private void executeElementAction(ResourceBarElement element) {
if (elementActions.containsKey(element)) {
IAction action = elementActions.get(element);
action.execute();
}
}
public boolean isValidRequest(HttpServletRequest request, HttpServletResponse response) {
boolean valid = !isProtectedPageAndMethod(request);
HttpSession session = request.getSession(true);
String tokenFromSession = (String) session.getAttribute(getSessionKey());
/** sending request to protected resource - verify token * */
if (tokenFromSession != null && !valid) {
try {
if (isAjaxEnabled() && isAjaxRequest(request)) {
verifyAjaxToken(request);
} else if (isTokenPerPageEnabled()) {
verifyPageToken(request);
} else {
verifySessionToken(request);
}
valid = true;
} catch (CsrfGuardException csrfe) {
for (IAction action : getActions()) {
try {
action.execute(request, response, csrfe, this);
} catch (CsrfGuardException exception) {
getLogger().log(LogLevel.Error, exception);
}
}
}
/** rotate session and page tokens * */
if (!isAjaxRequest(request) && isRotateEnabled()) {
rotateTokens(request);
}
/** expected token in session - bad state * */
} else if ((tokenFromSession == null) && !valid) {
throw new IllegalStateException(
"CsrfGuard expects the token to exist in session at this point");
} else {
/** unprotected page - nothing to do * */
}
return valid;
}
