The security mechanism in JViews Web
applications is supported by means of request parameter validation
on the server side, which is disabled by default. The user needs to
enable it manually in the Web configuration file.
To enable parameter validation in the
web.xml
file:
To enable parameter validation in the
web.xml
file:
Required
setting
The standard configuration needed by a JViews Web application in
the
web.xml
file is as follows:
<context-param>
<param-name>ilog.views.servlet.CHECK_PARAM</param-name>
<param-value>true</param-value>
</context-param>
<listener>
<listener-class>ilog.views.util.servlet.IlvParameterValidationContextListener</listener-class>
</listener>
The context parameter of ilog.views.servlet.CHECK_PARAM
works as a master switch to enable or disable the parameter
validation feature. The IlvParameterValidationContextListener
class works as the servlet context listener to retrieve the
context parameter values from the Web configuration file when
the servlet context is initialized.
Optional setting
The following optional settings are
available in JViews Web applications:
ilog.views.servlet.RESOURCE_VALIDATION_LISTENER.
The ilog.views.servlet.RESOURCE_VALIDATION_LISTENER
setting is specially designed to inject the customized
validation listener when loading resources. This setting is
exposed through the context parameter facility and can be set
as follows.
<context-param>
<param-name>ilog.views.servlet.RESOURCE_VALIDATION_LISTENER</param-name>
<param-value>demo.MyResourceParameterValidationListener</param-value>
</context-param>
ilog.views.servlet.CHECK_SERVLET_CLASSES.
The ilog.views.servlet.CHECK_SERVLET_CLASSES
setting is designed to enable request parameter validation
for a set of given servlets, which are the comma-separated
list of class names. This setting is exposed through the
context parameter facility and can be set as follows:
<context-param>
<param-name>ilog.views.servlet.CHECK_SERVLET_CLASSES</param-name>
<param-value>ilog.views.faces.IlvResourceController,ilog.views.diagrammer.faces.dhtml.servlet.IlvFacesDiagrammerServlet</param-value>
</context-param>
To choose specific servlet classes in
which to enable parameter validation, see Servlet and
component classes to find the appropriate JViews servlet
class.