@SuppressWarnings("unchecked")
@Override
public <A extends Action<R>, R extends Result> R execute(A action)
throws ActionException {
if (!(action instanceof WrappedAction<?>)) {
throw new ActionException("Invalid (non-wrapped) action received: "
+ action.getClass());
}
WrappedAction<?> a = (WrappedAction<?>) action;
HttpSession session =
ServletContexts.instance().getRequest().getSession();
if (session != null && !session.getId().equals(a.getCsrfToken())) {
log.warn("Token mismatch. Client token: {}, Expected token: {}",
a.getCsrfToken(), session.getId());
throw new InvalidTokenError(
"The csrf token sent with this request is not valid. It may be from an expired session, or may have been forged");
}
DefaultExecutionContext ctx = new DefaultExecutionContext(this);
try {
return (R) doExecute(a.getAction(), ctx);
} catch (ActionException e) {
ctx.rollback();
throw e;
} catch (NotLoggedInException e) {
ctx.rollback();
throw new AuthenticationError(e);
} catch (AuthorizationException e) {
ctx.rollback();
throw new AuthorizationError(e);
} catch (Throwable e) {
ctx.rollback();
log.error("Error dispatching action: " + e, e);
throw new ActionException(e);
}
}