Mercurial > dive4elements > river
comparison flys-client/src/main/java/de/intevation/flys/client/server/GreetingServiceImpl.java @ 0:4e8be5e7855f
Start of a GWT based client for FLYS-3.0
flys-client/trunk@1305 c6561f87-3c4e-4783-a992-168aeb5c3f6f
author | Ingo Weinzierl <ingo.weinzierl@intevation.de> |
---|---|
date | Tue, 08 Feb 2011 10:29:49 +0000 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
-1:000000000000 | 0:4e8be5e7855f |
---|---|
1 package de.intevation.flys.client.server; | |
2 | |
3 import de.intevation.flys.client.client.GreetingService; | |
4 import de.intevation.flys.client.shared.FieldVerifier; | |
5 import com.google.gwt.user.server.rpc.RemoteServiceServlet; | |
6 | |
7 /** | |
8 * The server side implementation of the RPC service. | |
9 */ | |
10 @SuppressWarnings("serial") | |
11 public class GreetingServiceImpl extends RemoteServiceServlet implements | |
12 GreetingService { | |
13 | |
14 public String greetServer(String input) throws IllegalArgumentException { | |
15 // Verify that the input is valid. | |
16 if (!FieldVerifier.isValidName(input)) { | |
17 // If the input is not valid, throw an IllegalArgumentException back to | |
18 // the client. | |
19 throw new IllegalArgumentException( | |
20 "Name must be at least 4 characters long"); | |
21 } | |
22 | |
23 String serverInfo = getServletContext().getServerInfo(); | |
24 String userAgent = getThreadLocalRequest().getHeader("User-Agent"); | |
25 | |
26 // Escape data from the client to avoid cross-site script vulnerabilities. | |
27 input = escapeHtml(input); | |
28 userAgent = escapeHtml(userAgent); | |
29 | |
30 return "Hello, " + input + "!<br><br>I am running " + serverInfo | |
31 + ".<br><br>It looks like you are using:<br>" + userAgent; | |
32 } | |
33 | |
34 /** | |
35 * Escape an html string. Escaping data received from the client helps to | |
36 * prevent cross-site script vulnerabilities. | |
37 * | |
38 * @param html the html string to escape | |
39 * @return the escaped string | |
40 */ | |
41 private String escapeHtml(String html) { | |
42 if (html == null) { | |
43 return null; | |
44 } | |
45 return html.replaceAll("&", "&").replaceAll("<", "<").replaceAll( | |
46 ">", ">"); | |
47 } | |
48 } |