6.3.5. UseToken Interceptor

Interceptor that issues token for double submission (same request sent twice) prevention .

This interceptor is expected to be used mainly when a template engine other than JSP is adopted.

In template engines other than JSP, in addition to using this interceptor, it is necessary that the token is explicitly embedded in hidden of the template. How to embed the token will be described later. If JSP is used, useToken attribute of form tag is used to generate the token and embed in hidden.

To check tokens, OnDoubleSubmission Interceptor has to be configured for subsequent actions. Module list

</dependency> Using UseToken

Configure the UseToken annotation for the action method.

public HttpResponse confirm(HttpRequest req, ExecutionContext ctx) {
    // Omitted

Tokens must be explicitly embedded in the input form.

Implementation example in Thymeleaf
<form th:action="@{/path/to/action}" method="post">
  <input type="hidden" name="nablarch_token" th:value="${nablarch_request_token}" />

As in this example, it is necessary to configure “nablarch_token” as the name attribute and the value obtained from the request scope with the key “nablarch_request_token” as the value attribute. The name attribute and the key to acquire the value from the request scope can be changed. For details, see prevention of double submission in the server .