org.apache.struts.util
Class TokenProcessor
java.lang.Object
org.apache.struts.util.TokenProcessor
public class TokenProcessor
extends java.lang.Object
TokenProcessor is responsible for handling all token related functionality. The
methods in this class are synchronized to protect token processing from multiple
threads. Servlet containers are allowed to return a different HttpSession object
for two threads accessing the same session so it is not possible to synchronize
on the session.
private static TokenProcessor | instance - The singleton instance of this class.
|
private long | previous - The timestamp used most recently to generate a token value.
|
String | generateToken(HttpServletRequest request) - Generate a new transaction token, to be used for enforcing a single
request for a particular transaction.
|
static TokenProcessor | getInstance() - Retrieves the singleton instance of this class.
|
boolean | isTokenValid(HttpServletRequest request) - Return
true if there is a transaction token stored in
the user's current session, and the value submitted as a request
parameter with this action matches it.
|
boolean | isTokenValid(HttpServletRequest request, boolean reset) - Return
true if there is a transaction token stored in
the user's current session, and the value submitted as a request
parameter with this action matches it.
|
void | resetToken(HttpServletRequest request) - Reset the saved transaction token in the user's session.
|
void | saveToken(HttpServletRequest request) - Save a new transaction token in the user's current session, creating
a new session if necessary.
|
private String | toHex(buffer[] ) - Convert a byte array to a String of hexadecimal digits and return it.
|
instance
private static TokenProcessor instance
The singleton instance of this class.
previous
private long previous
The timestamp used most recently to generate a token value.
TokenProcessor
protected TokenProcessor()
Protected constructor for TokenProcessor. Use TokenProcessor.getInstance()
to obtain a reference to the processor.
generateToken
public String generateToken(HttpServletRequest request)
Generate a new transaction token, to be used for enforcing a single
request for a particular transaction.
request
- The request we are processing
getInstance
public static TokenProcessor getInstance()
Retrieves the singleton instance of this class.
isTokenValid
public boolean isTokenValid(HttpServletRequest request)
Return
true
if there is a transaction token stored in
the user's current session, and the value submitted as a request
parameter with this action matches it. Returns
false
under any of the following circumstances:
- No session associated with this request
- No transaction token saved in the session
- No transaction token included as a request parameter
- The included transaction token value does not match the
transaction token in the user's session
request
- The servlet request we are processing
isTokenValid
public boolean isTokenValid(HttpServletRequest request,
boolean reset)
Return
true
if there is a transaction token stored in
the user's current session, and the value submitted as a request
parameter with this action matches it. Returns
false
- No session associated with this request
- No transaction token saved in the session
- No transaction token included as a request parameter
- The included transaction token value does not match the
transaction token in the user's session
request
- The servlet request we are processingreset
- Should we reset the token after checking it?
resetToken
public void resetToken(HttpServletRequest request)
Reset the saved transaction token in the user's session. This
indicates that transactional token checking will not be needed
on the next request that is submitted.
request
- The servlet request we are processing
saveToken
public void saveToken(HttpServletRequest request)
Save a new transaction token in the user's current session, creating
a new session if necessary.
request
- The servlet request we are processing
toHex
private String toHex(buffer[] )
Convert a byte array to a String of hexadecimal digits and return it.
Copyright B) 2000-2007 - The Apache Software Foundation