source: main/trunk/ibisph-view/src/main/webapp/WEB-INF/config/spring/common.xml @ 17433

Last change on this file since 17433 was 17433, checked in by Garth Braithwaite, 7 months ago

view - AVs working better. QM total row. added cache able chart and maps xml to the injected model map.

File size: 27.7 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2
3<!--
4        IBIS-PH View System's common Spring properties. This Spring application
5        context file contains properties are commonly used by more than one module/
6        packages within the system.  These common properties include core base
7        XML/XSLT paths and other resources used by the apps controllers.
8
9        PROPERTY USAGE NOTES:
10        <property name="someName"><null/></property>
11        <property name="someName" value="${some_system_property_name}"/>
12        <value type="xyz.abc">  Beans can't have a type.
13
14        If property starts with all CAPS - something like XMLPath which has a setter
15        like setXMLPath then the property needs to be name="XMLPath" (the bean naming
16        more than one first letters capped rule) otherwise it's lowercase then mixed
17        case like normal properties.
18
19        Use the "parent" attribute for child objects that are of the same type.  This basically
20        does a clone on an object so that the existing parent object's objects are copied
21        to the child - thus providing a populated base class that all child objects can
22        be implicitly populated without explicitly setting the properties.
23-->
24
25<beans default-lazy-init="false" default-autowire="no"
26        xmlns="http://www.springframework.org/schema/beans"
27        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
28        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"
29>
30        <!--  C O N T E X T S   A N D   P A T H S -->
31        <!-- NOTE: Spring 3.0 provides a default servlet context bean that can be
32                used to access ServletContext properties via EL: #{servletContext.servletContextName}.
33        -->
34        <bean id="commonContentBasePath" class="org.ibisph.model.StringHolder">
35                <description>
36                        Base "Content" file path used by most internal XML and JSON file
37                        access bean configurations.  This provides a mechanism to easily
38                        locate files to a directory outside of the webapp.  This default
39                        location is the relative webapp.
40                </description>
41                <constructor-arg value=""/>
42        </bean>
43
44        <bean id="commonContextAndPathService" class="org.ibisph.web.ContextAndPathService"/>
45
46        <bean id="commonBaseContentPathURL" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
47                <property name="targetObject" ref="commonContextAndPathService"/>
48                <property name="targetMethod" value="getPathURL"/>
49                <property name="arguments"><list><value>#{commonContentBasePath.string}</value></list></property>
50        </bean>
51
52        <bean id="commonBaseXSLTPathURL" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
53                <property name="targetObject" ref="commonContextAndPathService"/>
54                <property name="targetMethod" value="getPathURL"/>
55                <property name="arguments"><list><value>xslt</value></list></property>
56        </bean>
57        <bean id="commonBaseXMLPathURL" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
58                <property name="targetObject" ref="commonContextAndPathService"/>
59                <property name="targetMethod" value="getPathURL"/>
60                <property name="arguments"><list><value>#{commonContentBasePath.string}/xml</value></list></property>
61        </bean>
62        <bean id="commonRestrictedBaseXMLPathURL" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
63                <property name="targetObject" ref="commonContextAndPathService"/>
64                <property name="targetMethod" value="getPathURL"/>
65                <property name="arguments"><list><value>#{commonContentBasePath.string}/WEB-INF/xml</value></list></property>
66        </bean>
67
68        <bean id="commonWebAppRemoteURLPrefix" class="org.ibisph.model.StringHolder">
69                <description>
70                        Base application request URL to be used by the app when creating outside
71                        links back to the app.  For example, this is used when the self user
72                        registration mechanism is employed.  The user is sent a verification
73                        email that has a URL that the user clicks to verify and activate
74                        their account.  This is needed because the server only know's its IP
75                        address - it has no idea what its outside domain/server name is. 
76                        The application context path is also included as again the server
77                        might have an upstream proxy sitting in front of it with different
78                        application context mappings.  Note that this is the complete root
79                        URL prefix value which consists to get to the application from via
80                        a public URL request.  It consists of the protocol, server name/address
81                        (with port if applicable), and the outside application context path. 
