Package org.broadleafcommerce.openadmin.security

Class ClassNameRequestParamValidationServiceImpl

java.lang.Object
org.broadleafcommerce.openadmin.security.ClassNameRequestParamValidationServiceImpl
All Implemented Interfaces:
ClassNameRequestParamValidationService
@Service("blClassNameRequestParamValidationService") public class ClassNameRequestParamValidationServiceImpl extends Object implements ClassNameRequestParamValidationService
Author:
Jeff Fischer
See Also:

  • Field Details

  • Constructor Details

    • ClassNameRequestParamValidationServiceImpl

      public ClassNameRequestParamValidationServiceImpl()

  • Method Details

    • validateClassNameParams

      public boolean validateClassNameParams(Map<String,String> requestParamToClassName, String persistenceUnitName)
      Description copied from interface: ClassNameRequestParamValidationService
      Compare a map of request params to fully qualified classname values against the whitelist.
      Specified by:
      validateClassNameParams in interface ClassNameRequestParamValidationService
      Parameters:
      requestParamToClassName - a map of request params and associated fully qualified classnames to confirm against the whitelist
      persistenceUnitName - the persistence unit the white list is generated from
      Returns:
      whether or not the map of values is valid

    • getClassNameForSection

      public String getClassNameForSection(String sectionKey)
      Description copied from interface: ClassNameRequestParamValidationService
      Retrieve a fully qualified classname using a sectionKey. Will return the passed in sectionKey if not classname is registered for it in the datastore. Since it's possible for no classname to be registered and for the key to be a fully qualified classname itself, any unmatched sectionKey is confirmed against the whitelist. If found to be not valid, a SectionKeyValidationException instance is thrown. If thrown from within a Spring MVC controller, this exception will result in an Http 404 status code back to the requester.
      Specified by:
      getClassNameForSection in interface ClassNameRequestParamValidationService
      Parameters:
      sectionKey - the sectionKey used to retrieve the fully qualified classname
      Returns:
      the fully qualified classname associated with the sectionKey, or the sectionKey itself if no match is found

    • getSectionCrumbs

      public List<SectionCrumb> getSectionCrumbs(String crumbList)
      Description copied from interface: ClassNameRequestParamValidationService
      Retrieve a list of section crumbs given a delimited string (usually harvested from the "sectionCrumbs" param on a Http request). The SectionCrumb instances contains sectionKey information, and are therefore susceptible to the same validation requirements as ClassNameRequestParamValidationService.getClassNameForSection(String). If a sectionKey is found to be not valid, a SectionKeyValidationException instance is thrown. If thrown from within a Spring MVC controller, this exception will result in an Http 404 status code back to the requester.
      Specified by:
      getSectionCrumbs in interface ClassNameRequestParamValidationService
      Parameters:
      crumbList - the delimited string (related to the "sectionCrumbs" param in an Http request)
      Returns:
      the list of section crumbs representing the currently active admin sections for a given request