package org.apache.struts2.interceptor;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.TextProvider;
import com.opensymphony.xwork2.ValidationAware;
import com.opensymphony.xwork2.inject.Inject;
import com.opensymphony.xwork2.interceptor.MethodFilterInterceptor;
import org.apache.struts2.ServletActionContext;
import org.apache.struts2.util.TokenHelper;

/* loaded from: input_file:WEB-INF/lib/struts2-core-2.3.16.jar:org/apache/struts2/interceptor/TokenInterceptor.class */
public class TokenInterceptor extends MethodFilterInterceptor {
    private static final long serialVersionUID = -6680894220590585506L;
    public static final String INVALID_TOKEN_CODE = "invalid.token";
    private static final String INVALID_TOKEN_MESSAGE_KEY = "struts.messages.invalid.token";
    private static final String DEFAULT_ERROR_MESSAGE = "The form has already been processed or no token was supplied, please try again.";
    private TextProvider textProvider;

    @Inject
    public void setTextProvider(TextProvider textProvider) {
        this.textProvider = textProvider;
    }

    @Override // com.opensymphony.xwork2.interceptor.MethodFilterInterceptor
    protected String doIntercept(ActionInvocation actionInvocation) throws Exception {
        if (this.log.isDebugEnabled()) {
            this.log.debug("Intercepting invocation to check for valid transaction token.", new String[0]);
        }
        return handleToken(actionInvocation);
    }

    protected String handleToken(ActionInvocation actionInvocation) throws Exception {
        synchronized (ServletActionContext.getRequest().getSession(true)) {
            if (TokenHelper.validToken()) {
                return handleValidToken(actionInvocation);
            }
            return handleInvalidToken(actionInvocation);
        }
    }

    protected String handleInvalidToken(ActionInvocation actionInvocation) throws Exception {
        Object action = actionInvocation.getAction();
        String errorMessage = getErrorMessage(actionInvocation);
        if (action instanceof ValidationAware) {
            ((ValidationAware) action).addActionError(errorMessage);
            return INVALID_TOKEN_CODE;
        }
        this.log.warn(errorMessage, new String[0]);
        return INVALID_TOKEN_CODE;
    }

    protected String getErrorMessage(ActionInvocation actionInvocation) {
        Object action = actionInvocation.getAction();
        return action instanceof TextProvider ? ((TextProvider) action).getText(INVALID_TOKEN_MESSAGE_KEY, DEFAULT_ERROR_MESSAGE) : this.textProvider.getText(INVALID_TOKEN_MESSAGE_KEY, DEFAULT_ERROR_MESSAGE);
    }

    protected String handleValidToken(ActionInvocation actionInvocation) throws Exception {
        return actionInvocation.invoke();
    }
}
