TokenInterceptorpublic class TokenInterceptor extends com.opensymphony.xwork2.interceptor.MethodFilterInterceptor
Ensures that only one request per token is processed. This interceptor can make sure that back buttons and double
clicks don't cause un-intended side affects. For example, you can use this to prevent careless users who might double
click on a "checkout" button at an online store. This interceptor uses a fairly primitive technique for when an
invalid token is found: it returns the result invalid.token, which can be mapped in your action configuration.
A more complex implementation, {@link TokenSessionStoreInterceptor}, can provide much better logic for when invalid
tokens are found.
Note: To set a token in your form, you should use the token tag. This tag is required and must be used
in the forms that submit to actions protected by this interceptor. Any request that does not provide a token (using
the token tag) will be processed as a request with an invalid token.
Internationalization Note: The following key could be used to internationalized the action errors generated
by this token interceptor
- struts.messages.invalid.token
NOTE: As this method extends off MethodFilterInterceptor, it is capable of
deciding if it is applicable only to selective methods in the action class. See
MethodFilterInterceptor for more info.
Interceptor parameters:
Extending the interceptor:
While not very common for users to extend, this interceptor is extended by the {@link TokenSessionStoreInterceptor}.
The {@link #handleInvalidToken} and {@link #handleValidToken} methods are protected and available for more
interesting logic, such as done with the token session interceptor.
Example code:
<action name="someAction" class="com.examples.SomeAction">
<interceptor-ref name="token"/>
<interceptor-ref name="basicStack"/>
<result name="success">good_result.ftl</result>
</action>
<-- In this case, myMethod of the action class will not
get checked for invalidity of token -->
<action name="someAction" class="com.examples.SomeAction">
<interceptor-ref name="token">
<param name="excludeMethods">myMethod</param>
</interceptor-ref name="token"/>
<interceptor-ref name="basicStack"/>
<result name="success">good_result.ftl</result>
</action>
|
| Fields Summary |
|---|
| private static final long | serialVersionUID | | public static final String | INVALID_TOKEN_CODE |
| Methods Summary |
|---|
| protected java.lang.String | doIntercept(com.opensymphony.xwork2.ActionInvocation invocation)
if (log.isDebugEnabled()) {
log.debug("Intercepting invocation to check for valid transaction token.");
}
Map session = ActionContext.getContext().getSession();
synchronized (session) {
if (!TokenHelper.validToken()) {
return handleInvalidToken(invocation);
}
return handleValidToken(invocation);
}
| | protected java.lang.String | handleInvalidToken(com.opensymphony.xwork2.ActionInvocation invocation)Determines what to do if an invalida token is provided. If the action implements {@link ValidationAware}
Object action = invocation.getAction();
String errorMessage = LocalizedTextUtil.findText(this.getClass(), "struts.messages.invalid.token",
invocation.getInvocationContext().getLocale(),
"The form has already been processed or no token was supplied, please try again.", new Object[0]);
if (action instanceof ValidationAware) {
((ValidationAware) action).addActionError(errorMessage);
} else {
log.warn(errorMessage);
}
return INVALID_TOKEN_CODE;
| | protected java.lang.String | handleValidToken(com.opensymphony.xwork2.ActionInvocation invocation)Called when a valid token is found. This method invokes the action by can be changed to do something more
interesting.
return invocation.invoke();
|
|