82                        This value is then used internally by the code to build the actual
83                        request URL.  It should be overridden in the site specific properties.
84                </description>
85                <constructor-arg value="http://localhost/ibisph-view"/>
86        </bean>
87
88
89        <!-- F I L E   S E R V I C E S -->
90        <bean id="commonXMLFilePathModelService" class="org.ibisph.model.BasePathURLGetModelService">
91                <description>
92                        This is the main component of the primary model for most view app
93                        requests.  Most view app requests are XML/XSLT transformations.
94                        The XML/XSLT transformation process can be a parsed XML document, a
95                        complete XML string, or a URI string that is a complete file path and
96                        name that points to an XML file.  For most requests, the primary XML
97                        file is specified as part of the request URL.  Each specific model
98                        map is coded/configured to determine a specific XML file.  This
99                        service is constructed with a base file path URL.  The model map uses
100                        this service to concat its base path with the model map's more
101                        specific filename to build the complete XML file path and name to be
102                        used in the transformation. 
103                </description>
104                <property name="basePath" ref="commonBaseXMLPathURL"/>
105        </bean>
106        <bean id="commonVerifiedXMLFilePathModelService" class="org.ibisph.model.BasePathVerifiedFileURLGetModelService">
107                <property name="basePath" ref="commonBaseXMLPathURL"/>
108        </bean>
109        <bean id="commonXSLTFilePathModelService" class="org.ibisph.model.BasePathVerifiedFileURLGetModelService">
110                <property name="basePath" ref="commonBaseXSLTPathURL"/>
111        </bean>
112
113        <bean id="commonDocumentDAOService" class="org.ibisph.xml.service.FileStoredDocumentDAO">
114                <description>
115                        Provides a local disk based document get, save, delete service. 
116                        This service also implements GetModelService so get(filename) works
117                        and can be used in place of the commonXMLFilePathModelService
118                        defined above when an actual XML document is wanted. 
119
120                        SPEED NOTE: This results in an "DOM4j DOCUMENT".  As such it *MIGHT* 
121                        be best to only use this for the a model when the XML needs to be
122                        traversed etc.  Speed appears to be slower compared to having the
123                        XSLT access a file via the "document()" call.
124                </description>
125                <property name="basePath"     ref="commonBaseXMLPathURL"/>
126                <property name="escapeTextWhenSaving" value="true"/>
127                <property name="dateFormat"   ref="commonDateFormat"/>
128                <property name="outputFormat" ref="commonXMLOutputFormat"/>
129        </bean>
130        <bean id="commonRestrictedDocumentDAOService" class="org.ibisph.xml.service.FileStoredDocumentDAO">
131                <description>
132                        Provides "restricted" disk based document get, save, delete service. 
133                        This is mainly used for the user profile XML files.
134                </description>
135                <property name="basePath"     ref="commonRestrictedBaseXMLPathURL"/>
136                <property name="escapeTextWhenSaving" value="true"/>
137                <property name="dateFormat"   ref="commonDateFormat"/>
138                <property name="outputFormat" ref="commonXMLOutputFormat"/>
139        </bean>
140
141
142        <!--  L O C A L S,  D A T E,  F O R M A T S  -->
143        <bean id="commonLocale" class="java.util.Locale">
144                <constructor-arg value="en"/>
145                <constructor-arg value="US"/>
146        </bean>
147
148        <!-- Date Format Patterns:
149                To specify the time format use a time pattern string. In this pattern, all
150                ASCII letters are reserved as pattern letters, which are defined as the following:
151               
152                 Symbol   Meaning                 Presentation        Example
153                 ======   =====================   =================   ===================
154                 G        era designator          (Text)              AD
155                 y        year                    (Number)            1996
156                 M        month in year           (Text & Number)     July & 07
157                 d        day in month            (Number)            10
158                 h        hour in am/pm (1~12)    (Number)            12
