org.apache.struts2.interceptor
Class TokenInterceptor

java.lang.Object
  extended by com.opensymphony.xwork2.interceptor.AbstractInterceptor
      extended by com.opensymphony.xwork2.interceptor.MethodFilterInterceptor
          extended by org.apache.struts2.interceptor.TokenInterceptor
All Implemented Interfaces:
Interceptor, Serializable
Direct Known Subclasses:
TokenSessionStoreInterceptor

public class TokenInterceptor
extends MethodFilterInterceptor

Ensures that only one request per token is processed. This interceptor can make sure that back buttons and double clicks don't cause un-intended side affects. For example, you can use this to prevent careless users who might double click on a "checkout" button at an online store. This interceptor uses a fairly primitive technique for when an invalid token is found: it returns the result invalid.token, which can be mapped in your action configuration. A more complex implementation, TokenSessionStoreInterceptor, can provide much better logic for when invalid tokens are found.

Note: To set a token in your form, you should use the token tag. This tag is required and must be used in the forms that submit to actions protected by this interceptor. Any request that does not provide a token (using the token tag) will be processed as a request with an invalid token.

Internationalization Note: The following key could be used to internationalized the action errors generated by this token interceptor

NOTE: As this method extends off MethodFilterInterceptor, it is capable of deciding if it is applicable only to selective methods in the action class. See MethodFilterInterceptor for more info.

Interceptor parameters:

Extending the interceptor:

While not very common for users to extend, this interceptor is extended by the TokenSessionStoreInterceptor. The handleInvalidToken(com.opensymphony.xwork2.ActionInvocation) and handleValidToken(com.opensymphony.xwork2.ActionInvocation) methods are protected and available for more interesting logic, such as done with the token session interceptor.

Example code:

 

 <action name="someAction" class="com.examples.SomeAction">
     <interceptor-ref name="token"/>
     <interceptor-ref name="basicStack"/>
     <result name="success">good_result.ftl</result>
 </action>

 <-- In this case, myMethod of the action class will not
        get checked for invalidity of token -->
 <action name="someAction" class="com.examples.SomeAction">
     <interceptor-ref name="token">
        <param name="excludeMethods">myMethod</param>
     </interceptor-ref name="token"/>
     <interceptor-ref name="basicStack"/>
     <result name="success">good_result.ftl</result>
 </action>

 
 

See Also:
TokenSessionStoreInterceptor, TokenHelper, Serialized Form

Field Summary
static String INVALID_TOKEN_CODE
           
private static long serialVersionUID
           
 
Fields inherited from class com.opensymphony.xwork2.interceptor.MethodFilterInterceptor
excludeMethods, includeMethods, log
 
Constructor Summary
TokenInterceptor()
           
 
Method Summary
protected  String doIntercept(ActionInvocation invocation)
          Subclasses must override to implement the interceptor logic.
protected  String handleInvalidToken(ActionInvocation invocation)
          Determines what to do if an invalid token is provided.
protected  String handleValidToken(ActionInvocation invocation)
          Called when a valid token is found.
 
Methods inherited from class com.opensymphony.xwork2.interceptor.MethodFilterInterceptor
applyInterceptor, getExcludeMethodsSet, getIncludeMethodsSet, intercept, setExcludeMethods, setIncludeMethods
 
Methods inherited from class com.opensymphony.xwork2.interceptor.AbstractInterceptor
destroy, init
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

serialVersionUID

private static final long serialVersionUID
See Also:
Constant Field Values

INVALID_TOKEN_CODE

public static final String INVALID_TOKEN_CODE
See Also:
Constant Field Values
Constructor Detail

TokenInterceptor

public TokenInterceptor()
Method Detail

doIntercept

protected String doIntercept(ActionInvocation invocation)
                      throws Exception
Description copied from class: MethodFilterInterceptor
Subclasses must override to implement the interceptor logic.

Specified by:
doIntercept in class MethodFilterInterceptor
Parameters:
invocation - the action invocation
Returns:
the result of invocation
Throws:
Exception
See Also:
MethodFilterInterceptor.doIntercept(com.opensymphony.xwork2.ActionInvocation)

handleInvalidToken

protected String handleInvalidToken(ActionInvocation invocation)
                             throws Exception
Determines what to do if an invalid token is provided. If the action implements ValidationAware

Parameters:
invocation - the action invocation where the invalid token failed
Returns:
the return code to indicate should be processed
Throws:
Exception - when any unexpected error occurs.

handleValidToken

protected String handleValidToken(ActionInvocation invocation)
                           throws Exception
Called when a valid token is found. This method invokes the action by can be changed to do something more interesting.

Parameters:
invocation - the action invocation
Throws:
Exception - when any unexpected error occurs.


Copyright © 2000-2009 Apache Software Foundation. All Rights Reserved.