1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 package org.apache.struts2.components;
23
24 import java.util.Map;
25
26 import javax.servlet.http.HttpServletRequest;
27 import javax.servlet.http.HttpServletResponse;
28
29 import org.apache.struts2.views.annotations.StrutsTag;
30 import org.apache.struts2.util.TokenHelper;
31
32 import com.opensymphony.xwork2.util.ValueStack;
33
34 /***
35 * <!-- START SNIPPET: javadoc -->
36 * Stop double-submission of forms.</p>
37 *
38 * The token tag is used to help with the "double click" submission problem. It is needed if you are using the
39 * TokenInterceptor or the TokenSessionInterceptor. The s:token tag merely places a hidden element that contains
40 * the unique token.</p>
41 * <!-- END SNIPPET: javadoc -->
42 *
43 * <p/> <b>Examples</b>
44 *
45 * <pre>
46 * <!-- START SNIPPET: example -->
47 * <s:token />
48 * <!-- END SNIPPET: example -->
49 * </pre>
50 *
51 * @see org.apache.struts2.interceptor.TokenInterceptor
52 * @see org.apache.struts2.interceptor.TokenSessionStoreInterceptor
53 *
54 */
55 @StrutsTag(name="token", tldTagClass="org.apache.struts2.views.jsp.ui.TokenTag", description="Stop double-submission of forms")
56 public class Token extends UIBean {
57
58 public static final String TEMPLATE = "token";
59
60 public Token(ValueStack stack, HttpServletRequest request, HttpServletResponse response) {
61 super(stack, request, response);
62 }
63
64 protected String getDefaultTemplate() {
65 return TEMPLATE;
66 }
67
68 /***
69 * First looks for the token in the PageContext using the supplied name (or {@link org.apache.struts2.util.TokenHelper#DEFAULT_TOKEN_NAME}
70 * if no name is provided) so that the same token can be re-used for the scope of a request for the same name. If
71 * the token is not in the PageContext, a new Token is created and set into the Session and the PageContext with
72 * the name.
73 */
74 protected void evaluateExtraParams() {
75 super.evaluateExtraParams();
76
77 String tokenName;
78 Map parameters = getParameters();
79
80 if (parameters.containsKey("name")) {
81 tokenName = (String) parameters.get("name");
82 } else {
83 if (name == null) {
84 tokenName = TokenHelper.DEFAULT_TOKEN_NAME;
85 } else {
86 tokenName = findString(name);
87
88 if (tokenName == null) {
89 tokenName = name;
90 }
91 }
92
93 addParameter("name", tokenName);
94 }
95
96 String token = buildToken(tokenName);
97 addParameter("token", token);
98 addParameter("tokenNameField", TokenHelper.TOKEN_NAME_FIELD);
99 }
100
101 /***
102 * This will be removed in a future version of Struts.
103 * @deprecated Templates should use $parameters from now on, not $tag.
104 */
105 public String getTokenNameField() {
106 return TokenHelper.TOKEN_NAME_FIELD;
107 }
108
109 private String buildToken(String name) {
110 Map context = stack.getContext();
111 Object myToken = context.get(name);
112
113 if (myToken == null) {
114 myToken = TokenHelper.setToken(name);
115 context.put(name, myToken);
116 }
117
118 return myToken.toString();
119 }
120 }