159                 H        hour in day (0~23)      (Number)            0
160                 m        minute in hour          (Number)            30
161                 s        second in minute        (Number)            55
162                 S        millisecond             (Number)            978
163                 E        day in week             (Text)              Tuesday
164                 D        day in year             (Number)            189
165                 F        day of week in month    (Number)            2 (2nd Wed in July)
166                 w        week in year            (Number)            27
167                 W        week in month           (Number)            2
168                 a        am/pm marker            (Text)              PM
169                 k        hour in day (1~24)      (Number)            24
170                 K        hour in am/pm (0~11)    (Number)            0
171                 z        time zone               (Text)              Pacific Standard Time
172                 '        escape for text         (Delimiter)
173                 ''       single quote            (Literal)           '
174               
175                Examples Using the US Locale:
176               
177                Format Pattern                    Result
178                ==============================    ======================================
179                "yyyy.MM.dd G 'at' hh:mm:ss z"    1996.07.10 AD at 15:08:56 PDT
180                "EEE, MMM d, ''yy"                Wed, July 10, '96
181                "h:mm a"                          12:08 PM
182                "hh 'o''clock' a, zzzz"           12 o'clock PM, Pacific Daylight Time
183                "K:mm a, z"                       0:00 PM, PST
184                "yyyyy.MMMMM.dd GGG hh:mm aaa"    1996.July.10 AD 12:08 PM
185               
186                "dd.MM.yy"                        09.04.98
187                "H:mm"                            18:15
188                "H:mm:ss:SSS"                     18:15:55:624
189                "K:mm a,z"                        6:15 PM,PDT
190
191                Serial Number: yyyy-MM-dd-HH-mm-ss-SS
192        -->
193        <bean id="commonDateFormat" class="java.text.SimpleDateFormat">
194                <constructor-arg value="EEE, d MMM yyyy HH:mm:ss z"/>
195                <constructor-arg type="java.util.Locale" ref="commonLocale"/>
196        </bean>
197        <bean id="commonBackupFileDateSerialNumberDateFormat" class="java.text.SimpleDateFormat">
198                <constructor-arg value="yyyy-MM-dd-HH-mm-ss-SS"/>
199                <constructor-arg type="java.util.Locale" ref="commonLocale"/>
200        </bean>
201
202
203        <!--  M O D E L   M A P   R E S O U R C E S -->
204        <bean id="commonCurrentUserService" class="org.ibisph.user.service.CurrentUser"/>
205
206        <bean id="commonXMLModelMapKey" class="org.ibisph.model.StringHolder">
207                <constructor-arg value="XML"/>
208        </bean>
209
210        <bean id="commonSimpleBlankXMLModelMap" class="org.ibisph.modelmap.SimpleGetModelMap">
211                <description>
212                        Provides an XML model map for those XSLT/XML transformations where
213                        an XML documnt/file does not exist - like the user/* pages.
214                </description>
215                <property name="modelMapKey" value="#{commonXMLModelMapKey.string}"/>
216                <property name="model"><value><![CDATA[<?xml version="1.0" encoding="UTF-8"?><BLANK/>]]></value></property>
217        </bean>
218
219        <bean id="commonXMLServiceModelMapProperties" abstract="true">
220                <description>
221                        Core XML model map properties used by IP, Query, CP and other beans.
222                </description>
223                <property name="modelMapKey" value="#{commonXMLModelMapKey.string}"/>
224                <property name="getModelService" ref="commonXMLFilePathModelService"/>
225        </bean>
226
227
228        <!-- S T A T I C / C A C H E D   X M L   M O D E L   M A P S -->
229        <!-- The ModelFromFilePathAndNameService has an option to cache and clear
230                the cache XML docs.  As of 11/1/2018 the caching is not set.  At some
231                future point this caching can be set to true.  This should only be done
232                once a data admin publish request is implemented that clears the cached
233                XML doc object e.g. reloads it. 
234
235                Currently, because there is not a reload the cache when published mechanism,
236                this implmentation is not efficienet.  Previous versions used the XLST
237                file/document.  It is now coded to use java to load the doc for each req
238                simply so that the future configurations and XSLT does not have to be
239                reworked.
