1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 package org.apache.struts2.interceptor;
22
23 import java.util.Map;
24
25 import javax.servlet.http.HttpServletRequest;
26 import javax.servlet.http.HttpServletResponse;
27
28 import org.apache.struts2.ServletActionContext;
29 import org.apache.struts2.util.InvocationSessionStore;
30 import org.apache.struts2.util.TokenHelper;
31
32 import com.opensymphony.xwork2.ActionContext;
33 import com.opensymphony.xwork2.ActionInvocation;
34 import com.opensymphony.xwork2.Result;
35 import com.opensymphony.xwork2.util.ValueStack;
36
37
38 /***
39 * <!-- START SNIPPET: description -->
40 *
41 * This interceptor builds off of the {@link TokenInterceptor}, providing advanced logic for handling invalid tokens.
42 * Unlike the normal token interceptor, this interceptor will attempt to provide intelligent fail-over in the event of
43 * multiple requests using the same session. That is, it will block subsequent requests until the first request is
44 * complete, and then instead of returning the <i>invalid.token</i> code, it will attempt to display the same response
45 * that the original, valid action invocation would have displayed if no multiple requests were submitted in the first
46 * place.
47 *
48 * <p/>
49 *
50 * <b>NOTE:</b> As this method extends off MethodFilterInterceptor, it is capable of
51 * deciding if it is applicable only to selective methods in the action class. See
52 * <code>MethodFilterInterceptor</code> for more info.
53 *
54 * <!-- END SNIPPET: description -->
55 *
56 * <p/> <u>Interceptor parameters:</u>
57 *
58 * <!-- START SNIPPET: parameters -->
59 *
60 * <ul>
61 *
62 * <li>None</li>
63 *
64 * </ul>
65 *
66 * <!-- END SNIPPET: parameters -->
67 *
68 * <p/> <u>Extending the interceptor:</u>
69 *
70 * <p/>
71 *
72 * <!-- START SNIPPET: extending -->
73 *
74 * There are no known extension points for this interceptor.
75 *
76 * <!-- END SNIPPET: extending -->
77 *
78 * <p/> <u>Example code:</u>
79 *
80 * <pre>
81 * <!-- START SNIPPET: example -->
82 *
83 * <action name="someAction" class="com.examples.SomeAction">
84 * <interceptor-ref name="token-session/>
85 * <interceptor-ref name="basicStack"/>
86 * <result name="success">good_result.ftl</result>
87 * </action>
88 *
89 * <-- In this case, myMethod of the action class will not
90 * get checked for invalidity of token -->
91 * <action name="someAction" class="com.examples.SomeAction">
92 * <interceptor-ref name="token-session>
93 * <param name="excludeMethods">myMethod</param>
94 * </interceptor-ref name="token-session>
95 * <interceptor-ref name="basicStack"/>
96 * <result name="success">good_result.ftl</result>
97 * </action>
98 *
99 * <!-- END SNIPPET: example -->
100 * </pre>
101 *
102 */
103 public class TokenSessionStoreInterceptor extends TokenInterceptor {
104
105 private static final long serialVersionUID = -9032347965469098195L;
106
107
108
109
110 protected String handleInvalidToken(ActionInvocation invocation) throws Exception {
111 ActionContext ac = invocation.getInvocationContext();
112
113 HttpServletRequest request = (HttpServletRequest) ac.get(ServletActionContext.HTTP_REQUEST);
114 HttpServletResponse response = (HttpServletResponse) ac.get(ServletActionContext.HTTP_RESPONSE);
115 String tokenName = TokenHelper.getTokenName();
116 String token = TokenHelper.getToken(tokenName);
117
118 Map params = ac.getParameters();
119 params.remove(tokenName);
120 params.remove(TokenHelper.TOKEN_NAME_FIELD);
121
122 if ((tokenName != null) && (token != null)) {
123 ActionInvocation savedInvocation = InvocationSessionStore.loadInvocation(tokenName, token);
124
125 if (savedInvocation != null) {
126
127 ValueStack stack = savedInvocation.getStack();
128 Map context = stack.getContext();
129 request.setAttribute(ServletActionContext.STRUTS_VALUESTACK_KEY, stack);
130
131 ActionContext savedContext = savedInvocation.getInvocationContext();
132 savedContext.getContextMap().put(ServletActionContext.HTTP_REQUEST, request);
133 savedContext.getContextMap().put(ServletActionContext.HTTP_RESPONSE, response);
134 Result result = savedInvocation.getResult();
135
136 if ((result != null) && (savedInvocation.getProxy().getExecuteResult())) {
137 synchronized (context) {
138 result.execute(savedInvocation);
139 }
140 }
141
142
143 invocation.getProxy().setExecuteResult(false);
144
145 return savedInvocation.getResultCode();
146 }
147 }
148
149 return INVALID_TOKEN_CODE;
150 }
151
152
153
154
155 protected String handleValidToken(ActionInvocation invocation) throws Exception {
156
157 String key = TokenHelper.getTokenName();
158 String token = TokenHelper.getToken(key);
159 InvocationSessionStore.storeInvocation(key, token, invocation);
160
161 return invocation.invoke();
162 }
163 }