TokenSessionStoreInterceptorpublic class TokenSessionStoreInterceptor extends TokenInterceptor
This interceptor builds off of the {@link TokenInterceptor}, providing advanced logic for handling invalid tokens.
Unlike the normal token interceptor, this interceptor will attempt to provide intelligent fail-over in the event of
multiple requests using the same session. That is, it will block subsequent requests until the first request is
complete, and then instead of returning the invalid.token code, it will attempt to display the same response
that the original, valid action invocation would have displayed if no multiple requests were submitted in the first
place.
NOTE: As this method extends off MethodFilterInterceptor, it is capable of
deciding if it is applicable only to selective methods in the action class. See
MethodFilterInterceptor for more info.
Interceptor parameters:
Extending the interceptor:
There are no known extension points for this interceptor.
Example code:
<action name="someAction" class="com.examples.SomeAction">
<interceptor-ref name="token-session/>
<interceptor-ref name="basicStack"/>
<result name="success">good_result.ftl</result>
</action>
<-- In this case, myMethod of the action class will not
get checked for invalidity of token -->
<action name="someAction" class="com.examples.SomeAction">
<interceptor-ref name="token-session>
<param name="excludeMethods">myMethod</param>
</interceptor-ref name="token-session>
<interceptor-ref name="basicStack"/>
<result name="success">good_result.ftl</result>
</action>
|
Fields Summary |
---|
private static final long | serialVersionUID |
Methods Summary |
---|
protected java.lang.String | handleInvalidToken(com.opensymphony.xwork2.ActionInvocation invocation)
/* (non-Javadoc)
* @see org.apache.struts2.interceptor.TokenInterceptor#handleInvalidToken(com.opensymphony.xwork2.ActionInvocation)
*/
ActionContext ac = invocation.getInvocationContext();
HttpServletRequest request = (HttpServletRequest) ac.get(ServletActionContext.HTTP_REQUEST);
HttpServletResponse response = (HttpServletResponse) ac.get(ServletActionContext.HTTP_RESPONSE);
String tokenName = TokenHelper.getTokenName();
String token = TokenHelper.getToken(tokenName);
Map params = ac.getParameters();
params.remove(tokenName);
params.remove(TokenHelper.TOKEN_NAME_FIELD);
if ((tokenName != null) && (token != null)) {
ActionInvocation savedInvocation = InvocationSessionStore.loadInvocation(tokenName, token);
if (savedInvocation != null) {
// set the valuestack to the request scope
ValueStack stack = savedInvocation.getStack();
Map context = stack.getContext();
request.setAttribute(ServletActionContext.STRUTS_VALUESTACK_KEY, stack);
ActionContext savedContext = savedInvocation.getInvocationContext();
savedContext.getContextMap().put(ServletActionContext.HTTP_REQUEST, request);
savedContext.getContextMap().put(ServletActionContext.HTTP_RESPONSE, response);
Result result = savedInvocation.getResult();
if ((result != null) && (savedInvocation.getProxy().getExecuteResult())) {
synchronized (context) {
result.execute(savedInvocation);
}
}
// turn off execution of this invocations result
invocation.getProxy().setExecuteResult(false);
return savedInvocation.getResultCode();
}
}
return INVALID_TOKEN_CODE;
| protected java.lang.String | handleValidToken(com.opensymphony.xwork2.ActionInvocation invocation)
// we know the token name and token must be there
String key = TokenHelper.getTokenName();
String token = TokenHelper.getToken(key);
InvocationSessionStore.storeInvocation(key, token, invocation);
return invocation.invoke();
|
|