actionform.java

开源项目CRM之OpenCustomer

/*******************************************************************************
 * ***** BEGIN LICENSE BLOCK Version: MPL 1.1
 * 
 * The contents of this file are subject to the Mozilla Public License Version
 * 1.1 (the "License"); you may not use this file except in compliance with the
 * License. You may obtain a copy of the License at http://www.mozilla.org/MPL/
 * 
 * Software distributed under the License is distributed on an "AS IS" basis,
 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
 * the specific language governing rights and limitations under the License.
 * 
 * The Original Code is the OpenCustomer CRM.
 * 
 * The Initial Developer of the Original Code is Thomas Bader (Bader & Jene
 * Software-Ingenieurb黵o). Portions created by the Initial Developer are
 * Copyright (C) 2005 the Initial Developer. All Rights Reserved.
 * 
 * Contributor(s): Thomas Bader <thomas.bader@bader-jene.de>
 * 
 * ***** END LICENSE BLOCK *****
 */

package org.opencustomer.application.web.struts;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;
import org.apache.struts.action.ActionErrors;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionMessages;

/**
 * 
 * @author thbader
 */
public abstract class ActionForm extends org.apache.struts.action.ActionForm
{
    private final static Logger log = Logger.getLogger(ActionForm.class);

    public ActionForm()
    {
    }

    /**
     * Return <code>true</code> if there is a transaction token stored in the
     * user's current session, and the value submitted as a request parameter
     * with this action matches it. Returns <code>false</code>
     * <ul>
     * <li>No session associated with this request</li>
     * <li>No transaction token saved in the session</li>
     * <li>No transaction token included as a request parameter</li>
     * <li>The included transaction token value does not match the transaction
     * token in the user's session</li>
     * </ul>
     * 
     * @param request The servlet request we are processing
     */
    protected boolean isTokenValid(HttpServletRequest request)
    {

        // Retrieve the current session for this request
        HttpSession session = request.getSession(false);
        if (session == null)
            return (false);

        synchronized (session)
        {

            // Retrieve the transaction token from this session
            String saved = (String) session.getAttribute(org.apache.struts.Globals.TRANSACTION_TOKEN_KEY);
            if (saved == null)
                return (false);

            // Retrieve the transaction token included in this request
            String token = request.getParameter(org.apache.struts.taglib.html.Constants.TOKEN_KEY);
            if (token == null)
                return (false);

            // Do the values match?
            return (saved.equals(token));

        }
    }

    public final ActionErrors validate(ActionMapping mapping, HttpServletRequest request)
    {
        ActionErrors errors = new ActionErrors();

        validate(mapping, errors, request);

        if (log.isDebugEnabled())
            log.debug("found " + errors.size() + " errors during validation");

        return errors;
    }

    public abstract void validate(ActionMapping mapping, ActionMessages error, HttpServletRequest request);

}