ValidateURLServlet is a security precaution that prevents spoofing of URLs. When a user initiates an action, an action parameter holding an ID for the action is added to the URL. An encryption key based on the action parameter value is also added to the URL. Likewise, when a user selects a view, a view parameter and corresponding encryption key are appended to the URL. When both action and view parameters are added to the URL, the encryption key represents the combination of the parameter values.

ValidateURLServlet recalculates the encryption key in the URL based on the action or view parameter values and compares it to the encryption key already in the URL. For URLs with the appropriate key, ValidateURLServlet adds an attribute to the request, which permits ATG Content Administration to display the request URL. URLs that lack the expected key do not include the request attribute and as a result, cause errors when rendering the request URL.

The best way to disable ValidateURLServlet is to configure ATG Content Administration to display the request URL regardless of whether the request includes the attribute. To do this, set the validateActions and validateViews properties of <ATG10dir>\Publishing\base\config\atg\epub\pws\framework\ to false.

Copyright © 1997, 2013 Oracle and/or its affiliates. All rights reserved. Legal Notices