Alright, many might already know this, but it’s new to me so here goes.
I thought I had used most of the features of Struts, but I still find new features. Feature of the day: Synchronizer Token.
For those of you unfamiliar with the Synchronizer Token pattern, it ensures data can only be submitted once from a webform.
Call ActionServlet.saveToken(HttpRequest) before the display of the form to set the token, and then check ActionServlet.isTokenValid(HttpRequest) upon submit. If the token is valid you reset it with ActionServlet.resetToken(HttpRequest), which makes sure the next call to isTokenValid will fail.
I wish it was possible to set several tokens though. If a user opens more than one browser window and ends up having two forms that use the tokens open, the last form will overwrite the first forms token and thus make it fail when submitted. I know it’s a marginal case, and not one that is likely to happen very often, but I don’t think it would be a big problem to implement.