Package org.eclnt.jsfserver.util

Class ServletUtil

java.lang.Object
org.eclnt.jsfserver.util.ServletUtil
All Implemented Interfaces:
ICCServerConstants
public class ServletUtil extends Object implements ICCServerConstants

  • Field Details

  • Constructor Details

    • ServletUtil

      public ServletUtil()

  • Method Details

    • initialize

      public static void initialize()

    • initClientIdCookieParamHttpOnly

      public static void initClientIdCookieParamHttpOnly(boolean httpOnly)

    • initClientIdCookieParamSecure

      public static void initClientIdCookieParamSecure(boolean secure)

    • initClientIdCookieParamSecure

      public static void initClientIdCookieParamSecure(String secure)

    • initClientIdCookieParamSameSite

      public static void initClientIdCookieParamSameSite(String sameSite)
      Parameters:
      sameSite - "Strict", "Lax", "None" or null

    • encodeURL

      public static String encodeURL(String url, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)

    • encodeURLWithoutURLEncoding

      public static String encodeURLWithoutURLEncoding(String url, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)

    • decodeURL

      public static String decodeURL(String url)

    • addQueryParameterToURL

      public static String addQueryParameterToURL(String url, String name, String value)

    • ensureServletGetIsAllowed

      public static void ensureServletGetIsAllowed(Class clazz)

    • isolateResourcePath

      public static String isolateResourcePath(javax.servlet.http.HttpServletRequest req)
      Find the resource path that is relative to the web content view.
      Returns:
      The result is returned starting as a relative path, not starting with a "/".

    • findWebappCookiePath

      public static String findWebappCookiePath(javax.servlet.http.HttpServletRequest req)
      Parameters:
      req - Must be a faces request!
      Returns:
      Path of the cookie so that it is use-able for whole application context. E.g. when original URL is http://aaa/bbb/faces/... then the returned path is "/aaa/bbb". If no webapp path can be found then "/" is returned.

    • isolateOriginalUrlWebappContextPath

      public static String isolateOriginalUrlWebappContextPath(javax.servlet.http.HttpServletRequest req)
      Parameters:
      req - Must be a faces request!
      Returns:
      If original URL is available => "/...rootOfWebApp...>". Otherwise: null.

    • isolateOriginalProtocol

      public static String isolateOriginalProtocol(javax.servlet.http.HttpServletRequest req, boolean withError)
      Parameters:
      req - Must be a faces request!
      Returns:
      Protocol, e.g. "http" or "https"

    • isolateOriginalServer

      public static String isolateOriginalServer(javax.servlet.http.HttpServletRequest req, boolean withError)
      Parameters:
      req - Must be a faces request!
      Returns:
      Server (without port!).

    • updateResource

      public static String updateResource(javax.servlet.http.HttpServletRequest req, String resource)
      Update the resource name

    • proposeContentType

      public static String proposeContentType(String extension)

    • writeEclntIdCookie

      public static void writeEclntIdCookie(javax.servlet.http.HttpServletResponse resp, String id)

    • writeCookie

      public static void writeCookie(javax.servlet.http.HttpServletResponse resp, String name, String path, String value, boolean httponly, String samesite, boolean secure)

    • calculateExpirationDateForever

      public static String calculateExpirationDateForever()

    • ensureSessionIsAvailableAndValid

      public static void ensureSessionIsAvailableAndValid(javax.servlet.http.HttpServletRequest req) throws ServletUtil.SessionIsNotAvailableOrInvalidException
      Throws:
      ServletUtil.SessionIsNotAvailableOrInvalidException

    • checkIfRISCUrlStartedInDevelopmentMode

      public static boolean checkIfRISCUrlStartedInDevelopmentMode(javax.servlet.http.HttpServletRequest startRequest)

    • getPathBehindContextPath

      public static String getPathBehindContextPath(javax.servlet.http.HttpServletRequest request)
      The path (without query parameters!) behind the context path of the current request.

    • setResponseContentType

      public static void setResponseContentType(javax.servlet.http.HttpServletResponse response, String contentType)
      Central method for setting response content type - with sanitizing the content.

    • setResponseHeader

      public static void setResponseHeader(javax.servlet.http.HttpServletResponse response, String fieldName, String attributeValue)
      Central method for setting response header attributes - with sanitizing the content.

    • sanitizeContentType

      public static String sanitizeContentType(String contentType)

    • sanitizeCookieValue

      public static String sanitizeCookieValue(String value)

    • readRequestParameterFromDesignTimeRequest

      public static String readRequestParameterFromDesignTimeRequest(javax.servlet.http.HttpServletRequest req, String parameterName)
      Reads an http parameter from the request - but only if the request is targeting a design time server. If the server is a "real" system then null is returned.

    • ensureRequestIsDesignTimeRequest

      public static void ensureRequestIsDesignTimeRequest(javax.servlet.http.HttpServletRequest req)
      Similar to checkIfRequestIsDesignTimerRequest(HttpServletRequest) but now throws an Error if not running in design time mode.

    • checkIfRequestIsDesignTimerRequest

      public static boolean checkIfRequestIsDesignTimerRequest(javax.servlet.http.HttpServletRequest req)
      Certain requests are only processed in a design time version of the server - in order to support anylysis of the system. This function is the central one to check if a request is contacting a system running in design time or a system running as "real" system.

    • setSessionAttributeWithTrustedName

      public static void setSessionAttributeWithTrustedName(javax.servlet.http.HttpSession session, String attributeName, Object data)
      Central method for setting HttpSession attributes. The caller makes sure that the data that the attributeName that is used is trust-able.

      The method needs to be called by any code that sets attributes with a dynamic name.

    • writeTrustedDataToResponseOutputStream

      public static void writeTrustedDataToResponseOutputStream(javax.servlet.http.HttpServletResponse resp, byte[] data) throws IOException
      Central method for writing trusted data into response output stream. The caller of this method must ensure that the data is not infected with e.g. user input or user data.
      Throws:
      IOException

    • addFileNameAdviceIntoURL

      public static String addFileNameAdviceIntoURL(String url, String fileName)