TokenInterceptor


1   /*
2    * Copyright (c) 2002-2003 by OpenSymphony
3    * All rights reserved.
4    */
5   package com.opensymphony.webwork.interceptor;
6   
7   import com.opensymphony.webwork.ServletActionContext;
8   import com.opensymphony.webwork.util.TokenHelper;
9   import com.opensymphony.xwork.ActionContext;
10  import com.opensymphony.xwork.ActionInvocation;
11  import com.opensymphony.xwork.ValidationAware;
12  import com.opensymphony.xwork.interceptor.Interceptor;
13  import com.opensymphony.xwork.util.LocalizedTextUtil;
14  import org.apache.commons.logging.Log;
15  import org.apache.commons.logging.LogFactory;
16  
17  import javax.servlet.http.HttpServletRequest  ;
18  
19  
20  /**
21   * @author Jason Carreira
22   */
23  public class TokenInterceptor implements Interceptor {
24      //~ Static fields/initializers /////////////////////////////////////////////
25  
26      public static final String   INVALID_TOKEN_CODE = "invalid.token";
27      private static final Log LOG = LogFactory.getLog(TokenInterceptor.class);
28  
29      //~ Methods ////////////////////////////////////////////////////////////////
30  
31      /**
32       * Called to let an interceptor clean up any resources it has allocated. Does nothing by default -
33       * subclass and overwrite to customize.
34       */
35      public void destroy() {
36      }
37  
38      /**
39       * Called after an Interceptor is created, but before any requests are processed using the
40       * {@link #intercept(ActionInvocation)} method.. This gives the Interceptor a chance to
41       * initialize any needed resources. Currently does nothing - subclass and overwrite to customize.
42       */
43      public void init() {
44      }
45  
46      /**
47       * @param invocation an encapsulation of the action execution state.
48       * @throws Exception
49       */
50      public String   intercept(ActionInvocation invocation) throws Exception   {
51          if (LOG.isDebugEnabled()) {
52              LOG.debug("Intercepting invocation to check for valid transaction token.");
53          }
54  
55          HttpServletRequest   request = ServletActionContext.getRequest();
56  
57          synchronized (request.getSession(true)) {
58              if (!TokenHelper.validToken(request)) {
59                  return handleInvalidToken(invocation);
60              }
61  
62              return handleValidToken(invocation);
63          }
64      }
65  
66      /**
67       * @param invocation
68       * @return
69       * @throws Exception
70       */
71      protected String   handleInvalidToken(ActionInvocation invocation) throws Exception   {
72          Object   action = invocation.getAction();
73          String   errorMessage = LocalizedTextUtil.findText(this.getClass(), "webwork.messages.invalid.token", ActionContext.getContext().getLocale(), "The form has already been processed or no token was supplied, please try again.", new Object  [0]);
74  
75          if (action instanceof ValidationAware) {
76              ((ValidationAware) action).addActionError(errorMessage);
77          } else {
78              LOG.warn(errorMessage);
79          }
80  
81          return INVALID_TOKEN_CODE;
82      }
83  
84      /**
85       * @param invocation
86       * @throws Exception
87       */
88      protected String   handleValidToken(ActionInvocation invocation) throws Exception   {
89          return invocation.invoke();
90      }
91  }
92
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags