Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
SecurityTokenTag |
|
| 3.0;3 |
1 | /* | |
2 | * Copyright (c) 2003-2011, Simon Brown | |
3 | * All rights reserved. | |
4 | * | |
5 | * Redistribution and use in source and binary forms, with or without | |
6 | * modification, are permitted provided that the following conditions are met: | |
7 | * | |
8 | * - Redistributions of source code must retain the above copyright | |
9 | * notice, this list of conditions and the following disclaimer. | |
10 | * | |
11 | * - Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in | |
13 | * the documentation and/or other materials provided with the | |
14 | * distribution. | |
15 | * | |
16 | * - Neither the name of Pebble nor the names of its contributors may | |
17 | * be used to endorse or promote products derived from this software | |
18 | * without specific prior written permission. | |
19 | * | |
20 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | |
21 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
22 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE | |
24 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
25 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
26 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
27 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
28 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
29 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
30 | * POSSIBILITY OF SUCH DAMAGE. | |
31 | */ | |
32 | package net.sourceforge.pebble.web.tagext; | |
33 | ||
34 | import net.sourceforge.pebble.web.security.SecurityTokenValidatorImpl; | |
35 | ||
36 | import javax.servlet.jsp.JspException; | |
37 | import javax.servlet.jsp.JspWriter; | |
38 | import javax.servlet.jsp.tagext.TagSupport; | |
39 | import java.io.IOException; | |
40 | ||
41 | /** | |
42 | * Tag that writes the security token as a hidden input parameter to the request | |
43 | * @author James Roper | |
44 | */ | |
45 | 0 | public class SecurityTokenTag extends TagSupport { |
46 | ||
47 | /** true if we're rendering for a query */ | |
48 | private boolean query; | |
49 | ||
50 | @Override | |
51 | public int doStartTag() throws JspException { | |
52 | 0 | JspWriter out = pageContext.getOut(); |
53 | 0 | String token = (String) pageContext.getRequest().getAttribute(SecurityTokenValidatorImpl.PEBBLE_SECURITY_TOKEN_PARAMETER); |
54 | 0 | if (token != null) { |
55 | try { | |
56 | 0 | if (query) { |
57 | 0 | out.append(SecurityTokenValidatorImpl.PEBBLE_SECURITY_TOKEN_PARAMETER).append("=").append(token); |
58 | } else { | |
59 | 0 | out.append("<input type=\"hidden\" name=\"").append(SecurityTokenValidatorImpl.PEBBLE_SECURITY_TOKEN_PARAMETER); |
60 | 0 | out.append("\" value=\"").append(token).append("\"/>"); |
61 | } | |
62 | 0 | } catch (IOException ioe) { |
63 | 0 | throw new JspException(ioe); |
64 | 0 | } |
65 | } | |
66 | 0 | return SKIP_BODY; |
67 | } | |
68 | ||
69 | public void setQuery(boolean query) { | |
70 | 0 | this.query = query; |
71 | 0 | } |
72 | } |