Kohei Nozaki created ROL-2069:
---------------------------------
Summary: Improvement of salt processing
Key: ROL-2069
URL: https://issues.apache.org/jira/browse/ROL-2069
Project: Apache Roller
Issue Type: Improvement
Components: User Interface - General
Affects Versions: 5.1.2
Reporter: Kohei Nozaki
Assignee: Roller Unassigned
This is a fork from [ROL-2058|https://issues.apache.org/jira/browse/ROL-2058].
Using an interceptor instead of a filter would be promising because it enables
returning back to the action rather than the general exception page, also it
enables resubmit the page with a new salt.
An implementation plan by Greg:
{code:xml}
<interceptor-ref name="UIActionSaltInterceptor" >
<param name="excludeMethods">*</param>
<param name="includeMethods">save</param>
</interceptor-ref>
{code}
{code:java}
public class UIActionSaltInterceptor extends MethodFilterInterceptor {
private static final Logger log = LoggerFactory
.getLogger(UIActionSaltInterceptor.class);
private String inputResultName = Action.INPUT;
/**
* Set the <code>inputResultName</code> (result name to be returned when
* action fails the salt check). Default to {@link Action#INPUT}
*
* struts.xml interceptor parameter:
*
* <param name="inputResultName">input</param>
*
* @param inputResultName
* what result name to use when there is a salt error.
*/
public void setInputResultName(String inputResultName) {
this.inputResultName = inputResultName;
}
/**
* Intercept {@link ActionInvocation} and returns a
* <code>inputResultName</code> when action fails the salt check.
*
* @return String result name
*/
@Override
protected String doIntercept(ActionInvocation invocation) throws
Exception {
Object action = invocation.getAction();
if (action instanceof UIAction) {
UIAction theAction = (UIAction) action;
final ActionContext context =
invocation.getInvocationContext();
HttpServletRequest request = (HttpServletRequest)
context
.get(ServletActionContext.HTTP_REQUEST);
// Check post
if (("POST").equals(request.getMethod())) {
SaltCache saltCache = SaltCache.getInstance();
if (saltCache.isCacheEnabled()) {
String salt = (String)
request.getParameter("salt");
if (salt == null || saltCache.get(salt)
== null
||
saltCache.get(salt).equals(false)) {
if (log.isDebugEnabled())
log.debug("Failed salt
check on action "
+
theAction
+ ",
returning result name 'input'");
// Indicate the error to the
user
theAction.addError("error.permissions.deniedSalt");
return inputResultName;
}
// Cleanup
saltCache.remove(salt);
}
}
}
return invocation.invoke();
}
}
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
