2 Replies Latest reply on Aug 18, 2010 2:03 AM by sunay

    Change Validation Implementation

    sunay
    sunay Aug 16, 2010 2:25 AM

      Hello All,

       

      I am using Rich:bean Validator as my field validation, It is working fine, but i want to apply security over the parameter so i am using esapi  liberary for implementing security. My Problem is i want to canonicalize my strings before applying field level validation , so before calling validation for the field i want to execute few of the code which is checking secure paramtere or not through the ESAPI liberary.

       

       

      My question is how to call that code before executing the  bean validation ?

       

       

      Thanks

      Sunay

      • 3377 Views
      • Tags:
        • 1. Re: Change Validation Implementation
          ilya_shaikovsky
          ilya_shaikovsky Aug 16, 2010 3:18 AM (in response to sunay)

          I'm not familiar with the ESAPI library so not sure when it should be invoked. But in general if you need to invoke some processing - you could try to use Phase Listener called Before Process Validations.

            • Actions
          • 2. Re: Change Validation Implementation
            sunay
            sunay Aug 18, 2010 2:03 AM (in response to ilya_shaikovsky)

            Hello Ilya,

             

            Thanks for your reply, and sorry for late reply Your suggession is right , I exactly done this but problem is there i need unique pattern ( regex ) every time

             

            I actually tried for the phase listner  as shown below

             

             

            public class SecurityLifeCycleListner extends  AjaxPhaseListener {

             

             

                public void afterPhase(PhaseEvent phaseevent) {

             

                }

             

                public void beforePhase(PhaseEvent phaseevent) {

                    super.beforePhase(phaseevent);

                   if(phaseevent.getPhaseId() == PhaseId.PROCESS_VALIDATIONS ){          

                        FacesContext facesContext = phaseevent.getFacesContext();

                        ExternalContext externalContext = facesContext.getExternalContext();

                        HttpServletRequest request =    (HttpServletRequest) externalContext.getRequest();

                        Map requestMap = request.getParameterMap();

                        Set<String> keySet = requestMap.keySet();          

                        for (String key : keySet) {

                            String value = request.getParameter(key) != null  ? request.getParameter(key) : "";

                            try {

                               String canonicalText = ESAPI.encoder().canonicalize(value);

                                boolean isValid = ESAPI.validator().isValidInput(context, canonicalText ,securityPatternType,200,allowNull);

             

                            } catch (IntrusionException ie){

                                Util.getInstance().setErrorMsg( ie.getMessage(), ie);

                                throw ie;

                            }

                        }

                    }

                }

            }

             

             

            My Problem is  securityPatternType. I want to get different Security Patteren ( Also known as regex) so how to get different regex for each parameter. i.e i have parameter studentName then its regex is different then the regex for its description , is there any way to get the regex in phase listner , that we have defined in Annotation in Bean ?

             

             

            Thanks for Reply

            Sunay Shah

              • Actions