Unable to implement Struts 2 token interceptor with hyperlink
The s:token tag merely places a hidden element that contains the unique token.
There's not need to use token with url, because the form should be submitted. If you want to pass some token as a parameter then you need to use s:param
tag.
Define the parameter
private String token;
public String getToken() {
return token;
}
public void setToken(String token) {
this.token = token;
}
public String execute() throws Exception {
Map<String, Object> context = ActionContext.getContext().getValueStack().getContext();
Object myToken = context.get("token");
if (myToken == null) {
myToken = TokenHelper.setToken("token");
context.put("token", myToken);
}
token = myToken.toString();
return SUCCESS;
}
in the JSP
<s:url var="linkdelete" namespace="/admin/insecure/upload" action="DeleteLatestUpload" ><s:param name="struts.token.name" value="%{'token'}"/><s:param name="token" value="%{token}"/></s:url>
The most simple way to use token with url is to use <s:token/>
tag to set token value into session and retrieve it in <s:param>
tag.
<s:token/>
<s:url var="..." action="...">
<s:param name="struts.token.name" value="'token'"/>
<s:param name="token" value="#session['struts.tokens.token']"/>
</s:url>