240        -->
241        <bean id="commonAncillaryValuesModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
242                <description>Document version of the published AncillaryValues XML.</description>
243                <property name="modelMapKey"     value="AncillaryValues"/>
244                <property name="getModelService" ref="commonDocumentDAOService"/>
245                <property name="filePathAndName" value="ancillary_values.xml"/>
246        </bean>
247        <bean id="commonDataSourcesModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
248                <description>Document version of the published DataSources XML.</description>
249                <property name="modelMapKey"     value="DataSources"/>
250                <property name="getModelService" ref="commonDocumentDAOService"/>
251                <property name="filePathAndName" value="data_sources.xml"/>
252        </bean>
253        <bean id="commonDimensionsModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
254                <description>Document version of the published Dimensions XML.</description>
255                <property name="modelMapKey"     value="Dimensions"/>
256                <property name="getModelService" ref="commonDocumentDAOService"/>
257                <property name="filePathAndName" value="dimensions.xml"/>
258        </bean>
259        <bean id="commonMeasuresModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
260                <description>Document version of the published Measures XML.</description>
261                <property name="modelMapKey"     value="Measures"/>
262                <property name="getModelService" ref="commonDocumentDAOService"/>
263                <property name="filePathAndName" value="measures.xml"/>
264        </bean>
265        <bean id="commonValueTypesModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
266                <description>Document version of the published ValueTypes XML.</description>
267                <property name="modelMapKey"     value="ValueTypes"/>
268                <property name="getModelService" ref="commonDocumentDAOService"/>
269                <property name="filePathAndName" value="value_types.xml"/>
270        </bean>
271        <bean id="commonValueAttributesModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
272                <description>Document version of the published ValueAttributes XML.</description>
273                <property name="modelMapKey"     value="ValueAttributes"/>
274                <property name="getModelService" ref="commonDocumentDAOService"/>
275                <property name="filePathAndName" value="value_attributes.xml"/>
276        </bean>
277        <bean id="commonChartsModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
278                <description>Document version of the published Charts XML.</description>
279                <property name="modelMapKey"     value="Charts"/>
280                <property name="getModelService" ref="commonDocumentDAOService"/>
281                <property name="filePathAndName" value="charts.xml"/>
282        </bean>
283        <bean id="commonMapsModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
284                <description>Document version of the published Maps XML.</description>
285                <property name="modelMapKey"     value="Maps"/>
286                <property name="getModelService" ref="commonDocumentDAOService"/>
287                <property name="filePathAndName" value="maps.xml"/>
288        </bean>
289        <bean id="commonOrgUnitsAttributesModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
290                <description>
291                        Injects the XML doc.  This helps with speed as the doc
292                        is only read/parsed once.  Con of this approach is that
293                        bean needs an event listener to reload when published.
294                </description>
295                <property name="modelMapKey"     value="OrgUnits"/>
296                <property name="getModelService" ref="commonDocumentDAOService"/>
297                <property name="filePathAndName" value="org_units.xml"/>
298        </bean>
299       
300
301        <!-- C O N T R O L L E R   R E S O U R C E S -->
302        <bean id="commonNoCacheHTTPResponseHeaders" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
303                <description>
304                        no cache type headers
305                </description>
306                <property name="properties">
307                        <props>
308                                <prop key="Pragma">no-cache</prop>
309                                <prop key="Expires">Fri, 12 Dec 1980 23:23:23 GMT</prop>
310                                <prop key="Cache-Control">no-cache, private, s-maxage=0, max-age=0, must-revalidate, proxy-revalidate, no-store</prop>
311                                <prop key="Cache-Control">post-check=0, pre-check=0</prop>
312                        </props>
313                </property>
314        </bean>
315        <bean id="commonHTTPResponseHeaders" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
316                <description>
317                        common security headers.  See:
318                        https://blog.veracode.com/2014/03/guidelines-for-setting-security-headers/
319
320                        Note: ajax json requests are typically blocked by most browsers (CORS).
321                        e.g. file:, http:, https:, ftp: are all not acceptable if outside of
322                        the current domain when making a XMLHttpRequest. 
