001: /*
002: * Copyright (c) 2002-2006 by OpenSymphony
003: * All rights reserved.
004: */
005: package com.opensymphony.webwork.util;
006:
007: import com.opensymphony.util.GUID;
008: import com.opensymphony.xwork.ActionContext;
009: import com.opensymphony.xwork.util.LocalizedTextUtil;
010: import org.apache.commons.logging.Log;
011: import org.apache.commons.logging.LogFactory;
012:
013: import java.util.Map;
014:
015: /**
016: * TokenHelper
017: *
018: * @author Jason Carreira
019: * @author Rainer Hermanns
020: * @author Nils-Helge Garli
021: * @author Claus Ibson
022: */
023: public class TokenHelper {
024:
025: /**
026: * The default name to map the token value
027: */
028: public static final String DEFAULT_TOKEN_NAME = "webwork.token";
029:
030: /**
031: * The name of the field which will hold the token name
032: */
033: public static final String TOKEN_NAME_FIELD = "webwork.token.name";
034: private static final Log LOG = LogFactory.getLog(TokenHelper.class);
035:
036: /**
037: * Sets a transaction token into the session using the default token name.
038: *
039: * @return the token string
040: */
041: public static String setToken() {
042: return setToken(DEFAULT_TOKEN_NAME);
043: }
044:
045: /**
046: * Sets a transaction token into the session using the provided token name.
047: *
048: * @param tokenName the name to store into the session with the token as the value
049: * @return the token string
050: */
051: public static String setToken(String tokenName) {
052: Map session = ActionContext.getContext().getSession();
053: String token = GUID.generateGUID();
054: try {
055: session.put(tokenName, token);
056: } catch (IllegalStateException e) {
057: // WW-1182 explain to user what the problem is
058: String msg = "Error creating HttpSession due response is commited to client. You can use the CreateSessionInterceptor or create the HttpSession from your action before the result is rendered to the client: "
059: + e.getMessage();
060: LOG.error(msg, e);
061: throw new IllegalArgumentException(msg);
062: }
063:
064: return token;
065: }
066:
067: /**
068: * Gets a transaction token into the session using the default token name.
069: *
070: * @return token
071: */
072: public static String getToken() {
073: return getToken(DEFAULT_TOKEN_NAME);
074: }
075:
076: /**
077: * Gets the Token value from the params in the ServletActionContext using the given name
078: *
079: * @param tokenName the name of the parameter which holds the token value
080: * @return the token String or null, if the token could not be found
081: */
082: public static String getToken(String tokenName) {
083: Map params = ActionContext.getContext().getParameters();
084: String[] tokens = (String[]) params.get(tokenName);
085: String token;
086:
087: if ((tokens == null) || (tokens.length < 1)) {
088: LOG.warn("Could not find token mapped to token name "
089: + tokenName);
090:
091: return null;
092: }
093:
094: token = tokens[0];
095:
096: return token;
097: }
098:
099: /**
100: * Gets the token name from the Parameters in the ServletActionContext
101: *
102: * @return the token name found in the params, or null if it could not be found
103: */
104: public static String getTokenName() {
105: Map params = ActionContext.getContext().getParameters();
106:
107: if (!params.containsKey(TOKEN_NAME_FIELD)) {
108: LOG.warn("Could not find token name in params.");
109:
110: return null;
111: }
112:
113: String[] tokenNames = (String[]) params.get(TOKEN_NAME_FIELD);
114: String tokenName;
115:
116: if ((tokenNames == null) || (tokenNames.length < 1)) {
117: LOG.warn("Got a null or empty token name.");
118:
119: return null;
120: }
121:
122: tokenName = tokenNames[0];
123:
124: return tokenName;
125: }
126:
127: /**
128: * Checks for a valid transaction token in the current request params. If a valid token is found, it is
129: * removed so the it is not valid again.
130: *
131: * @return false if there was no token set into the params (check by looking for {@link #TOKEN_NAME_FIELD}), true if a valid token is found
132: */
133: public static boolean validToken() {
134: String tokenName = getTokenName();
135:
136: if (tokenName == null) {
137: if (LOG.isDebugEnabled())
138: LOG.debug("no token name found -> Invalid token ");
139: return false;
140: }
141:
142: String token = getToken(tokenName);
143:
144: if (token == null) {
145: if (LOG.isDebugEnabled())
146: LOG.debug("no token found for token name " + tokenName
147: + " -> Invalid token ");
148: return false;
149: }
150:
151: Map session = ActionContext.getContext().getSession();
152: String sessionToken = (String) session.get(tokenName);
153:
154: if (!token.equals(sessionToken)) {
155: LOG
156: .warn(LocalizedTextUtil
157: .findText(
158: TokenHelper.class,
159: "webwork.internal.invalid.token",
160: ActionContext.getContext()
161: .getLocale(),
162: "Form token {0} does not match the session token {1}.",
163: new Object[] { token, sessionToken }));
164:
165: return false;
166: }
167:
168: // remove the token so it won't be used again
169: session.remove(tokenName);
170:
171: return true;
172: }
173: }
|