Token interceptor in struts 1.2

Question

My project is in struts1.2. Is there any to implement Token interceptor (struts2) in struts1.2? I know it can be implemented by using

1. saveToken(HttpServletRequest req)
2. isTokenValid(HttpServletRequest req)
3. resetToken(HttpServletRequest req)

But I don't want to add above in each and every action.

Answer 1

I know struts2 but not struts1 (so these solutions attack from that angle, a struts1 person may have a much prettier solution with respect to this issue):

1) Add Spring (if it isn't there already)... add those methods using AOP. [cost: possibly learning a new technology]

2) Use Struts2 beside Struts1 mapping .action to struts2 and .do to struts1... create a struts2 package, possibly called "token" and possibly mapped to /token with appropriate actions with wild cards to capture what ever you throw at it... which forwards to the struts1 actions. PS: You asked how it could be done... this is far from pretty and I wouldn't do this. [cost: complicates mapping logic ]

3) Convert everything to struts2 and use the token interceptor. [cost: high time investment]

4) Create a new base action class which your actions will extend, implementing those methods.

Answer 2

Interceptors do not exist on Struts 1, it's possible to use servlet filters. But be careful not to control token on HTTP GET requests so as not to reject all the requests.

Servlet Filters and Event Listeners

saveToken() on all request and isTokenValid() resetToken() on POST request.

Answer 3

If you want to use TokenInterceptor in Struts 2, you have to refer tokenSession interceptor.
Had to handle result by name="invalid.token" in struts.xml in specific action.
The page from which your action is generated at that page you have to write s:token tag in the header