323                        see:
324                                http://www.html5rocks.com/en/tutorials/cors/
325                                https://learn.jquery.com/ajax/working-with-jsonp/
326                        Can also set header name="Access-Control-Allow-Origin" value="*"
327                </description>
328                <property name="properties">
329                        <props>
330                                <prop key="X-XSS-Protection">1</prop>
331                                <prop key="X-Content-Type-Options">nosniff</prop>
332                                <prop key="X-Frame-Options">DENY</prop>
333                                <prop key="Strict-Transport-Security">max-age=31536000</prop>
334                        </props>
335                </property>
336        </bean> 
337
338        <bean id="commonModelMapListController" abstract="true" class="org.ibisph.web.springmvc.ModelMapListProcessingController">
339                <description>
340                        Provides base of all HTML page type controllers.  Defines the
341                        ModelMapListProcessingController class, the additional modelmaps that
342                        most pages use, and the HTTPResponseHeaders (typically setup to
343                        handle XSS security).
344                </description>
345                <property name="additionalModelMapList">
346                        <list>
347<!-- -->
348                                <bean class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
349                                        <description>
350                                                This is consumed in the menu xslt code hence the modelMapKey
351                                                MenuSelectionsList.xmlFilePath which is the xslt param name
352                                                in MenuSelectionsList.xslt file.
353                                        </description>
354                                        <property name="modelMapKey"     value="ContentXMLFilePath"/>
355                                        <property name="getModelService" ref="commonXMLFilePathModelService"/>
356                                        <property name="filePathAndName" value=""/>
357                                </bean>
358
359                                <bean class="org.ibisph.modelmap.SimpleGetModelMap">
360                                        <description>
361                                                Used by XSLT to dynamically access the 2ndardy XML
362                                                files as well as leaflet map and kendo json files.
363                                                Injected into the main Page.xslt.
364                                        </description>
365                                        <property name="modelMapKey"     value="BaseContentFilePath"/>
366                                        <property name="model"           ref="commonBaseContentPathURL"/>
367                                </bean>
368
369                                <ref bean="commonOrgUnitsAttributesModelMap"/>
370
371                                <bean id="commonUserProfileModelMap" class="org.ibisph.user.modelmap.CurrentUserDocument">
372                                        <property name="modelMapKey"        value="UserProfile"/>
373                                        <property name="currentUserService" ref="commonCurrentUserService"/>
374                                </bean>
375
376                                <bean id="commonHTTPRequestParametersModelMap" class="org.ibisph.web.modelmap.HTTPRequestParameters">
377                                        <description>
378                                                Provides a simple mechanism to pass URL req params to the XSLT
379                                                code.  Note that this does NOT differentiate between GET and
380                                                POST so might have to remove this in some special cases - like
381                                                not needed for the query module builder post etc.
382                                        </description>
383                                        <property name="modelMapKey" value="HTTPRequestParameters"/>
384                                </bean>
385
386                                <bean id="commonPathSegmentsFromHTTPRequestModelMap" class="org.ibisph.web.modelmap.PathSegmentsFromHTTPRequest">
387                                        <description>
388                                                Provides the path segments to the view.  This is needed
389                                                for context menu file name and the request path bread
390                                                crumbs.
