public class TokenInterceptor extends MethodFilterInterceptor
TokenSessionStoreInterceptor
, can provide much better logic for when invalid
tokens are found.
Note: To set a token in your form, you should use the token tag. This tag is required and must be used
in the forms that submit to actions protected by this interceptor. Any request that does not provide a token (using
the token tag) will be processed as a request with an invalid token.
Internationalization Note: The following key could be used to internationalized the action errors generated
by this token interceptor
MethodFilterInterceptor
for more info.
Interceptor parameters:
TokenSessionStoreInterceptor
.
The handleInvalidToken(com.opensymphony.xwork2.ActionInvocation)
and handleValidToken(com.opensymphony.xwork2.ActionInvocation)
methods are protected and available for more
interesting logic, such as done with the token session interceptor.
Example code:
<action name="someAction" class="com.examples.SomeAction"> <interceptor-ref name="token"/> <interceptor-ref name="basicStack"/> <result name="success">good_result.ftl</result> </action> <-- In this case, myMethod of the action class will not get checked for invalidity of token --> <action name="someAction" class="com.examples.SomeAction"> <interceptor-ref name="token"> <param name="excludeMethods">myMethod</param> </interceptor-ref name="token"/> <interceptor-ref name="basicStack"/> <result name="success">good_result.ftl</result> </action>
Modifier and Type | Field and Description |
---|---|
static String |
INVALID_TOKEN_CODE |
excludeMethods, includeMethods, log
Constructor and Description |
---|
TokenInterceptor() |
Modifier and Type | Method and Description |
---|---|
protected String |
doIntercept(ActionInvocation invocation) |
protected String |
getErrorMessage(ActionInvocation invocation) |
protected String |
handleInvalidToken(ActionInvocation invocation)
Determines what to do if an invalid token is provided.
|
protected String |
handleToken(ActionInvocation invocation) |
protected String |
handleValidToken(ActionInvocation invocation)
Called when a valid token is found.
|
void |
setTextProvider(TextProvider textProvider) |
applyInterceptor, getExcludeMethodsSet, getIncludeMethodsSet, intercept, setExcludeMethods, setIncludeMethods
destroy, init
public static final String INVALID_TOKEN_CODE
public void setTextProvider(TextProvider textProvider)
protected String doIntercept(ActionInvocation invocation) throws Exception
doIntercept
in class MethodFilterInterceptor
Exception
MethodFilterInterceptor.doIntercept(com.opensymphony.xwork2.ActionInvocation)
protected String handleToken(ActionInvocation invocation) throws Exception
Exception
protected String handleInvalidToken(ActionInvocation invocation) throws Exception
ValidationAware
invocation
- the action invocation where the invalid token failedException
- when any unexpected error occurs.protected String getErrorMessage(ActionInvocation invocation)
protected String handleValidToken(ActionInvocation invocation) throws Exception
invocation
- the action invocationException
- when any unexpected error occurs.Copyright © 2000-2013 Apache Software Foundation. All Rights Reserved.