Mercurial > dive4elements > river

diff flys-client/src/main/java/de/intevation/flys/client/server/GreetingServiceImpl.java @ 0:4e8be5e7855f
Start of a GWT based client for FLYS-3.0 flys-client/trunk@1305 c6561f87-3c4e-4783-a992-168aeb5c3f6f
author: Ingo Weinzierl <ingo.weinzierl@intevation.de>
date: Tue, 08 Feb 2011 10:29:49 +0000
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/flys-client/src/main/java/de/intevation/flys/client/server/GreetingServiceImpl.java	Tue Feb 08 10:29:49 2011 +0000
@@ -0,0 +1,48 @@
+package de.intevation.flys.client.server;
+
+import de.intevation.flys.client.client.GreetingService;
+import de.intevation.flys.client.shared.FieldVerifier;
+import com.google.gwt.user.server.rpc.RemoteServiceServlet;
+
+/**
+ * The server side implementation of the RPC service.
+ */
+@SuppressWarnings("serial")
+public class GreetingServiceImpl extends RemoteServiceServlet implements
+    GreetingService {
+
+  public String greetServer(String input) throws IllegalArgumentException {
+    // Verify that the input is valid. 
+    if (!FieldVerifier.isValidName(input)) {
+      // If the input is not valid, throw an IllegalArgumentException back to
+      // the client.
+      throw new IllegalArgumentException(
+          "Name must be at least 4 characters long");
+    }
+
+    String serverInfo = getServletContext().getServerInfo();
+    String userAgent = getThreadLocalRequest().getHeader("User-Agent");
+
+    // Escape data from the client to avoid cross-site script vulnerabilities.
+    input = escapeHtml(input);
+    userAgent = escapeHtml(userAgent);
+
+    return "Hello, " + input + "!<br><br>I am running " + serverInfo
+        + ".<br><br>It looks like you are using:<br>" + userAgent;
+  }
+
+  /**
+   * Escape an html string. Escaping data received from the client helps to
+   * prevent cross-site script vulnerabilities.
+   * 
+   * @param html the html string to escape
+   * @return the escaped string
+   */
+  private String escapeHtml(String html) {
+    if (html == null) {
+      return null;
+    }
+    return html.replaceAll("&", "&amp;").replaceAll("<", "&lt;").replaceAll(
+        ">", "&gt;");
+  }
+}
author	Ingo Weinzierl <ingo.weinzierl@intevation.de>
date	Tue, 08 Feb 2011 10:29:49 +0000
parents
children