Example 5.4 Check For a Valid Token
/**
* Return true
if there is a transaction
* token stored in the user's current session, and
* the value submitted as a request request parameter
* with this action matches it.
*
* Returns false
* under any of the following circumstances:
*
* - No session associated with this request
* - No transaction token saved in the session
* - No transaction token included as a request
* parameter
* - The included transaction token value does not
* match the transaction token in the user's
* session
*
*
* @param request The servlet request we are processing
*/
protected boolean isTokenValid(HttpServletRequest request) {
// Retrieve the saved transaction token from our
// session
HttpSession session = request.getSession(false);
if (session == null)
return (false);
String saved = (String)
session.getAttribute(TRANSACTION_TOKEN_KEY);
if (saved == null)
return (false);
// Retrieve the transaction token included in this
// request
String token = (String)
request.getParameter(Constants.TOKEN_KEY);
if (token == null)
return (false);
// Do the values match?
return (saved.equals(token));
}
(Copyright (c) 1999 The Apache Software Foundation. All rights reserved.)