Class TokenProcessor

java.lang.Object
org.apache.struts.util.TokenProcessor

public class TokenProcessor extends Object
TokenProcessor is responsible for handling all token related functionality. The methods in this class are synchronized to protect token processing from multiple threads. Servlet containers are allowed to return a different HttpSession object for two threads accessing the same session so it is not possible to synchronize on the session.
Since:
Struts 1.1
  • Constructor Details

    • TokenProcessor

      protected TokenProcessor()
      Protected constructor for TokenProcessor. Use TokenProcessor.getInstance() to obtain a reference to the processor.
  • Method Details

    • getInstance

      public static TokenProcessor getInstance()
      Retrieves the singleton instance of this class.
    • isTokenValid

      public boolean isTokenValid(HttpServletRequest request)

      Return true if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it. Returns false under any of the following circumstances:

      • No session associated with this request
      • No transaction token saved in the session
      • No transaction token included as a request parameter
      • The included transaction token value does not match the transaction token in the user's session
      Parameters:
      request - The servlet request we are processing
    • isTokenValid

      public boolean isTokenValid(HttpServletRequest request, boolean reset)
      Return true if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it. Returns false
      • No session associated with this request
      • No transaction token saved in the session
      • No transaction token included as a request parameter
      • The included transaction token value does not match the transaction token in the user's session
      Parameters:
      request - The servlet request we are processing
      reset - Should we reset the token after checking it?
    • resetToken

      public void resetToken(HttpServletRequest request)
      Reset the saved transaction token in the user's session. This indicates that transactional token checking will not be needed on the next request that is submitted.
      Parameters:
      request - The servlet request we are processing
    • saveToken

      public void saveToken(HttpServletRequest request)
      Save a new transaction token in the user's current session, creating a new session if necessary.
      Parameters:
      request - The servlet request we are processing
    • generateToken

      public String generateToken(HttpServletRequest request)
      Generate a new transaction token, to be used for enforcing a single request for a particular transaction.
      Parameters:
      request - The request we are processing
    • generateToken

      public String generateToken(String id)
      Generate a new transaction token, to be used for enforcing a single request for a particular transaction.
      Parameters:
      id - a unique Identifier for the session or other context in which this token is to be used.