Package org.eclnt.jsfserver.util
Class ServletUtil
java.lang.Object
org.eclnt.jsfserver.util.ServletUtil
- All Implemented Interfaces:
ICCServerConstants
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
static class
-
Field Summary
Fields inherited from interface org.eclnt.jsfserver.util.ICCServerConstants
CLIENTJAVATYPE_FX, CLIENTJAVATYPE_SWING, CLIENTTYPE_APPLET, CLIENTTYPE_APPLICATION, CLIENTTYPE_BROWSER, CLIENTTYPE_RISC, CLIENTTYPE_UI5, CLIENTTYPE_WEBSTART, EXPLICIT_NULL, FOCUSSEQUENCE_FIX_PREFIX, HEADER_ATTRIBUTE_CLIENT, HEADER_ATTRIBUTE_CLIENTJAVATYPE, HEADER_ATTRIBUTE_COOKIESENABLED, HEADER_ATTRIBUTE_COUNTRY, HEADER_ATTRIBUTE_DEVICESCREENHEIGHT, HEADER_ATTRIBUTE_DEVICESCREENWIDTH, HEADER_ATTRIBUTE_DEVICETYPE, HEADER_ATTRIBUTE_LANGUAGE, HEADER_ATTRIBUTE_MEDIADEVICES, HEADER_ATTRIBUTE_ORIGINALURL, HEADER_ATTRIBUTE_PERFORMANCEDATA, HEADER_ATTRIBUTE_REQUESTID, HEADER_ATTRIBUTE_TIMEZONEOFFSET, HEADER_ATTRIBUTE_USERAGENT, HEADER_ATTRIBUTE_XFRAMEOPTIONS, HEADER_RESPONSE_ATTRIBUTE_HTTPSESSIONID, HEADER_RESPONSE_ATTRIBUTE_HTTPSESSIONREFERENCEURL, HEADER_RESPONSE_ATTRIBUTE_HTTPSESSIONTRACKINGMODE, HEADER_RESPONSE_ATTRIBUTE_OVERRIDE, HEADER_RESPONSE_ATTRIBUTE_RELOAD, HEADER_RESPONSE_ATTRIBUTE_STYLE, INPUTMASK_VALUEMODE_WITHMASK, INPUTMASK_VALUEMODE_WITHOUTMASK, LAYOUTEXTENSION_JSP, LAYOUTEXTENSION_XML, QP_CCSTYLE, QP_KEEPDIALOGSESSION, QP_SUBPAGEID, SECURITY_ROLE_CCADMIN, SESSION_TRACKING_COOKIE, SESSION_TRACKING_URL, TEXTPANE_CONTENTTYPE_HTML, TEXTPANE_CONTENTTYPE_PLAIN
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic String
addFileNameAdviceIntoURL
(String url, String fileName) static String
addQueryParameterToURL
(String url, String name, String value) static String
static boolean
checkIfRequestIsDesignTimerRequest
(javax.servlet.http.HttpServletRequest req) Certain requests are only processed in a design time version of the server - in order to support anylysis of the system.static boolean
checkIfRISCUrlStartedInDevelopmentMode
(javax.servlet.http.HttpServletRequest startRequest) static String
static String
encodeURL
(String url, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp) static String
encodeURLWithoutURLEncoding
(String url, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp) static void
ensureRequestIsDesignTimeRequest
(javax.servlet.http.HttpServletRequest req) Similar tocheckIfRequestIsDesignTimerRequest(HttpServletRequest)
but now throws an Error if not running in design time mode.static void
ensureServletGetIsAllowed
(Class clazz) static void
ensureSessionIsAvailableAndValid
(javax.servlet.http.HttpServletRequest req) static String
findWebappCookiePath
(javax.servlet.http.HttpServletRequest req) static String
getPathBehindContextPath
(javax.servlet.http.HttpServletRequest request) The path (without query parameters!)static void
initClientIdCookieParamHttpOnly
(boolean httpOnly) static void
initClientIdCookieParamSameSite
(String sameSite) static void
initClientIdCookieParamSecure
(boolean secure) static void
initClientIdCookieParamSecure
(String secure) static void
static String
isolateOriginalProtocol
(javax.servlet.http.HttpServletRequest req, boolean withError) static String
isolateOriginalServer
(javax.servlet.http.HttpServletRequest req, boolean withError) static String
isolateOriginalUrlWebappContextPath
(javax.servlet.http.HttpServletRequest req) static String
isolateResourcePath
(javax.servlet.http.HttpServletRequest req) Find the resource path that is relative to the web content view.static String
proposeContentType
(String extension) static String
readRequestParameterFromDesignTimeRequest
(javax.servlet.http.HttpServletRequest req, String parameterName) Reads an http parameter from the request - but only if the request is targeting a design time server.static String
sanitizeContentType
(String contentType) static String
sanitizeCookieValue
(String value) static void
setResponseContentType
(javax.servlet.http.HttpServletResponse response, String contentType) Central method for setting response content type - with sanitizing the content.static void
setResponseHeader
(javax.servlet.http.HttpServletResponse response, String fieldName, String attributeValue) Central method for setting response header attributes - with sanitizing the content.static void
setSessionAttributeWithTrustedName
(javax.servlet.http.HttpSession session, String attributeName, Object data) Central method for setting HttpSession attributes.static String
updateResource
(javax.servlet.http.HttpServletRequest req, String resource) Update the resource namestatic void
writeCookie
(javax.servlet.http.HttpServletResponse resp, String name, String path, String value, boolean httponly, String samesite, boolean secure) static void
writeEclntIdCookie
(javax.servlet.http.HttpServletResponse resp, String id) static void
writeTrustedDataToResponseOutputStream
(javax.servlet.http.HttpServletResponse resp, byte[] data) Central method for writing trusted data into response output stream.
