Rogue Wave JViews TGO > Programmers documentation > Building Web applications > JViews Web applications client/server exchange protocols and securities > JViews Web application security > Enabling the security mechanism in JViews Web applications
INDEX | PREVIOUS  NEXT

Enabling the security mechanism in JViews Web applications

The security mechanism in JViews Web applications is supported by means of request parameter validation on the server side, which is disabled by default. The user needs to enable it manually in the Web configuration file.
To enable parameter validation in the web.xml file:
To enable parameter validation in the web.xml file:
  • Required setting
    The standard configuration needed by a JViews Web application in the web.xml file is as follows: 
    <context-param>
  <param-name>ilog.views.servlet.CHECK_PARAM</param-name>
  <param-value>true</param-value>
</context-param>
<listener>
  <listener-class>ilog.views.util.servlet.IlvParameterValidationContextListener</listener-class>
</listener>
    The context parameter of ilog.views.servlet.CHECK_PARAM works as a master switch to enable or disable the parameter validation feature. The IlvParameterValidationContextListener class works as the servlet context listener to retrieve the context parameter values from the Web configuration file when the servlet context is initialized.
  • Optional setting
    The following optional settings are available in JViews Web applications:
    • ilog.views.servlet.RESOURCE_VALIDATION_LISTENER. The ilog.views.servlet.RESOURCE_VALIDATION_LISTENER setting is specially designed to inject the customized validation listener when loading resources. This setting is exposed through the context parameter facility and can be set as follows. 
      <context-param>
  <param-name>ilog.views.servlet.RESOURCE_VALIDATION_LISTENER</param-name>
  <param-value>demo.MyResourceParameterValidationListener</param-value>
</context-param>
      The demo.MyResourceParameterValidationListener class is a subclass of IlvParameterValidationListener.
      For more information, see <installdir> /jviews-framework89/samples/xmlgrapher/index.html and <installdir> /jviews-diagrammer89/codefragments/jsf-diagrammer-ice/index.html.
    • ilog.views.servlet.CHECK_SERVLET_CLASSES. The ilog.views.servlet.CHECK_SERVLET_CLASSES setting is designed to enable request parameter validation for a set of given servlets, which are the comma-separated list of class names. This setting is exposed through the context parameter facility and can be set as follows: 
      <context-param>
  <param-name>ilog.views.servlet.CHECK_SERVLET_CLASSES</param-name>
  <param-value>ilog.views.faces.IlvResourceController,ilog.views.diagrammer.faces.dhtml.servlet.IlvFacesDiagrammerServlet</param-value>
</context-param>
      The above setting enables request parameter validation in the servlets of IlvResourceController when loading resources and IlvFacesDiagrammerServlet for all JViews Diagrammer requests.
      To choose specific servlet classes in which to enable parameter validation, see Servlet and component classes to find the appropriate JViews servlet class.
Current section
PREVIOUS  NEXT
© Copyright Rogue Wave 2015. Legal Terms