Author: dan.j.allen Date: 2009-04-03 00:18:49 -0400 (Fri, 03 Apr 2009) New Revision: 10281 Modified: trunk/doc/Seam_Reference_Guide/en-US/Controls.xml trunk/ui/src/main/java/org/jboss/seam/ui/component/UIToken.java trunk/ui/src/main/java/org/jboss/seam/ui/renderkit/TokenRendererBase.java Log: add allowMultiplePosts attribute Modified: trunk/doc/Seam_Reference_Guide/en-US/Controls.xml =================================================================== --- trunk/doc/Seam_Reference_Guide/en-US/Controls.xml 2009-04-03 03:22:11 UTC (rev 10280) +++ trunk/doc/Seam_Reference_Guide/en-US/Controls.xml 2009-04-03 04:18:49 UTC (rev 10281) @@ -881,7 +881,19 @@ that a JavaScript check should be inserted into the page to verify that cookies are enabled in the browser. If cookies are not enabled, present a notice to the user that - form posts will not work. + form posts will not work. (default: false) + </para> + </listitem> + <listitem> + <para> + <literal>allowMultiplePosts</literal> &#8212; indicates + whether to allow the same form to be submitted multiple + times with the same signature (as long as the view does + not change). This is a common need if the form is perform + Ajax calls but not rerendering itself or, at the very + least, the UIToken component. The preferred approach is to + have the UIToken component rerendered on any Ajax call + where the UIToken component would be processed. (default: false) </para> </listitem> Modified: trunk/ui/src/main/java/org/jboss/seam/ui/component/UIToken.java =================================================================== --- trunk/ui/src/main/java/org/jboss/seam/ui/component/UIToken.java 2009-04-03 03:22:11 UTC (rev 10280) +++ trunk/ui/src/main/java/org/jboss/seam/ui/component/UIToken.java 2009-04-03 04:18:49 UTC (rev 10281) @@ -72,7 +72,7 @@ * Indicates whether the session id should be included in the form signature, * hence binding the token to the session. This value can be set to false * if the "build before restore" mode of Facelets is activated (the - * default in JSF 2.0). + * default in JSF 2.0). The default value is false. */ public abstract boolean isRequireSession(); @@ -82,11 +82,24 @@ * Indicates whether a JavaScript check should be inserted into the page to * verify that cookies are enabled in the browser. If cookies are not * enabled, present a notice to the user that form posts will not work. + * The default value is false. */ public abstract boolean isEnableCookieNotice(); public abstract void setEnableCookieNotice(boolean state); + + /** + * Indicates whether to allow the same form to be submitted multiple times + * with the same signature (as long as the view does not change). This is a + * common need if the form is perform Ajax calls but not rerendering itself + * or, at the very least, the UIToken component. The preferred approach is to + * have the UIToken component rerendered on any Ajax call where the UIToken + * component would be processed. The default value is false. + */ + public abstract boolean isAllowMultiplePosts(); + public abstract void setAllowMultiplePosts(boolean allow); + /** * Return the selector that controls the unique browser identifier cookie. */ Modified: trunk/ui/src/main/java/org/jboss/seam/ui/renderkit/TokenRendererBase.java =================================================================== --- trunk/ui/src/main/java/org/jboss/seam/ui/renderkit/TokenRendererBase.java 2009-04-03 03:22:11 UTC (rev 10280) +++ trunk/ui/src/main/java/org/jboss/seam/ui/renderkit/TokenRendererBase.java 2009-04-03 04:18:49 UTC (rev 10281) @@ -89,7 +89,7 @@ throw new UnauthorizedCommandException(viewId, "No form signature provided"); } - if (!requestedViewSig.equals(generateViewSignature(context, form, token.isRequireSession(), clientToken))) + if (!requestedViewSig.equals(generateViewSignature(context, form, !token.isAllowMultiplePosts(), token.isRequireSession(), clientToken))) { throw new UnauthorizedCommandException(viewId, "Form signature invalid"); } @@ -115,7 +115,7 @@ writer.startElement(HTML.INPUT_ELEM, component); writer.writeAttribute(HTML.TYPE_ATTR, HTML.INPUT_TYPE_HIDDEN, HTML.TYPE_ATTR); writer.writeAttribute(HTML.NAME_ATTR, FORM_SIGNATURE_PARAM, HTML.NAME_ATTR); - writer.writeAttribute(HTML.VALUE_ATTR, generateViewSignature(context, form, token.isRequireSession(), token.getClientUidSelector().getClientUid()), HTML.VALUE_ATTR); + writer.writeAttribute(HTML.VALUE_ATTR, generateViewSignature(context, form, !token.isAllowMultiplePosts(), token.isRequireSession(), token.getClientUidSelector().getClientUid()), HTML.VALUE_ATTR); writer.endElement(HTML.INPUT_ELEM); } @@ -136,9 +136,13 @@ } } - private String generateViewSignature(FacesContext context, UIForm form, boolean useSessionId, String saltPhrase) + private String generateViewSignature(FacesContext context, UIForm form, boolean useRenderStamp, boolean useSessionId, String saltPhrase) { - String rawViewSignature = context.getExternalContext().getRequestContextPath() + "," + context.getViewRoot().getViewId() + "," + form.getClientId(context) + "," + form.getAttributes().get(RENDER_STAMP_ATTR); + String rawViewSignature = context.getExternalContext().getRequestContextPath() + "," + context.getViewRoot().getViewId() + "," + form.getClientId(context); + if (useRenderStamp) + { + rawViewSignature += "," + form.getAttributes().get(RENDER_STAMP_ATTR); + } if (useSessionId) { rawViewSignature += "," + ((HttpSession) context.getExternalContext().getSession(true)).getId();