1 5 package com.opensymphony.webwork.interceptor; 6 7 import com.opensymphony.webwork.ServletActionContext; 8 import com.opensymphony.webwork.util.TokenHelper; 9 import com.opensymphony.xwork.ActionContext; 10 import com.opensymphony.xwork.ActionInvocation; 11 import com.opensymphony.xwork.ValidationAware; 12 import com.opensymphony.xwork.interceptor.Interceptor; 13 import com.opensymphony.xwork.util.LocalizedTextUtil; 14 import org.apache.commons.logging.Log; 15 import org.apache.commons.logging.LogFactory; 16 17 import javax.servlet.http.HttpServletRequest ; 18 19 20 23 public class TokenInterceptor implements Interceptor { 24 26 public static final String INVALID_TOKEN_CODE = "invalid.token"; 27 private static final Log LOG = LogFactory.getLog(TokenInterceptor.class); 28 29 31 35 public void destroy() { 36 } 37 38 43 public void init() { 44 } 45 46 50 public String intercept(ActionInvocation invocation) throws Exception { 51 if (LOG.isDebugEnabled()) { 52 LOG.debug("Intercepting invocation to check for valid transaction token."); 53 } 54 55 HttpServletRequest request = ServletActionContext.getRequest(); 56 57 synchronized (request.getSession(true)) { 58 if (!TokenHelper.validToken(request)) { 59 return handleInvalidToken(invocation); 60 } 61 62 return handleValidToken(invocation); 63 } 64 } 65 66 71 protected String handleInvalidToken(ActionInvocation invocation) throws Exception { 72 Object action = invocation.getAction(); 73 String errorMessage = LocalizedTextUtil.findText(this.getClass(), "webwork.messages.invalid.token", ActionContext.getContext().getLocale(), "The form has already been processed or no token was supplied, please try again.", new Object [0]); 74 75 if (action instanceof ValidationAware) { 76 ((ValidationAware) action).addActionError(errorMessage); 77 } else { 78 LOG.warn(errorMessage); 79 } 80 81 return INVALID_TOKEN_CODE; 82 } 83 84 88 protected String handleValidToken(ActionInvocation invocation) throws Exception { 89 return invocation.invoke(); 90 } 91 } 92 | Popular Tags |