1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 package org.seasar.cubby.util;
17
18 import static org.seasar.cubby.CubbyConstants.ATTR_TOKEN;
19
20 import java.math.BigInteger;
21 import java.util.Map;
22 import java.util.Random;
23
24 import javax.servlet.http.HttpSession;
25
26 import org.seasar.cubby.CubbyConstants;
27 import org.seasar.cubby.tags.TokenTag;
28 import org.seasar.cubby.validator.validators.TokenValidator;
29 import org.seasar.framework.util.LruHashMap;
30
31
32
33
34
35
36
37
38
39 public class TokenHelper {
40
41
42
43
44 public static int TOKEN_HISTORY_SIZE = 16;
45
46
47
48
49 public static final String DEFAULT_TOKEN_NAME = "cubby.token";
50
51
52
53
54 private static final Random RANDOM = new Random();
55
56
57
58
59
60
61 public static String generateGUID() {
62 return new BigInteger(165, RANDOM).toString(36).toUpperCase();
63 }
64
65
66
67
68
69
70
71
72
73
74
75 @SuppressWarnings("unchecked")
76 public static Map<String, String> getTokenMap(HttpSession session) {
77 Map<String, String> tokenMap = (Map<String, String>) session
78 .getAttribute(CubbyConstants.ATTR_TOKEN);
79 if (tokenMap == null) {
80 tokenMap = new LruHashMap(TOKEN_HISTORY_SIZE);
81 session.setAttribute(ATTR_TOKEN, tokenMap);
82 }
83 return tokenMap;
84 }
85
86
87
88
89
90
91
92
93
94 public static void setToken(HttpSession session, String token) {
95 Map<String, String> tokenMap = getTokenMap(session);
96 synchronized (tokenMap) {
97 tokenMap.put(token, null);
98 }
99 }
100
101
102
103
104
105
106
107
108
109
110
111
112
113 public static boolean validateToken(HttpSession session, String token) {
114 Map<String, String> tokenMap = getTokenMap(session);
115 synchronized (tokenMap) {
116 boolean success = tokenMap.containsKey(token);
117 tokenMap.remove(token);
118 return success;
119 }
120 }
121 }