KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > opensymphony > webwork > interceptor > TokenInterceptor


1 /*
2  * Copyright (c) 2002-2003 by OpenSymphony
3  * All rights reserved.
4  */

5 package com.opensymphony.webwork.interceptor;
6
7 import com.opensymphony.webwork.ServletActionContext;
8 import com.opensymphony.webwork.util.TokenHelper;
9 import com.opensymphony.xwork.ActionContext;
10 import com.opensymphony.xwork.ActionInvocation;
11 import com.opensymphony.xwork.ValidationAware;
12 import com.opensymphony.xwork.interceptor.Interceptor;
13 import com.opensymphony.xwork.util.LocalizedTextUtil;
14 import org.apache.commons.logging.Log;
15 import org.apache.commons.logging.LogFactory;
16
17 import javax.servlet.http.HttpServletRequest JavaDoc;
18
19
20 /**
21  * @author Jason Carreira
22  */

23 public class TokenInterceptor implements Interceptor {
24     //~ Static fields/initializers /////////////////////////////////////////////
25

26     public static final String JavaDoc INVALID_TOKEN_CODE = "invalid.token";
27     private static final Log LOG = LogFactory.getLog(TokenInterceptor.class);
28
29     //~ Methods ////////////////////////////////////////////////////////////////
30

31     /**
32      * Called to let an interceptor clean up any resources it has allocated. Does nothing by default -
33      * subclass and overwrite to customize.
34      */

35     public void destroy() {
36     }
37
38     /**
39      * Called after an Interceptor is created, but before any requests are processed using the
40      * {@link #intercept(ActionInvocation)} method.. This gives the Interceptor a chance to
41      * initialize any needed resources. Currently does nothing - subclass and overwrite to customize.
42      */

43     public void init() {
44     }
45
46     /**
47      * @param invocation an encapsulation of the action execution state.
48      * @throws Exception
49      */

50     public String JavaDoc intercept(ActionInvocation invocation) throws Exception JavaDoc {
51         if (LOG.isDebugEnabled()) {
52             LOG.debug("Intercepting invocation to check for valid transaction token.");
53         }
54
55         HttpServletRequest JavaDoc request = ServletActionContext.getRequest();
56
57         synchronized (request.getSession(true)) {
58             if (!TokenHelper.validToken(request)) {
59                 return handleInvalidToken(invocation);
60             }
61
62             return handleValidToken(invocation);
63         }
64     }
65
66     /**
67      * @param invocation
68      * @return
69      * @throws Exception
70      */

71     protected String JavaDoc handleInvalidToken(ActionInvocation invocation) throws Exception JavaDoc {
72         Object JavaDoc action = invocation.getAction();
73         String JavaDoc errorMessage = LocalizedTextUtil.findText(this.getClass(), "webwork.messages.invalid.token", ActionContext.getContext().getLocale(), "The form has already been processed or no token was supplied, please try again.", new Object JavaDoc[0]);
74
75         if (action instanceof ValidationAware) {
76             ((ValidationAware) action).addActionError(errorMessage);
77         } else {
78             LOG.warn(errorMessage);
79         }
80
81         return INVALID_TOKEN_CODE;
82     }
83
84     /**
85      * @param invocation
86      * @throws Exception
87      */

88     protected String JavaDoc handleValidToken(ActionInvocation invocation) throws Exception JavaDoc {
89         return invocation.invoke();
90     }
91 }
92
Popular Tags