You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by dg...@apache.org on 2003/04/23 02:31:10 UTC
cvs commit: jakarta-struts/src/share/org/apache/struts/action Action.java
dgraham 2003/04/22 17:31:10
Modified: src/share/org/apache/struts/action Action.java
Log:
Synchronized token methods for PR# 19223. Post 1.1 these methods should
be moved to some kind of TokenProcessor class for reusability by other
components such as the RequestProcessor (PR# 16743).
Revision Changes Path
1.58 +36 -34 jakarta-struts/src/share/org/apache/struts/action/Action.java
Index: Action.java
===================================================================
RCS file: /home/cvs/jakarta-struts/src/share/org/apache/struts/action/Action.java,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- Action.java 13 Mar 2003 01:55:09 -0000 1.57
+++ Action.java 23 Apr 2003 00:31:09 -0000 1.58
@@ -657,7 +657,7 @@
*
* @param request The servlet request we are processing
*/
- protected boolean isTokenValid(HttpServletRequest request) {
+ protected synchronized boolean isTokenValid(HttpServletRequest request) {
return (isTokenValid(request, false));
@@ -679,33 +679,34 @@
* @param request The servlet request we are processing
* @param reset Should we reset the token after checking it?
*/
- protected boolean isTokenValid(HttpServletRequest request, boolean reset) {
+ protected synchronized boolean isTokenValid(
+ HttpServletRequest request,
+ boolean reset) {
// Retrieve the current session for this request
HttpSession session = request.getSession(false);
- if (session == null)
+ if (session == null) {
+ return (false);
+ }
+
+ // Retrieve the transaction token from this session, and
+ // reset it if requested
+ String saved = (String) session.getAttribute(Globals.TRANSACTION_TOKEN_KEY);
+ if (saved == null) {
return (false);
-
- synchronized (session) {
-
- // Retrieve the transaction token from this session, and
- // reset it if requested
- String saved = (String)
- session.getAttribute(TRANSACTION_TOKEN_KEY);
- if (saved == null)
- return (false);
- if (reset)
- session.removeAttribute(TRANSACTION_TOKEN_KEY);
-
- // Retrieve the transaction token included in this request
- String token = request.getParameter(Constants.TOKEN_KEY);
- if (token == null)
- return (false);
-
- // Do the values match?
- return (saved.equals(token));
-
}
+
+ if (reset) {
+ this.resetToken(request);
+ }
+
+ // Retrieve the transaction token included in this request
+ String token = request.getParameter(Constants.TOKEN_KEY);
+ if (token == null) {
+ return (false);
+ }
+
+ return (saved.equals(token));
}
@@ -717,13 +718,13 @@
*
* @param request The servlet request we are processing
*/
- protected void resetToken(HttpServletRequest request) {
+ protected synchronized void resetToken(HttpServletRequest request) {
HttpSession session = request.getSession(false);
- if (session == null)
+ if (session == null) {
return;
- session.removeAttribute(TRANSACTION_TOKEN_KEY);
-
+ }
+ session.removeAttribute(Globals.TRANSACTION_TOKEN_KEY);
}
@@ -782,12 +783,13 @@
*
* @param request The servlet request we are processing
*/
- protected void saveToken(HttpServletRequest request) {
+ protected synchronized void saveToken(HttpServletRequest request) {
HttpSession session = request.getSession();
String token = generateToken(request);
- if (token != null)
- session.setAttribute(TRANSACTION_TOKEN_KEY, token);
+ if (token != null) {
+ session.setAttribute(Globals.TRANSACTION_TOKEN_KEY, token);
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-dev-help@jakarta.apache.org