the form submitted, invokes isTokenValid() on the action class, it will validate the submitted token key(hidden field) with the token key stored previously on request/session. If match, it will return true.

3. Once all the process(validation, insert data..etc) in the action class completed. Invokes resetToken() to reset the value of the token key in request/session. If user clicks Refresh button on browser or click Back to resubmit the form, the hidden field value for token key still remain the same but the token key stored in request/session has reset. So on step 2 the method isTokenValid() will return false indicate is a duplicate submission.

The following is a simple example:
Initialise form action:
public ActionForward execute( ActionMapping mapping, ActionForm form, HttpServletRequest request,
HttpServletResponse response) throws Exception
// Create token.
return mapping.findForward(“success”);

Submitted form action:
public ActionForward execute( ActionMapping mapping, ActionForm form, HttpServletRequest request,
HttpServletResponse response) throws Exception {
// Validate token for duplication submittion.
if (!isTokenValid(request)) {
return mapping.findForward(“duplicate”);
} else {
// insert data to database
// Reset token after transaction success.
return mapping.findForward(“success”);
Struts2 has a built in mechanism for stopping double form submission that works on the server side instead of the client.  You may need to add the TokenInterceptor if its not on the defaultStack you’re using.

Example : – REFERENCE

<%@ taglib uri=“/struts-tags” prefix=“s” %>
s:form action=“tokenAction”>
s:textfield label=“Name” name=“name”></s:textfield>
s:textfield name=“age” label=“Age”></s:textfield>
s:token name=“token”></s:token>

package roseindia.action;

import com.opensymphony.xwork2.ActionSupport;
public class TokenAction extends ActionSupport
private String name;
private String age;
public String getName()
return name;

public void setName(String name)
{ = name;

public String getAge()
return age;

public void setAge(String age)
this.age = age;

public String execute() throws Exception
return SUCCESS;


<constant name=”struts.enable.DynamicMethodInvocation” value=”false” />
<constant name=”struts.devMode” value=”false” />
<package name=”roseindia” extends=”struts-default” namespace=”/”>
<action name=”tokenAction”>
<interceptor-ref name=”token” />
<interceptor-ref name=”basicStack”/>
<result name=”success” >/success.jsp</result>
<result name=”invalid.token”>/index.jsp</result>

<%@ taglib uri=”/struts-tags” prefix=”s” %>
Name : <s:property value=”name”/><br>
Age : <s:property value=”age”/>



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s