Coverage Report - org.seasar.cubby.tags.TokenTag
 
Classes in this File Line Coverage Branch Coverage Complexity
TokenTag
100%
21/21
100%
4/4
0
 
 1  
 /*
 2  
  * Copyright 2004-2008 the Seasar Foundation and the Others.
 3  
  *
 4  
  * Licensed under the Apache License, Version 2.0 (the "License");
 5  
  * you may not use this file except in compliance with the License.
 6  
  * You may obtain a copy of the License at
 7  
  *
 8  
  *     http://www.apache.org/licenses/LICENSE-2.0
 9  
  *
 10  
  * Unless required by applicable law or agreed to in writing, software
 11  
  * distributed under the License is distributed on an "AS IS" BASIS,
 12  
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
 13  
  * either express or implied. See the License for the specific language
 14  
  * governing permissions and limitations under the License.
 15  
  */
 16  
 package org.seasar.cubby.tags;
 17  
 
 18  
 import static org.seasar.cubby.tags.TagUtils.toAttr;
 19  
 
 20  
 import java.io.IOException;
 21  
 
 22  
 import javax.servlet.http.HttpServletRequest;
 23  
 import javax.servlet.http.HttpSession;
 24  
 import javax.servlet.jsp.JspException;
 25  
 import javax.servlet.jsp.JspWriter;
 26  
 import javax.servlet.jsp.PageContext;
 27  
 
 28  
 import org.seasar.cubby.controller.ThreadContext;
 29  
 import org.seasar.cubby.util.TokenHelper;
 30  
 import org.seasar.cubby.validator.validators.TokenValidator;
 31  
 import org.seasar.framework.message.MessageFormatter;
 32  
 import org.seasar.framework.util.StringUtil;
 33  
 
 34  
 /**
 35  
  * 2重サブミット防止用の<input type="hidden"/>を出力するタグ。
 36  
  * <p>
 37  
  * このタグが呼び出されると一意なトークン文字列を生成してhiddenとセッションに格納します。
 38  
  * サブミットされた先の処理の検証フェーズで、ポストされたhidden値とセッション中の値を比較して、
 39  
  * 一致しない場合、不正な経路からのアクセスとみなしてエラー処理を行います。
 40  
  * </p>
 41  
  * 
 42  
  * @see TokenValidator#validate(org.seasar.cubby.validator.ValidationContext,
 43  
  *      Object[])
 44  
  * @author agata
 45  
  * @since 1.0.0
 46  
  */
 47  6
 public class TokenTag extends DynamicAttributesTagSupport {
 48  
 
 49  
         private String name;
 50  
 
 51  
         /**
 52  
          * name属性を設定します。
 53  
          * 
 54  
          * @param name
 55  
          *            name属性
 56  
          */
 57  
         public void setName(final String name) {
 58  1
                 this.name = name;
 59  1
         }
 60  
 
 61  
         /**
 62  
          * {@inheritDoc}
 63  
          */
 64  
         @Override
 65  
         public void doTag() throws JspException, IOException {
 66  4
                 final PageContext context = (PageContext) getJspContext();
 67  4
                 final JspWriter out = context.getOut();
 68  
 
 69  4
                 final String token = TokenHelper.generateGUID();
 70  4
                 out.append("<input type=\"hidden\" name=\"");
 71  4
                 if (StringUtil.isEmpty(name)) {
 72  3
                         out.append(TokenHelper.DEFAULT_TOKEN_NAME);
 73  
                 } else {
 74  1
                         out.append(name);
 75  
                 }
 76  4
                 out.append("\" value=\"");
 77  4
                 out.append(token);
 78  4
                 out.append("\" ");
 79  4
                 out.write(toAttr(getDynamicAttribute()));
 80  4
                 out.append("/>");
 81  4
                 final HttpServletRequest request = ThreadContext.getRequest();
 82  4
                 if (request == null) {
 83  1
                         throw new IllegalStateException(MessageFormatter.getMessage("ECUB0401", null));
 84  
                 }
 85  3
                 final HttpSession session = request.getSession();
 86  3
                 TokenHelper.setToken(session, token);
 87  3
         }
 88  
 }