-
1. Re: Change Validation Implementation
ilya_shaikovsky Aug 16, 2010 3:18 AM (in response to sunay)I'm not familiar with the ESAPI library so not sure when it should be invoked. But in general if you need to invoke some processing - you could try to use Phase Listener called Before Process Validations.
-
2. Re: Change Validation Implementation
sunay Aug 18, 2010 2:03 AM (in response to ilya_shaikovsky)Hello Ilya,
Thanks for your reply, and sorry for late reply Your suggession is right , I exactly done this but problem is there i need unique pattern ( regex ) every time
I actually tried for the phase listner as shown below
public class SecurityLifeCycleListner extends AjaxPhaseListener {
public void afterPhase(PhaseEvent phaseevent) {
}
public void beforePhase(PhaseEvent phaseevent) {
super.beforePhase(phaseevent);
if(phaseevent.getPhaseId() == PhaseId.PROCESS_VALIDATIONS ){
FacesContext facesContext = phaseevent.getFacesContext();
ExternalContext externalContext = facesContext.getExternalContext();
HttpServletRequest request = (HttpServletRequest) externalContext.getRequest();
Map requestMap = request.getParameterMap();
Set<String> keySet = requestMap.keySet();
for (String key : keySet) {
String value = request.getParameter(key) != null ? request.getParameter(key) : "";
try {
String canonicalText = ESAPI.encoder().canonicalize(value);
boolean isValid = ESAPI.validator().isValidInput(context, canonicalText ,securityPatternType,200,allowNull);
} catch (IntrusionException ie){
Util.getInstance().setErrorMsg( ie.getMessage(), ie);
throw ie;
}
}
}
}
}
My Problem is securityPatternType. I want to get different Security Patteren ( Also known as regex) so how to get different regex for each parameter. i.e i have parameter studentName then its regex is different then the regex for its description , is there any way to get the regex in phase listner , that we have defined in Annotation in Bean ?
Thanks for Reply
Sunay Shah