391                                        </description>
392                                </bean>
393
394                                <bean id="commonWebAppURLContextPrefixFromHTTPRequestModelMap" class="org.ibisph.web.modelmap.WebAppURLContextPrefixFromHTTPRequest">
395                                        <property name="modelMapKey" value="WebAppContextURLPrefix"/>
396                                </bean>
397
398                                <bean class="org.ibisph.modelmap.SimpleGetModelMap">
399                                        <property name="modelMapKey" value="WebAppRemoteURLPrefix"/>
400                                        <property name="model" value="#{commonWebAppRemoteURLPrefix.string}/"/>
401                                </bean>
402
403                                <bean id="commonModifiedDateModelMap" class="org.ibisph.modelmap.AddModelDateModelToModelMap">
404                                        <property name="sourceModelModelMapKey"   value="#{commonXMLModelMapKey.string}"/>
405                                        <property name="formattedDateModelMapKey" value="XMLModifedDate"/>
406                                        <property name="dateFormat"               ref="commonDateFormat"/>
407                                        <property name="sourceModelDateXPathList">
408                                                <list>
409                                                        <value>LAST_MODIFIED</value>
410                                                        <value>MODIFIED_DATE</value>
411                                                </list>
412                                        </property>
413                                </bean>
414                        </list>
415                </property>
416
417                <property name="HTTPResponseHeaders" ref="commonHTTPResponseHeaders"/>
418        </bean>
419
420
421
422        <!--  X M L   R E S O U R C E S  -->
423        <bean id="commonXMLEncodingScheme" class="org.ibisph.model.StringHolder">
424                <description>
425                        XML encoding scheme used when creating an XML file and Request character
426                        encoding.  Both of these should work: "UTF-8", "ISO-8859-1", however, UTF-8
427                        had some problems with some data.  ISO-8859-1 is an 8 bit subset of the 16
428                        bit unicode UTF-8 character set and is used for western english characters.
429                </description>
430                <constructor-arg value="ISO-8859-1"/>
431        </bean>
432
433        <bean id="commonXMLOutputFormat" class="org.dom4j.io.OutputFormat">
434                <property name="encoding"   value="#{commonXMLEncodingScheme.string}"/>
435                <property name="indentSize" value="1"/>     <!-- count of indents -->
436                <property name="indent"     value="&#09;"/> <!-- tab value: &#09; = horizontal tab or spaces etc -->
437                <property name="newlines"   value="true"/>  <!-- if true puts next element on new line -->
438                <property name="padText"    value="false"/> <!-- if true just adds extra blank line inbetween... -->
439                <property name="trimText"   value="true"/>  <!-- strips white space.  Do NOT set to true for IPs as embedded CRs will be lost -->
440        </bean>
441
442
443        <!--  X S L T   T R A N S F O R M A T I O N   R E S O U R C E S  -->
444        <!-- The main function is to set the XSLT transformation factory to be used.
445                This mechanism allows for a pluggable XSLT engine to be explicitly used.
446                This can be set as a system property but doing so can impact other apps
447                that are installed on the same app server which require/rely on other
448                versions of an XSLT processor (typically XALAN).  If the factory is not
449                explicitly set then the app server's/JVM's default XSLT engine will be
450                used (via JAXP - typically XALAN which will NOT work for IBIS as of 2008). 
451
452                NOTES:
453                - This factory must be XSLT v2.0 (at this point Saxon is the best
454                solution - XALAN 2.x will NOT work for IBIS as it is v1.x). 
455
456                - Removed the IBIS transformer factory type classes in late 2008 as they
457                were not needed.  If XALAN ever goes to 2.0 and adopters want to use then
458                those objects can be resurrected or new XALAN objects can be created as
459                needed.
460
461                PRODUCTION: It is highly recommended to use the caching Saxon XSLT engine:
462                <bean id="commonXSLTTransformerFactory" class="org.ibisph.xslt.CachedSaxonTransformerFactory"/>
463
464                XSLT DEVELOPMENT: Use the normal, thread safe non caching Saxon XSLT
465                Transformation Factory.  This avoids having to restart the app or touch
466                the core XSLT file.
467                <bean id="commonXSLTTransformerFactory" class="net.sf.saxon.TransformerFactoryImpl"/>
468        -->
469        <bean id="commonXSLTTransformerFactory" class="org.ibisph.xslt.CachedSaxonTransformerFactory"/>
470        <bean id="commonXSLTTransformation" class="org.ibisph.xslt.Transformation">
471                <constructor-arg ref="commonXSLTTransformerFactory"/>
472        </bean>
473        <bean id="commonXSLTTransformationView" class="org.ibisph.xml.springmvc.XSLTXMLTransformationView">
474                <description>
475                        Core transformation view that almost all views use/extend from.
476                </description>
477                <constructor-arg ref="commonXSLTTransformation"/>
478                <property name="XSLTURLGetModelService" ref="commonXSLTFilePathModelService"/> 
479        </bean>
480
481
482        <bean id="commonXSSStringValidator" class="org.ibisph.util.ExclusionRegexFindStringValidator">
483                <description>
484                        Series of regex that attempts to detect XSS - injected javascript.  For
485                        IBIS the main issue is that you could embed some script into a saved
486                        query and a user could then share that saved query def with another
487                        user.  When that user opens the saved query it could execute some
488                        script that could do a few things.  However, this is quickly found as
489                        the victim can report it and the admin can see exactly which user is
490                        the offender and take action. 
