Configure overriding parameter validator components if you need to enforce different rules for query parameter validation in specific situations. For example, you can configure validation rules that apply to a specific part of your web application and not to others.
The overridingValidators
property of the /atg/dynamo/servlet/security/ParameterValidator
component holds a list of the nucleus paths of overriding parameter validator components. When the ParameterValidator validates query parameters, it checks each component named in the overridingValidators
property. It calls the canValidateRequest
method of each component. If the component returns the value true, ParameterValidator delegates responsibility for checking the query parameters to that component. Once one of the overriding validator components returns true to indicate that it can validate the request, ParameterValidator will stop checking the remaining overriding validator components. If none of the overriding validator components returns true, it will validate the query parameters itself.
To create an overriding parameter validator:
Create a custom class that implements the
atg.servlet.security.param.RequestParameterValidator
interface. See Custom Validator Class.Create a nucleus component based on the custom class.
Add the nucleus path of the component to the
overridingValidators
property of theParameterValidator
component.
Custom Validator Class
Base overriding parameter validator components on a custom Java class that implements the atg.servlet.security.param.RequestParameterValidator
interface. The custom class must implement the following two methods:
canValidateRequest
- This method takes anatg.servlet.DynamoHttpServletRequest
object as its argument and returns a boolean value to indicate whether the validator component will validate the request.areParamValuesSuspicious
- This method takes the String name of a query parameter and the parameter values in an array of String objects. It returns a boolean value to indicate whether the query parameters are dangerous and justify stopping the process.
The following example class shows the required methods.
package com.mycompany.validators; import atg.servlet.DynamoHttpServletRequest; import atg.servlet.security.param.RequestParameterValidator; public class MyOverridingValidator implements RequestParameterValidator { @Override public boolean canValidateRequest(DynamoHttpServletRequest pRequest) { /* Implement tests to determine whether this component should validate a particular request. */ } @Override public boolean areParamValuesSuspicious(String pParamName, String[] pValues) { /* Implement tests to determine whether the parameter values are suspicious. */ } }