1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.struts2.interceptor;
19
20 import java.util.Map;
21
22 import javax.servlet.http.HttpServletRequest;
23
24 import org.apache.struts2.ServletActionContext;
25 import org.apache.struts2.util.InvocationSessionStore;
26 import org.apache.struts2.util.TokenHelper;
27
28 import com.opensymphony.xwork2.ActionContext;
29 import com.opensymphony.xwork2.ActionInvocation;
30 import com.opensymphony.xwork2.Result;
31 import com.opensymphony.xwork2.util.ValueStack;
32
33
34 /***
35 * <!-- START SNIPPET: description -->
36 *
37 * This interceptor builds off of the {@link TokenInterceptor}, providing advanced logic for handling invalid tokens.
38 * Unlike the normal token interceptor, this interceptor will attempt to provide intelligent fail-over in the event of
39 * multiple requests using the same session. That is, it will block subsequent requests until the first request is
40 * complete, and then instead of returning the <i>invalid.token</i> code, it will attempt to display the same response
41 * that the original, valid action invocation would have displayed if no multiple requests were submitted in the first
42 * place.
43 *
44 * <p/>
45 *
46 * <b>NOTE:</b> As this method extends off MethodFilterInterceptor, it is capable of
47 * deciding if it is applicable only to selective methods in the action class. See
48 * <code>MethodFilterInterceptor</code> for more info.
49 *
50 * <!-- END SNIPPET: description -->
51 *
52 * <p/> <u>Interceptor parameters:</u>
53 *
54 * <!-- START SNIPPET: parameters -->
55 *
56 * <ul>
57 *
58 * <li>None</li>
59 *
60 * </ul>
61 *
62 * <!-- END SNIPPET: parameters -->
63 *
64 * <p/> <u>Extending the interceptor:</u>
65 *
66 * <p/>
67 *
68 * <!-- START SNIPPET: extending -->
69 *
70 * There are no known extension points for this interceptor.
71 *
72 * <!-- END SNIPPET: extending -->
73 *
74 * <p/> <u>Example code:</u>
75 *
76 * <pre>
77 * <!-- START SNIPPET: example -->
78 *
79 * <action name="someAction" class="com.examples.SomeAction">
80 * <interceptor-ref name="token-session/>
81 * <interceptor-ref name="basicStack"/>
82 * <result name="success">good_result.ftl</result>
83 * </action>
84 *
85 * <-- In this case, myMethod of the action class will not
86 * get checked for invalidity of token -->
87 * <action name="someAction" class="com.examples.SomeAction">
88 * <interceptor-ref name="token-session>
89 * <param name="excludeMethods">myMethod</param>
90 * </interceptor-ref name="token-session>
91 * <interceptor-ref name="basicStack"/>
92 * <result name="success">good_result.ftl</result>
93 * </action>
94 *
95 * <!-- END SNIPPET: example -->
96 * </pre>
97 *
98 */
99 public class TokenSessionStoreInterceptor extends TokenInterceptor {
100
101 private static final long serialVersionUID = -9032347965469098195L;
102
103
104
105
106 protected String handleInvalidToken(ActionInvocation invocation) throws Exception {
107 ActionContext ac = invocation.getInvocationContext();
108
109 HttpServletRequest request = (HttpServletRequest) ac.get(ServletActionContext.HTTP_REQUEST);
110 String tokenName = TokenHelper.getTokenName();
111 String token = TokenHelper.getToken(tokenName);
112
113 Map params = ac.getParameters();
114 params.remove(tokenName);
115 params.remove(TokenHelper.TOKEN_NAME_FIELD);
116
117 if ((tokenName != null) && (token != null)) {
118 ActionInvocation savedInvocation = InvocationSessionStore.loadInvocation(tokenName, token);
119
120 if (savedInvocation != null) {
121
122 ValueStack stack = savedInvocation.getStack();
123 request.setAttribute(ServletActionContext.STRUTS_VALUESTACK_KEY, stack);
124
125 Result result = savedInvocation.getResult();
126
127 if ((result != null) && (savedInvocation.getProxy().getExecuteResult())) {
128 result.execute(savedInvocation);
129 }
130
131
132 invocation.getProxy().setExecuteResult(false);
133
134 return savedInvocation.getResultCode();
135 }
136 }
137
138 return INVALID_TOKEN_CODE;
139 }
140
141
142
143
144 protected String handleValidToken(ActionInvocation invocation) throws Exception {
145
146 String key = TokenHelper.getTokenName();
147 String token = TokenHelper.getToken(key);
148 InvocationSessionStore.storeInvocation(key, token, invocation);
149
150 return invocation.invoke();
151 }
152 }