/**
* Checks if the values <code>values</code> are valid for the editable parameter <code>parameter
* </code>. This validation is defined by the user in the hdiv-validations.xml file of Spring. If
* the values are not valid, an error message with the parameter and the received values will be
* log.
*
* @param request HttpServletRequest to validate
* @param target Part of the url that represents the target action
* @param parameter parameter name
* @param values parameter's values
* @param dataType editable data type
* @param unauthorizedParameters Unauthorized editable parameters
* @since HDIV 1.1
*/
public void validateEditableParameter(
HttpServletRequest request,
String target,
String parameter,
String[] values,
String dataType,
Hashtable unauthorizedParameters) {
String targetWithoutContextPath = this.getTargetWithoutContextPath(request, target);
boolean isValid =
hdivConfig.areEditableParameterValuesValid(
targetWithoutContextPath, parameter, values, dataType);
if (!isValid) {
StringBuffer unauthorizedValues = new StringBuffer(values[0]);
for (int i = 1; i < values.length; i++) {
unauthorizedValues.append("," + values[i]);
}
if (dataType.equals("password")) {
String[] passwordError = {Constants.HDIV_EDITABLE_PASSWORD_ERROR_KEY};
unauthorizedParameters.put(parameter, passwordError);
} else {
unauthorizedParameters.put(parameter, values);
}
this.logger.log(
HDIVErrorCodes.EDITABLE_VALIDATION_ERROR,
target,
parameter,
unauthorizedValues.toString());
}
}
/**
* Checks if the values of the parameters received in the request <code>request</code> are valid.
* These values are valid if and only if the noneditable parameters haven't been modified.<br>
* Validation process is as follows.<br>
* 1. If the action to which the request is directed is an init page, then it is a valid request.
* <br>
* 2. if the cookies received in the request are not found in the user session, the validation is
* incorrect.<br>
* 3. if the state recover process has produced an error, incorrect validation.<br>
* 4. If the action received in the request is different to the action of the recovered state,
* incorrect validation.<br>
* 5. If not, all the parameter values are checked and if all the received values are valid then
* the request is valid. <br>
* 5.1. If it is an init parameter or a HDIV parameter then it is a valid parameter.<br>
* 5.2. If the received parameter is not in the state:<br>
* 5.2.1. If it has been defined by the user as a no validation required parameter, then it is a
* valid parameter.<br>
* 5.2.2. otherwise, it is a no valid request.<br>
* 5.3. If the parameter is editable, if validations have been defined values are checked.<br>
* 5.4. If it is a noneditable parameter, all the received values are checked.
*
* @param request HttpServletRequest to validate
* @return valid result If all the parameter values of the request <code>request</code> pass the
* the HDIV validation. False, otherwise.
* @throws HDIVException If the request doesn't pass the HDIV validation an exception is thrown
* explaining the cause of the error.
*/
public ValidatorHelperResult validate(HttpServletRequest request) {
String target = this.getTarget(request);
String targetWithoutContextPath = this.getTargetWithoutContextPath(request, target);
// Hook before the validation
Boolean pre = this.preValidate(request, target);
if (pre != null) {
return new ValidatorHelperResult(pre.booleanValue());
}
if (this.hdivConfig.hasExtensionToExclude(target)) {
log.debug("The target " + target + " has an extension to exclude from validation");
return ValidatorHelperResult.VALID;
}
if (!this.hdivConfig.isValidationInUrlsWithoutParamsActivated()) {
boolean requestHasParameters =
(request.getParameterNames() != null) && (request.getParameterNames().hasMoreElements());
if (!requestHasParameters) {
log.debug(
"The url "
+ request.getRequestURI()
+ " is not be validated because it has not got parameters");
return ValidatorHelperResult.VALID;
}
}
if (this.hdivConfig.isStartPage(targetWithoutContextPath, request.getMethod())) {
return (this.validateStartPageParameters(request, target));
}
if (this.hdivConfig.isCookiesIntegrityActivated()) {
ValidatorHelperResult result = this.validateRequestCookies(request, target);
if (!result.isValid()) {
return result;
}
}
// Restore state from request or from memory
ValidatorHelperResult result = this.restoreState(request, target);
if (!result.isValid()) {
return result;
}
// Get resultant object, the stored state
IState state = (IState) result.getValue();
result = this.isTheSameAction(request, target, state);
if (!result.isValid()) {
return result;
}
result = this.allRequiredParametersReceived(request, state, target);
if (!result.isValid()) {
return result;
}
// Hdiv parameter name
String hdivParameter = getHdivParameter(request);
Hashtable unauthorizedEditableParameters = new Hashtable();
Enumeration parameters = request.getParameterNames();
while (parameters.hasMoreElements()) {
String parameter = (String) parameters.nextElement();
// Check if the HDIV validation must be applied to the parameter
if (!this.hdivConfig.needValidation(parameter, hdivParameter)) {
if (log.isDebugEnabled() && !parameter.equals(hdivParameter)) {
log.debug("parameter " + parameter + " doesn't need validation");
}
continue;
}
// If the parameter requires no validation it is considered a valid parameter
if (this.isUserDefinedNonValidationParameter(targetWithoutContextPath, parameter)) {
continue;
}
IParameter stateParameter = state.getParameter(parameter);
if (stateParameter == null) {
// If the parameter is not defined in the state, it is an error.
// With this verification we guarantee that no extra parameters are added.
this.logger.log(HDIVErrorCodes.PARAMETER_NOT_EXISTS, target, parameter, null);
if (log.isDebugEnabled()) {
log.debug(
"Validation Error Detected: Parameter ["
+ parameter
+ "] does not exist in the state for action ["
+ target
+ "]");
}
return new ValidatorHelperResult(HDIVErrorCodes.PARAMETER_NOT_EXISTS);
}
// At this point we are processing a noneditable parameter
String[] values = request.getParameterValues(parameter);
// Check if the parameter is editable
if (stateParameter.isEditable()) {
if (hdivConfig.existValidations() && (stateParameter.getEditableDataType() != null)) {
this.validateEditableParameter(
request,
target,
parameter,
values,
stateParameter.getEditableDataType(),
unauthorizedEditableParameters);
}
continue;
}
try {
result =
this.validateParameterValues(request, target, state, stateParameter, parameter, values);
if (!result.isValid()) {
return result;
}
} catch (Exception e) {
String errorMessage = HDIVUtil.getMessage("validation.error", e.getMessage());
throw new HDIVException(errorMessage, e);
}
}
if (unauthorizedEditableParameters.size() > 0) {
return this.processValidateParameterErrors(request, unauthorizedEditableParameters);
}
return ValidatorHelperResult.VALID;
}
