Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
TokenTag |
|
| 0.0;0 |
1 | /* | |
2 | * Copyright 2004-2008 the Seasar Foundation and the Others. | |
3 | * | |
4 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
5 | * you may not use this file except in compliance with the License. | |
6 | * You may obtain a copy of the License at | |
7 | * | |
8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
9 | * | |
10 | * Unless required by applicable law or agreed to in writing, software | |
11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, | |
13 | * either express or implied. See the License for the specific language | |
14 | * governing permissions and limitations under the License. | |
15 | */ | |
16 | package org.seasar.cubby.tags; | |
17 | ||
18 | import static org.seasar.cubby.tags.TagUtils.toAttr; | |
19 | ||
20 | import java.io.IOException; | |
21 | ||
22 | import javax.servlet.http.HttpSession; | |
23 | import javax.servlet.jsp.JspException; | |
24 | import javax.servlet.jsp.JspWriter; | |
25 | import javax.servlet.jsp.PageContext; | |
26 | ||
27 | import org.seasar.cubby.controller.ThreadContext; | |
28 | import org.seasar.cubby.util.TokenHelper; | |
29 | import org.seasar.cubby.validator.validators.TokenValidator; | |
30 | import org.seasar.framework.util.StringUtil; | |
31 | ||
32 | /** | |
33 | * 2重サブミット防止用の<input type="hidden"/>を出力するタグ。 | |
34 | * <p> | |
35 | * このタグが呼び出されると一意なトークン文字列を生成してhiddenとセッションに格納します。 | |
36 | * サブミットされた先の処理の検証フェーズで、ポストされたhidden値とセッション中の値を比較して、 | |
37 | * 一致しない場合、不正な経路からのアクセスとみなしてエラー処理を行います。 | |
38 | * </p> | |
39 | * | |
40 | * @see TokenValidator#validate(org.seasar.cubby.validator.ValidationContext, | |
41 | * Object[]) | |
42 | * @author agata | |
43 | * @since 1.0.0 | |
44 | */ | |
45 | 3 | public class TokenTag extends DynamicAttributesTagSupport { |
46 | ||
47 | private String name; | |
48 | ||
49 | /** | |
50 | * name属性を設定します。 | |
51 | * | |
52 | * @param name | |
53 | * name属性 | |
54 | */ | |
55 | public void setName(final String name) { | |
56 | 1 | this.name = name; |
57 | 1 | } |
58 | ||
59 | /** | |
60 | * {@inheritDoc} | |
61 | */ | |
62 | @Override | |
63 | public void doTag() throws JspException, IOException { | |
64 | 3 | final PageContext context = (PageContext) getJspContext(); |
65 | 3 | final JspWriter out = context.getOut(); |
66 | ||
67 | 3 | final String token = TokenHelper.generateGUID(); |
68 | 3 | out.append("<input type=\"hidden\" name=\""); |
69 | 3 | if (StringUtil.isEmpty(name)) { |
70 | 2 | out.append(TokenHelper.DEFAULT_TOKEN_NAME); |
71 | } else { | |
72 | 1 | out.append(name); |
73 | } | |
74 | 3 | out.append("\" value=\""); |
75 | 3 | out.append(token); |
76 | 3 | out.append("\" "); |
77 | 3 | out.write(toAttr(getDynamicAttribute())); |
78 | 3 | out.append("/>"); |
79 | 3 | final HttpSession session = ThreadContext.getRequest().getSession(); |
80 | 3 | TokenHelper.setToken(session, token); |
81 | 3 | } |
82 | } |