6.3.5. UseToken Interceptor¶

Table of contents

Interceptor class name
Module list
Using UseToken

Interceptor that issues token for double submission (same request sent twice) prevention .

This interceptor is expected to be used mainly when a template engine other than JSP is adopted.

In template engines other than JSP, in addition to using this interceptor, it is necessary that the token is explicitly embedded in hidden of the template. How to embed the token will be described later. If JSP is used, useToken attribute of form tag is used to generate the token and embed in hidden.

To check tokens, OnDoubleSubmission Interceptor has to be configured for subsequent actions.

6.3.5.1. Interceptor class name ¶

nablarch.common.web.token.UseToken

6.3.5.2. Module list ¶

<dependency>
  <groupId>com.nablarch.framework</groupId>
  <artifactId>nablarch-fw-web-tag</artifactId>
</dependency>

6.3.5.3. Using UseToken ¶

Configure the UseToken annotation for the action method.

@UseToken
public HttpResponse confirm(HttpRequest req, ExecutionContext ctx) {
    // Omitted
}

Tokens must be explicitly embedded in the input form.

Implementation example in Thymeleaf

<form th:action="@{/path/to/action}" method="post">
  <input type="hidden" name="nablarch_token" th:value="${nablarch_request_token}" />

As in this example, it is necessary to configure “nablarch_token” as the name attribute and the value obtained from the request scope with the key “nablarch_request_token” as the value attribute. The name attribute and the key to acquire the value from the request scope can be changed. For details, see prevention of double submission in the server .

6.3.5. UseToken Interceptor¶

6.3.5.1. Interceptor class name¶

6.3.5.2. Module list¶

6.3.5.3. Using UseToken¶

6.3.5.1. Interceptor class name ¶

6.3.5.2. Module list ¶

6.3.5.3. Using UseToken ¶