Mercurial > dive4elements > river
diff flys-client/src/main/java/de/intevation/flys/client/server/GreetingServiceImpl.java @ 0:4e8be5e7855f
Start of a GWT based client for FLYS-3.0
flys-client/trunk@1305 c6561f87-3c4e-4783-a992-168aeb5c3f6f
author | Ingo Weinzierl <ingo.weinzierl@intevation.de> |
---|---|
date | Tue, 08 Feb 2011 10:29:49 +0000 |
parents | |
children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/flys-client/src/main/java/de/intevation/flys/client/server/GreetingServiceImpl.java Tue Feb 08 10:29:49 2011 +0000 @@ -0,0 +1,48 @@ +package de.intevation.flys.client.server; + +import de.intevation.flys.client.client.GreetingService; +import de.intevation.flys.client.shared.FieldVerifier; +import com.google.gwt.user.server.rpc.RemoteServiceServlet; + +/** + * The server side implementation of the RPC service. + */ +@SuppressWarnings("serial") +public class GreetingServiceImpl extends RemoteServiceServlet implements + GreetingService { + + public String greetServer(String input) throws IllegalArgumentException { + // Verify that the input is valid. + if (!FieldVerifier.isValidName(input)) { + // If the input is not valid, throw an IllegalArgumentException back to + // the client. + throw new IllegalArgumentException( + "Name must be at least 4 characters long"); + } + + String serverInfo = getServletContext().getServerInfo(); + String userAgent = getThreadLocalRequest().getHeader("User-Agent"); + + // Escape data from the client to avoid cross-site script vulnerabilities. + input = escapeHtml(input); + userAgent = escapeHtml(userAgent); + + return "Hello, " + input + "!<br><br>I am running " + serverInfo + + ".<br><br>It looks like you are using:<br>" + userAgent; + } + + /** + * Escape an html string. Escaping data received from the client helps to + * prevent cross-site script vulnerabilities. + * + * @param html the html string to escape + * @return the escaped string + */ + private String escapeHtml(String html) { + if (html == null) { + return null; + } + return html.replaceAll("&", "&").replaceAll("<", "<").replaceAll( + ">", ">"); + } +}