roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kohei Nozaki (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ROL-2069) Improvement of salt processing
Date Mon, 23 Mar 2015 07:08:11 GMT
Kohei Nozaki created ROL-2069:
---------------------------------

             Summary: Improvement of salt processing
                 Key: ROL-2069
                 URL: https://issues.apache.org/jira/browse/ROL-2069
             Project: Apache Roller
          Issue Type: Improvement
          Components: User Interface - General
    Affects Versions: 5.1.2
            Reporter: Kohei Nozaki
            Assignee: Roller Unassigned


This is a fork from [ROL-2058|https://issues.apache.org/jira/browse/ROL-2058].

Using an interceptor instead of a filter would be promising because it enables returning back
to the action rather than the general exception page, also it enables resubmit the page with
a new salt.

An implementation plan by Greg:

{code:xml}
<interceptor-ref name="UIActionSaltInterceptor" >
    <param name="excludeMethods">*</param>
    <param name="includeMethods">save</param>
</interceptor-ref>
{code}

{code:java}
public class UIActionSaltInterceptor extends MethodFilterInterceptor {

	private static final Logger log = LoggerFactory
			.getLogger(UIActionSaltInterceptor.class);

	private String inputResultName = Action.INPUT;

	/**
	 * Set the <code>inputResultName</code> (result name to be returned when
	 * action fails the salt check). Default to {@link Action#INPUT}
	 * 
	 * struts.xml interceptor parameter:
	 * 
	 * <param name="inputResultName">input</param>
	 * 
	 * @param inputResultName
	 *            what result name to use when there is a salt error.
	 */
	public void setInputResultName(String inputResultName) {
		this.inputResultName = inputResultName;
	}

	/**
	 * Intercept {@link ActionInvocation} and returns a
	 * <code>inputResultName</code> when action fails the salt check.
	 * 
	 * @return String result name
	 */
	@Override
	protected String doIntercept(ActionInvocation invocation) throws Exception {
		Object action = invocation.getAction();

		if (action instanceof UIAction) {

			UIAction theAction = (UIAction) action;

			final ActionContext context = invocation.getInvocationContext();
			HttpServletRequest request = (HttpServletRequest) context
					.get(ServletActionContext.HTTP_REQUEST);

			// Check post
			if (("POST").equals(request.getMethod())) {

				SaltCache saltCache = SaltCache.getInstance();
				if (saltCache.isCacheEnabled()) {

					String salt = (String) request.getParameter("salt");

					if (salt == null || saltCache.get(salt) == null
							|| saltCache.get(salt).equals(false)) {

						if (log.isDebugEnabled())
							log.debug("Failed salt check on action "
									+ theAction
									+ ", returning result name 'input'");

						// Indicate the error to the user
						theAction.addError("error.permissions.deniedSalt");

						return inputResultName;

					}

					// Cleanup
					saltCache.remove(salt);
				}
			}
		}

		return invocation.invoke();
	}
} 
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message