org.apache.struts.util
Class TokenProcessor

java.lang.Object
  extended by org.apache.struts.util.TokenProcessor

public class TokenProcessor
extends java.lang.Object

TokenProcessor is responsible for handling all token related functionality. The methods in this class are synchronized to protect token processing from multiple threads. Servlet containers are allowed to return a different HttpSession object for two threads accessing the same session so it is not possible to synchronize on the session.

Since:
Struts 1.1

Constructor Summary
protected TokenProcessor()
          Protected constructor for TokenProcessor.
 
Method Summary
 java.lang.String generateToken(javax.servlet.http.HttpServletRequest request)
          Generate a new transaction token, to be used for enforcing a single request for a particular transaction.
 java.lang.String generateToken(java.lang.String id)
          Generate a new transaction token, to be used for enforcing a single request for a particular transaction.
static TokenProcessor getInstance()
          Retrieves the singleton instance of this class.
 boolean isTokenValid(javax.servlet.http.HttpServletRequest request)
          Return true if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it.
 boolean isTokenValid(javax.servlet.http.HttpServletRequest request, boolean reset)
          Return true if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it.
 void resetToken(javax.servlet.http.HttpServletRequest request)
          Reset the saved transaction token in the user's session.
 void saveToken(javax.servlet.http.HttpServletRequest request)
          Save a new transaction token in the user's current session, creating a new session if necessary.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

TokenProcessor

protected TokenProcessor()
Protected constructor for TokenProcessor. Use TokenProcessor.getInstance() to obtain a reference to the processor.

Method Detail

getInstance

public static TokenProcessor getInstance()
Retrieves the singleton instance of this class.


isTokenValid

public boolean isTokenValid(javax.servlet.http.HttpServletRequest request)

Return true if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it. Returns false under any of the following circumstances:

Parameters:
request - The servlet request we are processing

isTokenValid

public boolean isTokenValid(javax.servlet.http.HttpServletRequest request,
                            boolean reset)
Return true if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it. Returns false

Parameters:
request - The servlet request we are processing
reset - Should we reset the token after checking it?

resetToken

public void resetToken(javax.servlet.http.HttpServletRequest request)
Reset the saved transaction token in the user's session. This indicates that transactional token checking will not be needed on the next request that is submitted.

Parameters:
request - The servlet request we are processing

saveToken

public void saveToken(javax.servlet.http.HttpServletRequest request)
Save a new transaction token in the user's current session, creating a new session if necessary.

Parameters:
request - The servlet request we are processing

generateToken

public java.lang.String generateToken(javax.servlet.http.HttpServletRequest request)
Generate a new transaction token, to be used for enforcing a single request for a particular transaction.

Parameters:
request - The request we are processing

generateToken

public java.lang.String generateToken(java.lang.String id)
Generate a new transaction token, to be used for enforcing a single request for a particular transaction.

Parameters:
id - a unique Identifier for the session or other context in which this token is to be used.


Copyright © 2000-2007 Apache Software Foundation. All Rights Reserved.