org.lastaflute.web.token.exception.DoubleSubmitVerifyTokenBeforeValidationException: Look! Read the message below. /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * The verifyToken() was called before validate() in action. [Advice] The verifyToken() should be after validate(). The verifyToken() deletes session token if success, so it may be token-not-found exception if validation error. (validation error's response may need session token) For example: (x): public HtmlResponse update(Integer memberId) { verifyToken(...); // *Bad: session token is deleted here validate(form, messages -> {}, () -> { // may be this exception if validation error return asHtml(path_...); // the html may need token... }); ... } (o): public HtmlResponse update(Integer memberId) { validate(form, messages -> {}, () -> { return asHtml(path_...); // session token remains }); verifyToken(...); // Good ... } [Execute Method] public HtmlResponse AdminDictSynonymAction@delete(EditForm) [Requested Token] opt:{e4670a3200e0e013595607123ce05a53} [Saved Token] opt:{{class org.codelibs.fess.app.web.admin.dict.synonym.AdminDictSynonymAction=e4670a3200e0e013595607123ce05a53, class org.codelibs.fess.app.web.admin.fileconfig.AdminFileconfigAction=d2d3aa563436c7898342874242e52b8f}} * * * * * * * * * */

GitHub | ma2tani | 2 months ago
  1. 0

    admin page synonym data can't delete

    GitHub | 2 months ago | ma2tani
    org.lastaflute.web.token.exception.DoubleSubmitVerifyTokenBeforeValidationException: Look! Read the message below. /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * The verifyToken() was called before validate() in action. [Advice] The verifyToken() should be after validate(). The verifyToken() deletes session token if success, so it may be token-not-found exception if validation error. (validation error's response may need session token) For example: (x): public HtmlResponse update(Integer memberId) { verifyToken(...); // *Bad: session token is deleted here validate(form, messages -> {}, () -> { // may be this exception if validation error return asHtml(path_...); // the html may need token... }); ... } (o): public HtmlResponse update(Integer memberId) { validate(form, messages -> {}, () -> { return asHtml(path_...); // session token remains }); verifyToken(...); // Good ... } [Execute Method] public HtmlResponse AdminDictSynonymAction@delete(EditForm) [Requested Token] opt:{e4670a3200e0e013595607123ce05a53} [Saved Token] opt:{{class org.codelibs.fess.app.web.admin.dict.synonym.AdminDictSynonymAction=e4670a3200e0e013595607123ce05a53, class org.codelibs.fess.app.web.admin.fileconfig.AdminFileconfigAction=d2d3aa563436c7898342874242e52b8f}} * * * * * * * * * */

    Root Cause Analysis

    1. org.lastaflute.web.token.exception.DoubleSubmitVerifyTokenBeforeValidationException

      Look! Read the message below. /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * The verifyToken() was called before validate() in action. [Advice] The verifyToken() should be after validate(). The verifyToken() deletes session token if success, so it may be token-not-found exception if validation error. (validation error's response may need session token) For example: (x): public HtmlResponse update(Integer memberId) { verifyToken(...); // *Bad: session token is deleted here validate(form, messages -> {}, () -> { // may be this exception if validation error return asHtml(path_...); // the html may need token... }); ... } (o): public HtmlResponse update(Integer memberId) { validate(form, messages -> {}, () -> { return asHtml(path_...); // session token remains }); verifyToken(...); // Good ... } [Execute Method] public HtmlResponse AdminDictSynonymAction@delete(EditForm) [Requested Token] opt:{e4670a3200e0e013595607123ce05a53} [Saved Token] opt:{{class org.codelibs.fess.app.web.admin.dict.synonym.AdminDictSynonymAction=e4670a3200e0e013595607123ce05a53, class org.codelibs.fess.app.web.admin.fileconfig.AdminFileconfigAction=d2d3aa563436c7898342874242e52b8f}} * * * * * * * * * */

      at org.lastaflute.web.token.SimpleDoubleSubmitManager.throwDoubleSubmitVerifyTokenBeforeValidationException()
    2. org.lastaflute.web
      TypicalAction.verifyToken
      1. org.lastaflute.web.token.SimpleDoubleSubmitManager.throwDoubleSubmitVerifyTokenBeforeValidationException(SimpleDoubleSubmitManager.java:349)
      2. org.lastaflute.web.token.SimpleDoubleSubmitManager.checkVerifyTokenAfterValidatorCall(SimpleDoubleSubmitManager.java:302)
      3. org.lastaflute.web.token.SimpleDoubleSubmitManager.doVerifyToken(SimpleDoubleSubmitManager.java:255)
      4. org.lastaflute.web.token.SimpleDoubleSubmitManager.verifyToken(SimpleDoubleSubmitManager.java:245)
      5. org.lastaflute.web.TypicalAction.verifyToken(TypicalAction.java:297)
      5 frames
    3. org.codelibs.fess
      AdminDictSynonymAction.delete
      1. org.codelibs.fess.app.web.admin.dict.synonym.AdminDictSynonymAction.delete(AdminDictSynonymAction.java:312)
      1 frame
    4. Java RT
      Method.invoke
      1. sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      2. sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      3. sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      4. java.lang.reflect.Method.invoke(Method.java:497)
      4 frames
    5. org.lastaflute.web
      GodHandableAction.lambda$transactionalExecute$148
      1. org.lastaflute.web.ruts.GodHandableAction.invokeExecuteMethod(GodHandableAction.java:345)
      2. org.lastaflute.web.ruts.GodHandableAction.actuallyExecute(GodHandableAction.java:316)
      3. org.lastaflute.web.ruts.GodHandableAction.doExecute(GodHandableAction.java:156)
      4. org.lastaflute.web.ruts.GodHandableAction.lambda$transactionalExecute$148(GodHandableAction.java:147)
      4 frames