1 13 package com.tonbeller.wcf.token; 14 15 import java.io.IOException ; 16 import java.util.Random ; 17 18 import javax.servlet.Filter ; 19 import javax.servlet.FilterChain ; 20 import javax.servlet.FilterConfig ; 21 import javax.servlet.ServletException ; 22 import javax.servlet.ServletRequest ; 23 import javax.servlet.ServletResponse ; 24 import javax.servlet.http.HttpServletRequest ; 25 import javax.servlet.http.HttpServletResponse ; 26 27 import org.apache.log4j.Logger; 28 29 import com.tonbeller.wcf.controller.RequestContext; 30 import com.tonbeller.wcf.controller.RequestContextFactoryFinder; 31 import com.tonbeller.wcf.statusline.StatusLine; 32 33 public class TokenFilter implements Filter { 34 private String httpParameterName; 35 private boolean showMessage; 36 private static Random random = new Random (); 37 private static final Logger logger = Logger.getLogger(TokenFilter.class); 38 39 public void init(FilterConfig config) throws ServletException { 40 httpParameterName = config.getInitParameter("token"); 41 if (httpParameterName == null) 42 httpParameterName = "token"; 43 showMessage = "true".equals(config.getInitParameter("showMessage")); 44 } 45 46 private static ThreadLocal threadLocal = new ThreadLocal (); 47 48 public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) 49 throws IOException , ServletException { 50 51 if (threadLocal.get() != null) { 54 chain.doFilter(req, res); 55 return; 56 } 57 58 try { 59 threadLocal.set(Boolean.TRUE); 61 HttpServletRequest request = (HttpServletRequest ) req; 62 HttpServletResponse response = (HttpServletResponse ) res; 63 64 String token = request.getParameter(httpParameterName); 65 RequestToken s = RequestToken.instance(request.getSession(true)); 66 s.setHttpParameterName(httpParameterName); 67 if (token != null && s.getToken() != null) { 68 if (!token.equals(s.getToken())) { 69 if (logger.isInfoEnabled()) 70 logger.info("redirecting to " + s.getPage()); 71 response.sendRedirect(s.getPage()); 72 73 if (showMessage) { 74 RequestContext context = RequestContextFactoryFinder.createContext(request, response, 76 false); 77 String message = context.getResources(TokenFilter.class).getString( 78 "wcf.token.browser.navigation"); 79 StatusLine.instance(context.getSession()).setMessage(message); 80 } 81 return; 82 } 83 } 84 85 synchronized (random) { 86 s.setToken(Integer.toHexString(random.nextInt())); 87 s.setPage(request.getRequestURI()); 88 } 89 90 chain.doFilter(request, response); 91 } finally { 92 threadLocal.set(null); 93 } 94 } 95 96 public void destroy() { 97 } 98 99 } 100 | Popular Tags |