001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.wicket.protocol.http;
018:
019: import org.apache.wicket.*;
020: import org.apache.wicket.util.string.Strings;
021:
022: /**
023: * A session subclass for the HTTP protocol.
024: *
025: * @author Jonathan Locke
026: */
027: public class WebSession extends Session {
028: private static final long serialVersionUID = 1L;
029:
030: /**
031: * Constructor. Note that {@link RequestCycle} is not available until this
032: * constructor returns.
033: *
034: * @deprecated Use #WebSession(Request) instead
035: *
036: * @param application
037: * The application
038: * @param request
039: * The current request
040: */
041: public WebSession(final Application application, Request request) {
042: super (application, request);
043: }
044:
045: /**
046: * Constructor. Note that {@link RequestCycle} is not available until this
047: * constructor returns.
048: *
049: * @deprecated Use #WebSession(Request)
050: *
051: * @param application
052: * The application
053: * @param request
054: * The current request
055: */
056: public WebSession(final WebApplication application, Request request) {
057: super (application, request);
058: }
059:
060: /**
061: * Constructor. Note that {@link RequestCycle} is not available until this
062: * constructor returns.
063: *
064: * @param request
065: * The current request
066: */
067: public WebSession(Request request) {
068: super (request);
069: }
070:
071: /**
072: * @see org.apache.wicket.Session#isCurrentRequestValid(org.apache.wicket.RequestCycle)
073: */
074: protected boolean isCurrentRequestValid(
075: RequestCycle lockedRequestCycle) {
076: WebRequest lockedRequest = (WebRequest) lockedRequestCycle
077: .getRequest();
078:
079: // if the request that's holding the lock is ajax, we allow this request
080: if (lockedRequest.isAjax() == true) {
081: return true;
082: }
083:
084: RequestCycle currentRequestCycle = RequestCycle.get();
085: WebRequest currentRequest = (WebRequest) currentRequestCycle
086: .getRequest();
087:
088: if (currentRequest.isAjax() == false) {
089: // if this request is not ajax, we allow it
090: return true;
091: }
092:
093: String lockedPageId = Strings.firstPathComponent(lockedRequest
094: .getRequestParameters().getComponentPath(),
095: Component.PATH_SEPARATOR);
096: String currentPageId = Strings.firstPathComponent(
097: currentRequestCycle.getRequest().getRequestParameters()
098: .getComponentPath(), Component.PATH_SEPARATOR);
099:
100: int lockedVersion = lockedRequest.getRequestParameters()
101: .getVersionNumber();
102: int currentVersion = currentRequest.getRequestParameters()
103: .getVersionNumber();
104:
105: if (currentPageId.equals(lockedPageId)
106: && currentVersion == lockedVersion) {
107: // we don't allow tis request
108: return false;
109: }
110:
111: return true;
112: }
113: }
|