org.apache.struts.util
Class TokenProcessor

java.lang.Object
  org.apache.struts.util.TokenProcessor

public class TokenProcessor
extends Object

TokenProcessor is responsible for handling all token related functionality. The methods in this class are synchronized to protect token processing from multiple threads. Servlet containers are allowed to return a different HttpSession object for two threads accessing the same session so it is not possible to synchronize on the session.

Since:

Struts 1.1

Constructor Summary

protected

TokenProcessor() Protected constructor for TokenProcessor.

Method Summary

String	generateToken(HttpServletRequest request) Generate a new transaction token, to be used for enforcing a single request for a particular transaction.
String	generateToken(String id) Generate a new transaction token, to be used for enforcing a single request for a particular transaction.
static TokenProcessor	getInstance() Retrieves the singleton instance of this class.
boolean	isTokenValid(HttpServletRequest request) Return true if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it.
boolean	isTokenValid(HttpServletRequest request, boolean reset) Return true if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it.
void	resetToken(HttpServletRequest request) Reset the saved transaction token in the user's session.
void	saveToken(HttpServletRequest request) Save a new transaction token in the user's current session, creating a new session if necessary.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TokenProcessor

protected TokenProcessor()

Protected constructor for TokenProcessor. Use TokenProcessor.getInstance() to obtain a reference to the processor.

Method Detail

getInstance

public static TokenProcessor getInstance()

Retrieves the singleton instance of this class.

isTokenValid

public boolean isTokenValid(HttpServletRequest request)

Return true if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it. Returns false under any of the following circumstances:

• No session associated with this request
• No transaction token saved in the session
• No transaction token included as a request parameter
• The included transaction token value does not match the transaction token in the user's session

Parameters:

request - The servlet request we are processing

isTokenValid

public boolean isTokenValid(HttpServletRequest request,
                            boolean reset)

Return true if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it. Returns false

• No session associated with this request
• No transaction token saved in the session
• No transaction token included as a request parameter
• The included transaction token value does not match the transaction token in the user's session

Parameters:

request - The servlet request we are processing

reset - Should we reset the token after checking it?

resetToken

public void resetToken(HttpServletRequest request)

Reset the saved transaction token in the user's session. This indicates that transactional token checking will not be needed on the next request that is submitted.

Parameters:

request - The servlet request we are processing

saveToken

public void saveToken(HttpServletRequest request)

Save a new transaction token in the user's current session, creating a new session if necessary.

Parameters:

request - The servlet request we are processing

generateToken

public String generateToken(HttpServletRequest request)

Generate a new transaction token, to be used for enforcing a single request for a particular transaction.

Parameters:

request - The request we are processing

generateToken

public String generateToken(String id)

Generate a new transaction token, to be used for enforcing a single request for a particular transaction.

Parameters:

id - a unique Identifier for the session or other context in which this token is to be used.