-
Field Details
-
ECLNTID_COOKIE_NAME
- See Also:
-
-
Constructor Details
-
ServletUtil
public ServletUtil()
-
-
Method Details
-
initialize
public static void initialize() -
initClientIdCookieParamHttpOnly
public static void initClientIdCookieParamHttpOnly(boolean httpOnly) -
initClientIdCookieParamSecure
public static void initClientIdCookieParamSecure(boolean secure) -
initClientIdCookieParamSecure
-
initClientIdCookieParamSameSite
- Parameters:
sameSite
- "Strict", "Lax", "None" or null
-
encodeURL
-
encodeURLWithoutURLEncoding
-
decodeURL
-
addQueryParameterToURL
-
ensureServletGetIsAllowed
-
isolateResourcePath
Find the resource path that is relative to the web content view.- Returns:
- The result is returned starting as a relative path, not starting with a "/".
-
findWebappCookiePath
- Parameters:
req
- Must be a faces request!- Returns:
- Path of the cookie so that it is use-able for whole application context. E.g. when original URL is http://aaa/bbb/faces/... then the returned path is "/aaa/bbb". If no webapp path can be found then "/" is returned.
-
isolateOriginalUrlWebappContextPath
- Parameters:
req
- Must be a faces request!- Returns:
- If original URL is available => "/...rootOfWebApp...>". Otherwise: null.
-
isolateOriginalProtocol
public static String isolateOriginalProtocol(javax.servlet.http.HttpServletRequest req, boolean withError) - Parameters:
req
- Must be a faces request!- Returns:
- Protocol, e.g. "http" or "https"
-
isolateOriginalServer
public static String isolateOriginalServer(javax.servlet.http.HttpServletRequest req, boolean withError) - Parameters:
req
- Must be a faces request!- Returns:
- Server (without port!).
-
updateResource
Update the resource name -
proposeContentType
-
writeEclntIdCookie
-
writeCookie
-
calculateExpirationDateForever
-
ensureSessionIsAvailableAndValid
public static void ensureSessionIsAvailableAndValid(javax.servlet.http.HttpServletRequest req) throws ServletUtil.SessionIsNotAvailableOrInvalidException -
checkIfRISCUrlStartedInDevelopmentMode
public static boolean checkIfRISCUrlStartedInDevelopmentMode(javax.servlet.http.HttpServletRequest startRequest) -
getPathBehindContextPath
The path (without query parameters!) behind the context path of the current request. -
setResponseContentType
public static void setResponseContentType(javax.servlet.http.HttpServletResponse response, String contentType) Central method for setting response content type - with sanitizing the content. -
setResponseHeader
public static void setResponseHeader(javax.servlet.http.HttpServletResponse response, String fieldName, String attributeValue) Central method for setting response header attributes - with sanitizing the content. -
sanitizeContentType
-
sanitizeCookieValue
-
readRequestParameterFromDesignTimeRequest
public static String readRequestParameterFromDesignTimeRequest(javax.servlet.http.HttpServletRequest req, String parameterName) Reads an http parameter from the request - but only if the request is targeting a design time server. If the server is a "real" system then null is returned. -
ensureRequestIsDesignTimeRequest
public static void ensureRequestIsDesignTimeRequest(javax.servlet.http.HttpServletRequest req) Similar tocheckIfRequestIsDesignTimerRequest(HttpServletRequest)
but now throws an Error if not running in design time mode. -
checkIfRequestIsDesignTimerRequest
public static boolean checkIfRequestIsDesignTimerRequest(javax.servlet.http.HttpServletRequest req) Certain requests are only processed in a design time version of the server - in order to support anylysis of the system. This function is the central one to check if a request is contacting a system running in design time or a system running as "real" system. -
setSessionAttributeWithTrustedName
public static void setSessionAttributeWithTrustedName(javax.servlet.http.HttpSession session, String attributeName, Object data) Central method for setting HttpSession attributes. The caller makes sure that the data that the attributeName that is used is trust-able.
The method needs to be called by any code that sets attributes with a dynamic name. -
writeTrustedDataToResponseOutputStream
public static void writeTrustedDataToResponseOutputStream(javax.servlet.http.HttpServletResponse resp, byte[] data) throws IOException Central method for writing trusted data into response output stream. The caller of this method must ensure that the data is not infected with e.g. user input or user data.- Throws:
IOException
-
addFileNameAdviceIntoURL
-