1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 package org.apache.struts2.components;
22
23 import java.util.Map;
24
25 import javax.servlet.http.HttpServletRequest;
26 import javax.servlet.http.HttpServletResponse;
27
28 import org.apache.struts2.views.annotations.StrutsTag;
29 import org.apache.struts2.util.TokenHelper;
30
31 import com.opensymphony.xwork2.util.ValueStack;
32
33 /***
34 * <!-- START SNIPPET: javadoc -->
35 * Stop double-submission of forms.</p>
36 *
37 * The token tag is used to help with the "double click" submission problem. It is needed if you are using the
38 * TokenInterceptor or the TokenSessionInterceptor. The s:token tag merely places a hidden element that contains
39 * the unique token.</p>
40 * <!-- END SNIPPET: javadoc -->
41 *
42 * <p/> <b>Examples</b>
43 *
44 * <pre>
45 * <!-- START SNIPPET: example -->
46 * <s:token />
47 * <!-- END SNIPPET: example -->
48 * </pre>
49 *
50 * @see org.apache.struts2.interceptor.TokenInterceptor
51 * @see org.apache.struts2.interceptor.TokenSessionStoreInterceptor
52 *
53 */
54 @StrutsTag(name="token", tldTagClass="org.apache.struts2.views.jsp.ui.TokenTag", description="Stop double-submission of forms")
55 public class Token extends UIBean {
56
57 public static final String TEMPLATE = "token";
58
59 public Token(ValueStack stack, HttpServletRequest request, HttpServletResponse response) {
60 super(stack, request, response);
61 }
62
63 protected String getDefaultTemplate() {
64 return TEMPLATE;
65 }
66
67 /***
68 * First looks for the token in the PageContext using the supplied name (or {@link org.apache.struts2.util.TokenHelper#DEFAULT_TOKEN_NAME}
69 * if no name is provided) so that the same token can be re-used for the scope of a request for the same name. If
70 * the token is not in the PageContext, a new Token is created and set into the Session and the PageContext with
71 * the name.
72 */
73 protected void evaluateExtraParams() {
74 super.evaluateExtraParams();
75
76 String tokenName;
77 Map parameters = getParameters();
78
79 if (parameters.containsKey("name")) {
80 tokenName = (String) parameters.get("name");
81 } else {
82 if (name == null) {
83 tokenName = TokenHelper.DEFAULT_TOKEN_NAME;
84 } else {
85 tokenName = findString(name);
86
87 if (tokenName == null) {
88 tokenName = name;
89 }
90 }
91
92 addParameter("name", tokenName);
93 }
94
95 String token = buildToken(tokenName);
96 addParameter("token", token);
97 addParameter("tokenNameField", TokenHelper.TOKEN_NAME_FIELD);
98 }
99
100 /***
101 * This will be removed in a future version of Struts.
102 * @deprecated Templates should use $parameters from now on, not $tag.
103 */
104 public String getTokenNameField() {
105 return TokenHelper.TOKEN_NAME_FIELD;
106 }
107
108 private String buildToken(String name) {
109 Map context = stack.getContext();
110 Object myToken = context.get(name);
111
112 if (myToken == null) {
113 myToken = TokenHelper.setToken(name);
114 context.put(name, myToken);
115 }
116
117 return myToken.toString();
118 }
119 }