Configure overriding parameter validator components if you need to enforce different rules for query parameter validation in specific situations. For example, you can configure validation rules that apply to a specific part of your web application and not to others.
The overridingValidators property of the /atg/dynamo/servlet/security/ParameterValidator component holds a list of the nucleus paths of overriding parameter validator components. When the ParameterValidator validates query parameters, it checks each component named in the overridingValidators property. It calls the canValidateRequest method of each component. If the component returns the value true, ParameterValidator delegates responsibility for checking the query parameters to that component. Once one of the overriding validator components returns true to indicate that it can validate the request, ParameterValidator will stop checking the remaining overriding validator components. If none of the overriding validator components returns true, it will validate the query parameters itself.
To create an overriding parameter validator:
Create a custom class that implements the
atg.servlet.security.param.RequestParameterValidatorinterface. See Custom Validator Class.Create a nucleus component based on the custom class.
Add the nucleus path of the component to the
overridingValidatorsproperty of theParameterValidatorcomponent.
Custom Validator Class
Base overriding parameter validator components on a custom Java class that implements the atg.servlet.security.param.RequestParameterValidator interface. The custom class must implement the following two methods:
canValidateRequest- This method takes anatg.servlet.DynamoHttpServletRequestobject as its argument and returns a boolean value to indicate whether the validator component will validate the request.areParamValuesSuspicious- This method takes the String name of a query parameter and the parameter values in an array of String objects. It returns a boolean value to indicate whether the query parameters are dangerous and justify stopping the process.
The following example class shows the required methods.
package com.mycompany.validators;
import atg.servlet.DynamoHttpServletRequest;
import atg.servlet.security.param.RequestParameterValidator;
public class MyOverridingValidator implements RequestParameterValidator {
@Override
public boolean canValidateRequest(DynamoHttpServletRequest pRequest) {
/* Implement tests to determine whether this component should
validate a particular request. */
}
@Override
public boolean areParamValuesSuspicious(String pParamName, String[] pValues) {
/* Implement tests to determine whether the parameter values
are suspicious. */
}
}
