com.day.cq.wcm.foundation.security

Interface SaferSlingPostValidator

public interface SaferSlingPostValidator

Service to check Sling Post requests for unsafe constructs.

Field Summary

Fields

Modifier and Type	Field and Description
static boolean	ACCEPT ACCEPT returned when a request may be accepted.
static java.lang.String	POST_DEPTH_ATTRIBUTE Attribute set on the request to indicate the depth under the target request which :applyTo should be allowed to reference.
static boolean	REJECT REJECT returned when a request should be rejected.

Method Summary

Modifier and Type	Method and Description
boolean	reject(SlingHttpServletRequest request, java.lang.String... whitelistPatterns) Reject any unsafe post requests.

Field Detail

REJECT

static final boolean REJECT

REJECT returned when a request should be rejected.

See Also:

Constant Field Values

ACCEPT

static final boolean ACCEPT

ACCEPT returned when a request may be accepted.

See Also:

Constant Field Values

POST_DEPTH_ATTRIBUTE

static final java.lang.String POST_DEPTH_ATTRIBUTE

Attribute set on the request to indicate the depth under the target request which :applyTo should be allowed to reference.

Method Detail

reject

boolean reject(SlingHttpServletRequest request,
               java.lang.String... whitelistPatterns)

Reject any unsafe post requests.

Parameters:

request - the request to check

whitelistPatterns - additional whitelist patterns

Returns:

REJECT if the request should be rejected, otherwise return ACCEPT.