/**
* Return the locked document lock. Must be called before beforeUpdate().
*
* @param parameters incoming Ajax request
* @return the document lock, already locked
*/
public Lock acquireDocumentLock(RequestParameters parameters) {
assert parameters.getUUID() != null;
// Check that the session is associated with the requested UUID. This enforces the rule that an
// incoming request
// for a given UUID must belong to the same session that created the document. If the session
// expires, the
// key goes away as well, and the key won't be present. If we don't do this check, the XForms
// server might
// handle requests for a given UUID within a separate session, therefore providing access to
// other sessions,
// which is not desirable. Further, we now have a lock stored in the session.
final Lock lock = getDocumentLock(parameters.getUUID());
if (lock == null)
throw new OXFException("Document session has expired. Unable to process incoming request.");
// Lock document for at most the max retry delay plus an increment
try {
final boolean acquired =
lock.tryLock(
XFormsProperties.getAjaxTimeout() + XFormsProperties.getRetryDelayIncrement(),
TimeUnit.MILLISECONDS);
if (acquired) return lock;
else return null;
} catch (InterruptedException e) {
throw new OXFException(e);
}
}
