@Inject private ActionContext(App app, H.Request request, ActResponse<?> response) { super(app); E.NPE(app, request, response); request.context(this); response.context(this); this.request = request; this.response = response; this.accessLog = app.config().traceRequests() ? Trace.AccessLog.create(request) : null; this._init(); this.state = State.CREATED; AppConfig config = app.config(); this.disableCors = !config.corsEnabled(); this.disableCsrf = req().method().safe(); this.sessionKeyUsername = config.sessionKeyUsername(); this.sessionPassThrough = config.sessionPassThrough(); this.localeResolver = new LocaleResolver(this); this.sessionManager = app.sessionManager(); }
@Inject private ActionContext(App app, H.Request request, ActResponse<?> response) { super(app); E.NPE(app, request, response); request.context(this); response.context(this); this.request = request; this.response = response; this.accessLog = app.config().traceRequests() ? Trace.AccessLog.create(request) : null; this._init(); this.state = State.CREATED; AppConfig config = app.config(); this.disableCors = !config.corsEnabled(); this.disableCsrf = req().method().safe(); this.sessionKeyUsername = config.sessionKeyUsername(); this.sessionPassThrough = config.sessionPassThrough(); this.localeResolver = new LocaleResolver(this); this.sessionManager = app.sessionManager(); }
if (Act.isProd() && v instanceof Versioned && req.method().safe()) { processEtag(meta, v, context, req);
if (Act.isProd() && v instanceof Versioned && req.method().safe()) { processEtag(meta, v, context, req);
/** * Do sanity check to see if CSRF token is present. This method * is called before session resolved * * @param context the current context */ public void preCheck(ActionContext context) { if (!enabled) { return; } H.Method method = context.req().method(); if (method.safe()) { return; } String token = retrieveCsrfToken(context); if (S.blank(token)) { raiseCsrfNotVerified(context); } }
/** * Do sanity check to see if CSRF token is present. This method * is called before session resolved * * @param context the current context */ public void preCheck(ActionContext context) { if (!enabled) { return; } H.Method method = context.req().method(); if (method.safe()) { return; } String token = retrieveCsrfToken(context); if (S.blank(token)) { raiseCsrfNotVerified(context); } }
private void preventDoubleSubmission(ActionContext context) { if (null == dspToken) { return; } H.Request req = context.req(); if (req.method().safe()) { return; } String tokenValue = context.paramVal(dspToken); if (S.blank(tokenValue)) { return; } H.Session session = context.session(); String cacheKey = S.concat("DSP-", dspToken); String cached = session.cached(cacheKey); if (S.eq(tokenValue, cached)) { throw Conflict.get(); } session.cacheFor1Min(cacheKey, tokenValue); }
private void preventDoubleSubmission(ActionContext context) { if (null == dspToken) { return; } H.Request req = context.req(); if (req.method().safe()) { return; } String tokenValue = context.paramVal(dspToken); if (S.blank(tokenValue)) { return; } H.Session session = context.session(); String cacheKey = S.concat("DSP-", dspToken); String cached = session.cached(cacheKey); if (S.eq(tokenValue, cached)) { throw Conflict.get(); } session.cacheFor1Min(cacheKey, tokenValue); }