Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
TokenValidator |
|
| 3.3333333333333335;3.333 |
1 | /* | |
2 | * Copyright 2004-2010 the Seasar Foundation and the Others. | |
3 | * | |
4 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
5 | * you may not use this file except in compliance with the License. | |
6 | * You may obtain a copy of the License at | |
7 | * | |
8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
9 | * | |
10 | * Unless required by applicable law or agreed to in writing, software | |
11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, | |
13 | * either express or implied. See the License for the specific language | |
14 | * governing permissions and limitations under the License. | |
15 | */ | |
16 | ||
17 | package org.seasar.cubby.validator.validators; | |
18 | ||
19 | import javax.servlet.http.HttpServletRequest; | |
20 | import javax.servlet.http.HttpSession; | |
21 | ||
22 | import org.seasar.cubby.action.MessageInfo; | |
23 | import org.seasar.cubby.internal.controller.ThreadContext; | |
24 | import org.seasar.cubby.internal.util.TokenHelper; | |
25 | import org.seasar.cubby.tags.TokenTag; | |
26 | import org.seasar.cubby.validator.ArrayFieldValidator; | |
27 | import org.seasar.cubby.validator.ValidationContext; | |
28 | ||
29 | /** | |
30 | * 2 重サブミットの検証をします。 | |
31 | * <p> | |
32 | * ポストする画面で {@link TokenTag} を使用し、アクションクラスでこのクラスで検証することで 2 重サブミットを防止します。 | |
33 | * </p> | |
34 | * <p> | |
35 | * <table> | |
36 | * <caption>検証エラー時に設定するエラーメッセージ</caption> <tbody> | |
37 | * <tr> | |
38 | * <th scope="row">デフォルトのキー</th> | |
39 | * <td>valid.token</td> | |
40 | * </tr> | |
41 | * <tr> | |
42 | * <th scope="row">置換文字列</th> | |
43 | * <td> | |
44 | * <ol start="0"> | |
45 | * <li>フィールド名</li> | |
46 | * </ol> | |
47 | * </td> | |
48 | * </tr> | |
49 | * </tbody> | |
50 | * </table> | |
51 | * </p> | |
52 | * | |
53 | * @author agata | |
54 | * @author baba | |
55 | */ | |
56 | public class TokenValidator implements ArrayFieldValidator { | |
57 | ||
58 | /** | |
59 | * メッセージキー。 | |
60 | */ | |
61 | private final String messageKey; | |
62 | ||
63 | /** | |
64 | * コンストラクタ。 | |
65 | */ | |
66 | public TokenValidator() { | |
67 | 1 | this("valid.token"); |
68 | 1 | } |
69 | ||
70 | /** | |
71 | * エラーメッセージキーを指定するコンストラクタ | |
72 | * | |
73 | * @param messageKey | |
74 | * エラーメッセージキー | |
75 | */ | |
76 | 1 | public TokenValidator(final String messageKey) { |
77 | 1 | this.messageKey = messageKey; |
78 | 1 | } |
79 | ||
80 | /** | |
81 | * {@inheritDoc} | |
82 | */ | |
83 | public void validate(final ValidationContext context, final Object[] values) { | |
84 | 3 | if (values == null) { |
85 | 0 | return; |
86 | } | |
87 | ||
88 | 3 | if (values.length == 1) { |
89 | 3 | final String token = (String) values[0]; |
90 | 3 | final ThreadContext currentContext = ThreadContext |
91 | .getCurrentContext(); | |
92 | 3 | final HttpServletRequest request = currentContext.getRequest(); |
93 | 3 | final HttpSession session = request.getSession(false); |
94 | 3 | if (session == null) { |
95 | 0 | return; |
96 | } | |
97 | 3 | if (TokenHelper.validateToken(session, token)) { |
98 | 1 | return; |
99 | } | |
100 | } | |
101 | ||
102 | 2 | final MessageInfo messageInfo = new MessageInfo(); |
103 | 2 | messageInfo.setKey(this.messageKey); |
104 | 2 | context.addMessageInfo(messageInfo); |
105 | 2 | } |
106 | } |