491
492                        This validator will catch very basic XSS and is provided mostly for
493                        IT departments to feel better about things.  To do this right the
494                        text MUST be processed as HTML and parsed to being valid etc.
495                </description>
496                <property name="regEx">
497                        <list>
498                                <value>javascript:|&lt;\s*script.*?\s*&gt;</value>
499                        </list>
500                </property>
501        </bean>
502
503        <bean id="commonXMLStringCleaner" class="org.ibisph.util.ReplacementStringCleaner">
504                <description>Cleans/replaces characters.  Stubbed out for now...</description>
505                <property name="replacementCharsMap">
506                        <map>
507                                <entry key="‘" value="'"/>
508                                <entry key="’" value="'"/>
509                        </map>
510                </property> 
511        </bean>
512
513
514        <!--  E X C E P T I O N   R E S O L V E R  -->
515
516        <!-- Exception Resolvers are typically a list of exceptions with associated
517                views to be used to display an error for a given type of exception. 
518                Note that the resolver is ONLY used for exceptions thrown/uncaught
519                within controller objects e.g. objects controlled by the Request Dispatcher
520                servlet/container.  For "view" related errors a HandlerInterceptor
521                is needed see:
522               
523                http://stackoverflow.com/questions/196495/how-to-configure-spring-handlerexceptionresolver-to-handle-nullpointerexception-t)
524               
525                Other types of errors that happen outside of the servlet (like filter
526                errors) are also not able to be handled.  Many of these errors that occur
527                within the IBIS applications are view related and due to the fact that
528                the web.xml error handling can be used to handle ALL types of errors,
529                there's not much value in an ErrorResolver.  As if 2010, all errors
530                simply go through to the container which will then use the web.xml
531                which uses a centralized error jsp to handle all errors.  The error
532                page logs the error and returns an error page to the user.  The two
533                major down sides to this centralized JSP approach is that 1) the error
534                JSP has to be bullet proof, and 2) the error handling is limited to
535                what can be done within a JSP.  The pro to this approach is that it
536                is all centralized and handled consistently.
537        -->
538
539        <!-- Below is a basic ExceptionResolver that many Spring MVC apps implement.
540                Specific exceptions are handled by the simple exception to view resolver
541                This resolver needs to be used first and MUST not be configured to do the
542                general error handling as the next resolver will not be called.  Note that
543                this can be setup to handle everything but it's was easier to understand
544                and control doing this way.
545
546        <bean id="commonSpecificExceptionResolver" class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
547                <property name="order" value="1"/>
548                <property name="defaultStatusCode" value="700"/>
549                <property name="defaultErrorView" value="/WEB-INF/jsp/error/detail.jsp"/>
550                <property name="exceptionAttribute" value="Exception"/>
551                <property name="mappedHandlers">
552                        <set><value>java.lang.Throwable</value><ref local="commonDefault.ExceptionHandler"/></set>
553                </property>
554                <property name="exceptionMappings">
555                        <props>
556                                <prop key="org.ibisph.web.springmvc.controller.query.NullModuleException">Query.NullModuleDocument.View</prop>
557                                <prop key="java.lang.Exception ">Query.NullModuleDocument.View</prop>
558                        </props>
559                </property>
560        </bean>
561
562        For many years a simple logging type ExceptionResolver was used.  The code
563        below is left in case the logging exception handler is wanted by an adopter.
564
565        <bean id="commonDefaultExceptionHandler" class="org.ibisph.web.springmvc.LoggingControllerExceptionHandler">
566                <property name="order" value="1"/>
567        </bean>
568        -->
569
570</beans>
571
Note: See TracBrowser for help on using the repository browser.