Package org.apache.struts.util
Class TokenProcessor
java.lang.Object
org.apache.struts.util.TokenProcessor
TokenProcessor is responsible for handling all token related functionality.
The methods in this class are synchronized to protect token processing from
multiple threads. Servlet containers are allowed to return a different
HttpSession object for two threads accessing the same session so it is not
possible to synchronize on the session.
- Since:
- Struts 1.1
-
Constructor Summary
ModifierConstructorDescriptionprotected
Protected constructor for TokenProcessor. -
Method Summary
Modifier and TypeMethodDescriptiongenerateToken
(HttpServletRequest request) Generate a new transaction token, to be used for enforcing a single request for a particular transaction.generateToken
(String id) Generate a new transaction token, to be used for enforcing a single request for a particular transaction.static TokenProcessor
Retrieves the singleton instance of this class.boolean
isTokenValid
(HttpServletRequest request) Returntrue
if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it.boolean
isTokenValid
(HttpServletRequest request, boolean reset) Returntrue
if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it.void
resetToken
(HttpServletRequest request) Reset the saved transaction token in the user's session.void
saveToken
(HttpServletRequest request) Save a new transaction token in the user's current session, creating a new session if necessary.
-
Constructor Details
-
TokenProcessor
protected TokenProcessor()Protected constructor for TokenProcessor. Use TokenProcessor.getInstance() to obtain a reference to the processor.
-
-
Method Details
-
getInstance
Retrieves the singleton instance of this class. -
isTokenValid
Return
true
if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it. Returnsfalse
under any of the following circumstances:- No session associated with this request
- No transaction token saved in the session
- No transaction token included as a request parameter
- The included transaction token value does not match the transaction token in the user's session
- Parameters:
request
- The servlet request we are processing
-
isTokenValid
Returntrue
if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it. Returnsfalse
- No session associated with this request
- No transaction token saved in the session
- No transaction token included as a request parameter
- The included transaction token value does not match the transaction token in the user's session
- Parameters:
request
- The servlet request we are processingreset
- Should we reset the token after checking it?
-
resetToken
Reset the saved transaction token in the user's session. This indicates that transactional token checking will not be needed on the next request that is submitted.- Parameters:
request
- The servlet request we are processing
-
saveToken
Save a new transaction token in the user's current session, creating a new session if necessary.- Parameters:
request
- The servlet request we are processing
-
generateToken
Generate a new transaction token, to be used for enforcing a single request for a particular transaction.- Parameters:
request
- The request we are processing
-
generateToken
Generate a new transaction token, to be used for enforcing a single request for a particular transaction.- Parameters:
id
- a unique Identifier for the session or other context in which this token is to be used.
-