[Opensource] Added transaction token support for controllers

Raul DAVIDOVICH R.DAVIDOVICH at caconcology.com
Thu Oct 17 03:22:43 PDT 2002 


Hi all,

      I added an adaptor in expresso's Controller class to struts' Action
class' transaction token management.

Struts Action's methods use HttpServletRequest and write directly to
HttpSession, so first I tried to override them for using ControllerRequest
and writing to PersistentSession.
Here, the problem I found is that HTTPPersistentSession.setAttribute writes
to HttpServletRequest, so the attribute may be lost between transactions.
The method that writes directly to the HttpSession is
setPersistentAttribute, and it writes strings as SerializableStrings.
Using this method generates problems with FormTag, which sets a hidden
field in the form with the token, and who expects a string.
This hidden field is used in isTokenValid() for comparing it with the token
saved in the session.
When I modified FormTag to make it aware of SeriaizableString, CancelTag
stops working, and I couldn't track down why

So to avoid this, I wrote an adaptor who gets the HttpServletRequest from
the HTTPPersistentSession, and calls the methods in the base class
(Action).
This has the advantage that if struts' logic changes in future versions, as
long as the interface remains, there's no need to change this part of
Controller, nor to change the tags, and it's easier to maintain

To accomplish this, I modified the PersistentSession interface and
implemented the methods in HTTPPersistentSession and
SimplePersistentSession.

The methods added are:
getId() returns the HttpSession ID (not required, but could be useful)
getRequest(): returns the HttpServletRequest (required since struts' action
needs this request)
getResponse(): returns the HttpServletResponse (not required but could be
useful)


here are the code snippets:

com.jcorporate.expresso.core.controller.session.PersistentSession
...
    public String getId();

    public HttpServletRequest getRequest();

    public HttpServletResponse getResponse();
...



com.jcorporate.expresso.core.controller.session.HTTPPersistentSession
...
    /**
     * Retrieves and returns the HttpSession ID
     * @return java.lang.String the value of HttpSession.getId()
     */
    public String getId() {
      HttpSession mySession = request.getSession();
      String myId = mySession.getId();
      return (myId);
    }

    /**
     * Returns the HttpServletRequest
     * @return javax.servlet.http.HttpServletRequest
     */
    public HttpServletRequest getRequest() {
        return(request);
    }

    /**
     * Returns the HttpServletResponse
     * @return javax.servlet.http.HttpServletResponse
     */
    public HttpServletResponse getResponse() {
        return(response);
    }
...


com.jcorporate.expresso.core.controller.session.SimplePersistentSession
...
    public String getId() {
      return (null);
    }

     public HttpServletRequest getRequest(){
      return (null);
     }

    public HttpServletResponse getResponse(){
      return (null);
    }
...

com.jcorporate.expresso.core.controller.Controller
...
    /**
     * Generate a new transaction token, to be used for enforcing a single
     * request for a particular transaction.
     *
     * @param request The request we are processing
     */
     protected String generateToken(ControllerRequest request) {

        try{
        return (super.generateToken(request.getSession().getRequest()));
      }
      catch (ControllerException CE) {
        return (null);
      }

    }



     /**
     * Return <code>true</code> if there is a transaction token stored in
     * the user's current session, and the value submitted as a request
     * parameter with this action matches it.  Returns <code>false</code>
     * under any of the following circumstances:
     * <ul>
     * <li>No session associated with this request</li>
     * <li>No transaction token saved in the session</li>
     * <li>No transaction token included as a request parameter</li>
     * <li>The included transaction token value does not match the
     *     transaction token in the user's session</li>
     * </ul>
     *
     * @param request The servlet request we are processing
     */
    protected boolean isTokenValid(ControllerRequest request) {

        try{
        return(super.isTokenValid(request.getSession().getRequest()));
        }
      catch (ControllerException CE) {
        return (false);
      }
    }


    /**
     * Reset the saved transaction token in the user's session.  This
     * indicates that transactional token checking will not be needed
     * on the next request that is submitted.
     *
     * @param request The servlet request we are processing
     */
    protected void resetToken(ControllerRequest request) {
      try{
      super.resetToken(request.getSession().getRequest());
      }
      catch (ControllerException CE){;}
    }


    protected void saveToken(ControllerRequest request) {
      try{
      super.saveToken(request.getSession().getRequest());
      }
      catch (ControllerException CE){;}
    }
...





In case there are problems with the message (i.e. it appears in
uninterpreted html) I attach the .java files

(See attached file: HTTPPersistentSession.java)(See attached file:
PersistentSession.java)(See attached file: SimplePersistentSession.java)
(See attached file: Controller.java)



hope this will be useful



Best regards
---------------------------------------------------
Raul Davidovich
Responsable Informatique
Cvitkovic & Associés Consultants

(33) 1 45 15 40 68
(33) 1 45 15 40 41 Fax
-------------------------------------------------------
http://www.caconcology.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: =?iso-8859-1?Q?HTTPPersistentSession.java?=
Type: application/octet-stream
Size: 9521 bytes
Desc: not available
Url : http://mailman.jcorporate.com/pipermail/opensource/attachments/20021017/0921dad1/iso-8859-1QHTTPPersistentSession-0002.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: =?iso-8859-1?Q?PersistentSession.java?=
Type: application/octet-stream
Size: 1621 bytes
Desc: not available
Url : http://mailman.jcorporate.com/pipermail/opensource/attachments/20021017/0921dad1/iso-8859-1QPersistentSession-0002.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: =?iso-8859-1?Q?SimplePersistentSession.java?=
Type: application/octet-stream
Size: 2368 bytes
Desc: not available
Url : http://mailman.jcorporate.com/pipermail/opensource/attachments/20021017/0921dad1/iso-8859-1QSimplePersistentSession-0002.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: =?iso-8859-1?Q?Controller.java?=
Type: application/octet-stream
Size: 103760 bytes
Desc: not available
Url : http://mailman.jcorporate.com/pipermail/opensource/attachments/20021017/0921dad1/iso-8859-1QController-0002.obj

More information about the Opensource mailing list