Apache Struts API Documentation: Class TokenProcessor

Apache Struts API

previous page next page
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

org.apache.struts.util Class TokenProcessor

java.lang.Object
  |
  +--org.apache.struts.util.TokenProcessor
public class TokenProcessor
extends java.lang.Object

TokenProcessor is responsible for handling all token related functionality. The methods in this class are synchronized to protect token processing from multiple threads. Servlet containers are allowed to return a different HttpSession object for two threads accessing the same session so it is not possible to synchronize on the session.

Since:
Struts 1.1

Field Summary
private static TokenProcessor instance
          The singleton instance of this class.
private  long previous
          The timestamp used most recently to generate a token value.
 
Constructor Summary
protected TokenProcessor()
          Protected constructor for TokenProcessor.
 
Method Summary
 java.lang.String generateToken(javax.servlet.http.HttpServletRequest request)
          Generate a new transaction token, to be used for enforcing a single request for a particular transaction.
static TokenProcessor getInstance()
          Retrieves the singleton instance of this class.
 boolean isTokenValid(javax.servlet.http.HttpServletRequest request)
          Return true if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it.
 boolean isTokenValid(javax.servlet.http.HttpServletRequest request, boolean reset)
          Return true if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it.
 void resetToken(javax.servlet.http.HttpServletRequest request)
          Reset the saved transaction token in the user's session.
 void saveToken(javax.servlet.http.HttpServletRequest request)
          Save a new transaction token in the user's current session, creating a new session if necessary.
private  java.lang.String toHex(byte[] buffer)
          Convert a byte array to a String of hexadecimal digits and return it.
 
Methods inherited from class java.lang.Object
, clone, equals, finalize, getClass, hashCode, notify, notifyAll, registerNatives, toString, wait, wait, wait
 

Field Detail

instance

private static TokenProcessor instance
The singleton instance of this class.

previous

private long previous
The timestamp used most recently to generate a token value.
Constructor Detail

TokenProcessor

protected TokenProcessor()
Protected constructor for TokenProcessor. Use TokenProcessor.getInstance() to obtain a reference to the processor.
Method Detail

getInstance

public static TokenProcessor getInstance()
Retrieves the singleton instance of this class.

isTokenValid

public boolean isTokenValid(javax.servlet.http.HttpServletRequest request)
Return true if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it. Returns false under any of the following circumstances:
  • No session associated with this request
  • No transaction token saved in the session
  • No transaction token included as a request parameter
  • The included transaction token value does not match the transaction token in the user's session
Parameters:
request - The servlet request we are processing

isTokenValid

public boolean isTokenValid(javax.servlet.http.HttpServletRequest request,
                            boolean reset)
Return true if there is a transaction token stored in the user's current session, and the value submitted as a request parameter with this action matches it. Returns false
  • No session associated with this request
  • No transaction token saved in the session
  • No transaction token included as a request parameter
  • The included transaction token value does not match the transaction token in the user's session
Parameters:
request - The servlet request we are processing
reset - Should we reset the token after checking it?

resetToken

public void resetToken(javax.servlet.http.HttpServletRequest request)
Reset the saved transaction token in the user's session. This indicates that transactional token checking will not be needed on the next request that is submitted.
Parameters:
request - The servlet request we are processing

saveToken

public void saveToken(javax.servlet.http.HttpServletRequest request)
Save a new transaction token in the user's current session, creating a new session if necessary.
Parameters:
request - The servlet request we are processing

generateToken

public java.lang.String generateToken(javax.servlet.http.HttpServletRequest request)
Generate a new transaction token, to be used for enforcing a single request for a particular transaction.
Parameters:
request - The request we are processing

toHex

private java.lang.String toHex(byte[] buffer)
Convert a byte array to a String of hexadecimal digits and return it.
Parameters:
buffer - The byte array to be converted
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
Copyright © 2000-2005 - The Apache Software Foundation

previous page start next page