The security mechanism in JViews Web applications is supported by means of request
parameter validation on the server side, which is disabled by default.
The user needs to enable it manually in the Web configuration file.
To enable parameter validation in the web.xml
file:
To enable parameter validation in the web.xml
file:
Required setting
The standard configuration needed by a JViews Web application in the web.xml
file
is as follows:
<context-param>
<param-name>ilog.views.servlet.CHECK_PARAM</param-name>
<param-value>true</param-value>
</context-param>
<listener>
<listener-class>ilog.views.util.servlet.IlvParameterValidationContextListener</listener-class>
</listener>
The context parameter of ilog.views.servlet.CHECK_PARAM works
as a master switch to enable or disable the parameter validation feature.
The IlvParameterValidationContextListener class
works as the servlet context listener to retrieve the context parameter
values from the Web configuration file when the servlet context is
initialized.
Optional setting
The following optional settings are available in JViews Web applications:
ilog.views.servlet.RESOURCE_VALIDATION_LISTENER.
The ilog.views.servlet.RESOURCE_VALIDATION_LISTENER setting
is specially designed to inject the customized validation listener
when loading resources. This setting is exposed through the context
parameter facility and can be set as follows.
<context-param>
<param-name>ilog.views.servlet.RESOURCE_VALIDATION_LISTENER</param-name>
<param-value>demo.MyResourceParameterValidationListener</param-value>
</context-param>
ilog.views.servlet.CHECK_SERVLET_CLASSES.
The ilog.views.servlet.CHECK_SERVLET_CLASSES setting
is designed to enable request parameter validation for a set of given
servlets, which are the comma-separated list of class names. This
setting is exposed through the context parameter facility and can
be set as follows:
<context-param>
<param-name>ilog.views.servlet.CHECK_SERVLET_CLASSES</param-name>
<param-value>ilog.views.faces.IlvResourceController,ilog.views.diagrammer.faces.dhtml.servlet.IlvFacesDiagrammerServlet</param-value>
</context-param>
To choose specific servlet classes
in which to enable parameter validation, see
Servlet and component classes to find the appropriate JViews servlet class.