Uploaded image for project: 'Apache Roller'
  1. Apache Roller
  2. ROL-2069

Improvement of salt processing

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Abandoned
    • 5.1.2
    • None
    • User Interface - General
    • None

    Description

      This is a fork from ROL-2058.

      Using an interceptor instead of a filter would be promising because it enables returning back to the action rather than the general exception page, also it enables resubmit the page with a new salt.

      An implementation plan by Greg:

      <interceptor-ref name="UIActionSaltInterceptor" >
    <param name="excludeMethods">*</param>
    <param name="includeMethods">save</param>
</interceptor-ref>

      public class UIActionSaltInterceptor extends MethodFilterInterceptor {

	private static final Logger log = LoggerFactory
			.getLogger(UIActionSaltInterceptor.class);

	private String inputResultName = Action.INPUT;

	/**
	 * Set the <code>inputResultName</code> (result name to be returned when
	 * action fails the salt check). Default to {@link Action#INPUT}
	 * 
	 * struts.xml interceptor parameter:
	 * 
	 * <param name="inputResultName">input</param>
	 * 
	 * @param inputResultName
	 *            what result name to use when there is a salt error.
	 */
	public void setInputResultName(String inputResultName) {
		this.inputResultName = inputResultName;
	}

	/**
	 * Intercept {@link ActionInvocation} and returns a
	 * <code>inputResultName</code> when action fails the salt check.
	 * 
	 * @return String result name
	 */
	@Override
	protected String doIntercept(ActionInvocation invocation) throws Exception {
		Object action = invocation.getAction();

		if (action instanceof UIAction) {

			UIAction theAction = (UIAction) action;

			final ActionContext context = invocation.getInvocationContext();
			HttpServletRequest request = (HttpServletRequest) context
					.get(ServletActionContext.HTTP_REQUEST);

			// Check post
			if (("POST").equals(request.getMethod())) {

				SaltCache saltCache = SaltCache.getInstance();
				if (saltCache.isCacheEnabled()) {

					String salt = (String) request.getParameter("salt");

					if (salt == null || saltCache.get(salt) == null
							|| saltCache.get(salt).equals(false)) {

						if (log.isDebugEnabled())
							log.debug("Failed salt check on action "
									+ theAction
									+ ", returning result name 'input'");

						// Indicate the error to the user
						theAction.addError("error.permissions.deniedSalt");

						return inputResultName;

					}

					// Cleanup
					saltCache.remove(salt);
				}
			}
		}

		return invocation.invoke();
	}
}

      Attachments

        Activity

          People

            roller_unassigned Roller Unassigned
            xkylex Kohei Nozaki
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: