Context Navigation

source: main/trunk/ibisph-view/src/main/webapp/WEB-INF/config/spring/common.xml @ 19890

Last change on this file since 19890 was 19890, checked in by GarthBraithwaite_STG, 4 years ago
view - TEMP COMMIT. Changed webapp context prefix path to base request path so it is not confused with just the context path. put font icon ref into general. added contextnav css back into layout for topic indexes. css file import ordering tweaks.
File size: 27.8 KB

Line
1	<?xml version="1.0" encoding="UTF-8"?>
2
3	<!--
4	IBIS-PH View System's common Spring properties. This Spring application
5	context file contains properties are commonly used by more than one module/
6	packages within the system. These common properties include core base
7	XML/XSLT paths and other resources used by the apps controllers.
8
9	PROPERTY USAGE NOTES:
10	<property name="someName"><null/></property>
11	<property name="someName" value="${some_system_property_name}"/>
12	<value type="xyz.abc"> Beans can't have a type.
13
14	If property starts with all CAPS - something like XMLPath which has a setter
15	like setXMLPath then the property needs to be name="XMLPath" (the bean naming
16	more than one first letters capped rule) otherwise it's lowercase then mixed
17	case like normal properties.
18
19	Use the "parent" attribute for child objects that are of the same type. This basically
20	does a clone on an object so that the existing parent object's objects are copied
21	to the child - thus providing a populated base class that all child objects can
22	be implicitly populated without explicitly setting the properties.
23
24	PATH CONVENTION:
25	All paths shall have a trailing "/". Sub paths should never have a leading "/"
26	but will always have the trailing "/". Base paths can have a leading "/" as
27	this represents the root of the file system.
28	-->
29
30	<beans default-lazy-init="false" default-autowire="no"
31	xmlns="http://www.springframework.org/schema/beans"
32	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
33	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"
34	>
35	<!-- C O N T E X T S A N D P A T H S -->
36	<!-- NOTE: Spring 3.0 provides a default servlet context bean that can be
37	used to access ServletContext properties via EL: #{servletContext.servletContextName}.
38	-->
39	<bean id="commonContentBasePath" class="org.ibisph.model.StringHolder">
40	<description>
41	Base "Content" file path used by most internal XML and JSON file
42	access bean configurations. This provides a mechanism to easily
43	locate files to a directory outside of the webapp. This default
44	location is the relative webapp.
45	</description>
46	<constructor-arg value=""/>
47	</bean>
48
49	<bean id="commonContextAndPathService" class="org.ibisph.web.ContextAndPathService"/>
50
51	<bean id="commonContentBasePathURL" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
52	<property name="targetObject" ref="commonContextAndPathService"/>
53	<property name="targetMethod" value="getPathURL"/>
54	<property name="arguments"><list><value>#{commonContentBasePath.string}</value></list></property>
55	</bean>
56
57	<bean id="commonXMLBasePathURL" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
58	<property name="targetObject" ref="commonContextAndPathService"/>
59	<property name="targetMethod" value="getPathURL"/>
60	<property name="arguments"><list><value>#{commonContentBasePath.string}xml/</value></list></property>
61	</bean>
62	<bean id="commonRestrictedXMLBasePathURL" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
63	<property name="targetObject" ref="commonContextAndPathService"/>
64	<property name="targetMethod" value="getPathURL"/>
65	<property name="arguments"><list><value>#{commonContentBasePath.string}WEB-INF/xml/</value></list></property>
66	</bean>
67	<bean id="commonXSLTBasePathURL" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
68	<property name="targetObject" ref="commonContextAndPathService"/>
69	<property name="targetMethod" value="getPathURL"/>
70	<property name="arguments"><list><value>xslt/</value></list></property>
71	</bean>
72
73	<bean id="commonWebAppBaseRequestPath" class="org.ibisph.model.StringHolder">
74	<description>
75	Base application request URL path injected into the common webapp
76	base request path model map for the XSLT code to prefix all content
77	web page requests. It is also used for the user self registering
78	bean etc.
79
80	The path is optional. It is only used in those instances when the
81	servlet's request URL is not sufficient to get HTTP requsts to the
82	webapp (e.g. when the webapp is behind a proxy or the webapp's
83	context is different etc.). When specified the value is the complete
84	root URL prefix value consisting of the protocol, server name/address
85	(with port if applicable), and the outside application context path.
86	</description>
87	<constructor-arg value="http://localhost/ibisph-view/"/>
88	</bean>
89
90
91	<!-- F I L E S E R V I C E S -->
92	<bean id="commonXMLFilePathModelService" class="org.ibisph.model.URLPathGetModelService">
93	<description>
94	This is the main component of the primary model for most view app
95	requests. Most view app requests are XML/XSLT transformations.
96	The XML/XSLT transformation process can be a parsed XML document, a
97	complete XML string, or a URI string that is a complete file path and
98	name that points to an XML file. For most requests, the primary XML
99	file is specified as part of the request URL. Each specific model
100	map is coded/configured to determine a specific XML file. This
101	service is constructed with a base file path URL. The model map uses
102	this service to concat its base path with the model map's more
103	specific filename to build the complete XML file path and name to be
104	used in the transformation.
105	</description>
106	<property name="basePath" ref="commonXMLBasePathURL"/>
107	</bean>
108	<bean id="commonVerifiedXMLFilePathModelService" class="org.ibisph.model.VerifiedURLPathGetModelService">
109	<property name="basePath" ref="commonXMLBasePathURL"/>
110	</bean>
111	<bean id="commonXSLTFilePathModelService" class="org.ibisph.model.VerifiedURLPathGetModelService">
112	<property name="basePath" ref="commonXSLTBasePathURL"/>
113	</bean>
114
115	<bean id="commonDocumentDAOService" class="org.ibisph.xml.service.FileStoredDocumentDAO">
116	<description>
117	Provides a local disk based document get, save, delete service.
118	This service also implements GetModelService so get(filename) works
119	and can be used in place of the commonXMLFilePathModelService
120	defined above when an actual XML document is wanted.
121
122	SPEED NOTE: This results in an "DOM4j DOCUMENT". As such it MIGHT
123	be best to only use this for the a model when the XML needs to be
124	traversed etc. Speed appears to be slower compared to having the
125	XSLT access a file via the "document()" call.
126	</description>
127	<property name="basePath" ref="commonXMLBasePathURL"/>
128	<property name="escapeTextWhenSaving" value="true"/>
129	<property name="dateFormat" ref="commonDateFormat"/>
130	<property name="outputFormat" ref="commonXMLOutputFormat"/>
131	</bean>
132	<bean id="commonRestrictedDocumentDAOService" class="org.ibisph.xml.service.FileStoredDocumentDAO">
133	<description>
134	Provides "restricted" disk based document get, save, delete service.
135	This is mainly used for the user profile XML files.
136	</description>
137	<property name="basePath" ref="commonRestrictedXMLBasePathURL"/>
138	<property name="escapeTextWhenSaving" value="true"/>
139	<property name="dateFormat" ref="commonDateFormat"/>
140	<property name="outputFormat" ref="commonXMLOutputFormat"/>
141	</bean>
142
143
144	<!-- L O C A L S, D A T E, F O R M A T S -->
145	<bean id="commonLocale" class="java.util.Locale">
146	<constructor-arg value="en"/>
147	<constructor-arg value="US"/>
148	</bean>
149
150	<!-- Date Format Patterns:
151	To specify the time format use a time pattern string. In this pattern, all
152	ASCII letters are reserved as pattern letters, which are defined as the following:
153
154	Symbol Meaning Presentation Example
155	====== ===================== ================= ===================
156	G era designator (Text) AD
157	y year (Number) 1996
158	M month in year (Text & Number) July & 07
159	d day in month (Number) 10
160	h hour in am/pm (1~12) (Number) 12
161	H hour in day (0~23) (Number) 0
162	m minute in hour (Number) 30
163	s second in minute (Number) 55
164	S millisecond (Number) 978
165	E day in week (Text) Tuesday
166	D day in year (Number) 189
167	F day of week in month (Number) 2 (2nd Wed in July)
168	w week in year (Number) 27
169	W week in month (Number) 2
170	a am/pm marker (Text) PM
171	k hour in day (1~24) (Number) 24
172	K hour in am/pm (0~11) (Number) 0
173	z time zone (Text) Pacific Standard Time
174	' escape for text (Delimiter)
175	'' single quote (Literal) '
176
177	Examples Using the US Locale:
178
179	Format Pattern Result
180	============================== ======================================
181	"yyyy.MM.dd G 'at' hh:mm:ss z" 1996.07.10 AD at 15:08:56 PDT
182	"EEE, MMM d, ''yy" Wed, July 10, '96
183	"h:mm a" 12:08 PM
184	"hh 'o''clock' a, zzzz" 12 o'clock PM, Pacific Daylight Time
185	"K:mm a, z" 0:00 PM, PST
186	"yyyyy.MMMMM.dd GGG hh:mm aaa" 1996.July.10 AD 12:08 PM
187
188	"dd.MM.yy" 09.04.98
189	"H:mm" 18:15
190	"H:mm:ss:SSS" 18:15:55:624
191	"K:mm a,z" 6:15 PM,PDT
192
193	Serial Number: yyyy-MM-dd-HH-mm-ss-SS
194	-->
195	<bean id="commonDateFormat" class="java.text.SimpleDateFormat">
196	<constructor-arg value="EEE, d MMM yyyy HH:mm:ss z"/>
197	<constructor-arg type="java.util.Locale" ref="commonLocale"/>
198	</bean>
199	<bean id="commonBackupFileDateSerialNumberDateFormat" class="java.text.SimpleDateFormat">
200	<constructor-arg value="yyyy-MM-dd-HH-mm-ss-SS"/>
201	<constructor-arg type="java.util.Locale" ref="commonLocale"/>
202	</bean>
203
204
205	<!-- M O D E L M A P R E S O U R C E S -->
206	<bean id="commonCurrentUserService" class="org.ibisph.user.service.CurrentUser"/>
207
208	<bean id="commonXMLModelMapKey" class="org.ibisph.model.StringHolder">
209	<constructor-arg value="XML"/>
210	</bean>
211
212	<bean id="commonSimpleBlankXMLModelMap" class="org.ibisph.modelmap.SimpleGetModelMap">
213	<description>
214	Provides an XML model map for those XSLT/XML transformations where
215	an XML documnt/file does not exist - like the user/* pages.
216	</description>
217	<property name="modelMapKey" value="#{commonXMLModelMapKey.string}"/>
218	<property name="model"><value><![CDATA[<?xml version="1.0" encoding="UTF-8"?><BLANK/>]]></value></property>
219	</bean>
220
221	<bean id="commonXMLServiceModelMapProperties" abstract="true">
222	<description>
223	Core XML model map properties used by IP, Query, CP and other beans.
224	</description>
225	<property name="modelMapKey" value="#{commonXMLModelMapKey.string}"/>
226	<property name="getModelService" ref="commonXMLFilePathModelService"/>
227	</bean>
228
229
230	<!-- S T A T I C / C A C H E D X M L M O D E L M A P S -->
231	<!-- The ModelFromFilePathAndNameService has an option to cache and clear
232	the cache XML docs. As of 11/1/2018 the caching is not set. At some
233	future point this caching can be set to true. This should only be done
234	once a data admin publish request is implemented that clears the cached
235	XML doc object e.g. reloads it.
236
237	Currently, because there is not a reload the cache when published mechanism,
238	this implmentation is not efficienet. Previous versions used the XLST
239	file/document. It is now coded to use java to load the doc for each req
240	simply so that the future configurations and XSLT does not have to be
241	reworked.
242	-->
243	<bean id="commonAncillaryValuesModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
244	<description>Document version of the published AncillaryValues XML.</description>
245	<property name="modelMapKey" value="AncillaryValues"/>
246	<property name="getModelService" ref="commonDocumentDAOService"/>
247	<property name="filePathAndName" value="ancillary_values.xml"/>
248	</bean>
249	<bean id="commonDataSourcesModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
250	<description>Document version of the published DataSources XML.</description>
251	<property name="modelMapKey" value="DataSources"/>
252	<property name="getModelService" ref="commonDocumentDAOService"/>
253	<property name="filePathAndName" value="data_sources.xml"/>
254	</bean>
255	<bean id="commonDimensionsModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
256	<description>Document version of the published Dimensions XML.</description>
257	<property name="modelMapKey" value="Dimensions"/>
258	<property name="getModelService" ref="commonDocumentDAOService"/>
259	<property name="filePathAndName" value="dimensions.xml"/>
260	</bean>
261	<bean id="commonMeasuresModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
262	<description>Document version of the published Measures XML.</description>
263	<property name="modelMapKey" value="Measures"/>
264	<property name="getModelService" ref="commonDocumentDAOService"/>
265	<property name="filePathAndName" value="measures.xml"/>
266	</bean>
267	<bean id="commonValueTypesModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
268	<description>Document version of the published ValueTypes XML.</description>
269	<property name="modelMapKey" value="ValueTypes"/>
270	<property name="getModelService" ref="commonDocumentDAOService"/>
271	<property name="filePathAndName" value="value_types.xml"/>
272	</bean>
273	<bean id="commonValueAttributesModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
274	<description>Document version of the published ValueAttributes XML.</description>
275	<property name="modelMapKey" value="ValueAttributes"/>
276	<property name="getModelService" ref="commonDocumentDAOService"/>
277	<property name="filePathAndName" value="value_attributes.xml"/>
278	</bean>
279	<bean id="commonChartsModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
280	<description>Document version of the published Charts XML.</description>
281	<property name="modelMapKey" value="Charts"/>
282	<property name="getModelService" ref="commonDocumentDAOService"/>
283	<property name="filePathAndName" value="charts.xml"/>
284	</bean>
285	<bean id="commonMapsModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
286	<description>Document version of the published Maps XML.</description>
287	<property name="modelMapKey" value="Maps"/>
288	<property name="getModelService" ref="commonDocumentDAOService"/>
289	<property name="filePathAndName" value="maps.xml"/>
290	</bean>
291	<bean id="commonOrgUnitsModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
292	<description>
293	Injects the XML doc. This helps with speed as the doc
294	is only read/parsed once. Con of this approach is that
295	bean needs an event listener to reload when published.
296	</description>
297	<property name="modelMapKey" value="OrgUnits"/>
298	<property name="getModelService" ref="commonDocumentDAOService"/>
299	<property name="filePathAndName" value="org_units.xml"/>
300	</bean>
301
302
303	<!-- P A T H A N D R E Q U E S T M O D E L M A P S -->
304	<bean id="commonContentBasePathModelMap" class="org.ibisph.modelmap.SimpleGetModelMap">
305	<description>
306	Used by XSLT to dynamically access the 2ndardy XML
307	files as well as leaflet map and kendo json files.
308	Injected into the main Page.xslt.
309	</description>
310	<property name="modelMapKey" value="ContentBasePath"/>
311	<property name="model" ref="commonContentBasePathURL"/>
312	</bean>
313
314	<bean id="commonWebAppBasePathModelMap" class="org.ibisph.web.modelmap.WebAppBaseRequestPathFromHTTPRequest">
315	<description>
316	Complete remote/external webapp HTTP request base path prefix used
317	to access internet content and webapp requests (e.g. prefix used
318	for all requests from a user's browswer). This model map is injected
319	into all XSLT type page requests so that the code can build the
320	explicit, fully qualified request paths.
321
322	If the webappBaseRequestPath is blank then this model map will use
323	webapp's base servlet request context URL value.
324	</description>
325	<property name="webappBaseRequestPath" value="#{commonWebAppBaseRequestPath.string}"/>
326	<property name="modelMapKey" value="WebAppBaseRequestPath"/>
327	</bean>
328
329	<bean id="commonHTTPRequestParametersModelMap" class="org.ibisph.web.modelmap.HTTPRequestParameters">
330	<description>
331	Provides a simple mechanism to pass URL req params to the XSLT
332	code. Note that this does NOT differentiate between GET and
333	POST so might have to remove this in some special cases - like
334	not needed for the query module builder post etc.
335	</description>
336	<property name="modelMapKey" value="HTTPRequestParameters"/>
337	</bean>
338	<bean id="commonHTTPRequestPathSegmentsModelMap" class="org.ibisph.web.modelmap.PathSegmentsFromHTTPRequest">
339	<description>
340	Provides the path segments to the view. This is needed
341	for context menu file name and the request path bread
342	crumbs.
343	</description>
344	<property name="modelMapKey" value="PathSegments"/>
345	</bean>
346	<bean id="commonModifiedDateModelMap" class="org.ibisph.modelmap.AddModelDateModelToModelMap">
347	<property name="sourceModelModelMapKey" value="#{commonXMLModelMapKey.string}"/>
348	<property name="formattedDateModelMapKey" value="XMLModifedDate"/>
349	<property name="dateFormat" ref="commonDateFormat"/>
350	<property name="sourceModelDateXPathList">
351	<list>
352	<value>LAST_MODIFIED</value>
353	<value>MODIFIED_DATE</value>
354	</list>
355	</property>
356	</bean>
357
358	<bean id="commonUserProfileModelMap" class="org.ibisph.user.modelmap.CurrentUserDocument">
359	<property name="modelMapKey" value="UserProfile"/>
360	<property name="currentUserService" ref="commonCurrentUserService"/>
361	</bean>
362
363
364	<!-- C O N T R O L L E R R E S O U R C E S -->
365	<bean id="commonNoCacheHTTPResponseHeaders" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
366	<description>
367	no cache type headers
368	</description>
369	<property name="properties">
370	<props>
371	<prop key="Pragma">no-cache</prop>
372	<prop key="Expires">Fri, 12 Dec 1980 23:23:23 GMT</prop>
373	<prop key="Cache-Control">no-cache, private, s-maxage=0, max-age=0, must-revalidate, proxy-revalidate, no-store</prop>
374	<prop key="Cache-Control">post-check=0, pre-check=0</prop>
375	</props>
376	</property>
377	</bean>
378	<bean id="commonHTTPResponseHeaders" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
379	<description>
380	common security headers. See:
381	https://blog.veracode.com/2014/03/guidelines-for-setting-security-headers/
382
383	Note: ajax json requests are typically blocked by most browsers (CORS).
384	e.g. file:, http:, https:, ftp: are all not acceptable if outside of
385	the current domain when making a XMLHttpRequest.
386	see:
387	http://www.html5rocks.com/en/tutorials/cors/
388	https://learn.jquery.com/ajax/working-with-jsonp/
389	Can also set header name="Access-Control-Allow-Origin" value="*"
390	</description>
391	<property name="properties">
392	<props>
393	<prop key="X-XSS-Protection">1</prop>
394	<prop key="X-Content-Type-Options">nosniff</prop>
395	<prop key="X-Frame-Options">DENY</prop>
396	<prop key="Strict-Transport-Security">max-age=31536000</prop>
397	</props>
398	</property>
399	</bean>
400
401	<bean id="commonModelMapListController" abstract="true" class="org.ibisph.web.springmvc.ModelMapListProcessingController">
402	<description>
403	Provides base of all HTML page type controllers. Defines the
404	ModelMapListProcessingController class, the additional modelmaps that
405	most pages use, and the HTTPResponseHeaders (typically setup to
406	handle XSS security).
407	</description>
408	<property name="additionalModelMapList">
409	<list>
410	<ref bean="commonContentBasePathModelMap"/>
411	<ref bean="commonWebAppBasePathModelMap"/>
412	<ref bean="commonHTTPRequestPathSegmentsModelMap"/>
413	<ref bean="commonHTTPRequestParametersModelMap"/>
414	<ref bean="commonOrgUnitsModelMap"/>
415	<ref bean="commonUserProfileModelMap"/>
416	<ref bean="commonModifiedDateModelMap"/>
417	</list>
418	</property>
419	<property name="HTTPResponseHeaders" ref="commonHTTPResponseHeaders"/>
420	</bean>
421
422
423
424	<!-- X M L R E S O U R C E S -->
425	<bean id="commonXMLEncodingScheme" class="org.ibisph.model.StringHolder">
426	<description>
427	XML encoding scheme used when creating an XML file and Request character
428	encoding. Both of these should work: "UTF-8", "ISO-8859-1", however, UTF-8
429	had some problems with some data. ISO-8859-1 is an 8 bit subset of the 16
430	bit unicode UTF-8 character set and is used for western english characters.
431	</description>
432	<constructor-arg value="ISO-8859-1"/>
433	</bean>
434
435	<bean id="commonXMLOutputFormat" class="org.dom4j.io.OutputFormat">
436	<property name="encoding" value="#{commonXMLEncodingScheme.string}"/>
437	<property name="indentSize" value="1"/> <!-- count of indents -->
438	<property name="indent" value=" "/> <!-- tab value: = horizontal tab or spaces etc -->
439	<property name="newlines" value="true"/> <!-- if true puts next element on new line -->
440	<property name="padText" value="false"/> <!-- if true just adds extra blank line inbetween... -->
441	<property name="trimText" value="true"/> <!-- strips white space. Do NOT set to true for IPs as embedded CRs will be lost -->
442	</bean>
443
444
445	<!-- X S L T T R A N S F O R M A T I O N R E S O U R C E S -->
446	<!-- The main function is to set the XSLT transformation factory to be used.
447	This mechanism allows for a pluggable XSLT engine to be explicitly used.
448	This can be set as a system property but doing so can impact other apps
449	that are installed on the same app server which require/rely on other
450	versions of an XSLT processor (typically XALAN). If the factory is not
451	explicitly set then the app server's/JVM's default XSLT engine will be
452	used (via JAXP - typically XALAN which will NOT work for IBIS as of 2008).
453
454	NOTES:
455	- This factory must be XSLT v2.0 (at this point Saxon is the best
456	solution - XALAN 2.x will NOT work for IBIS as it is v1.x).
457
458	- Removed the IBIS transformer factory type classes in late 2008 as they
459	were not needed. If XALAN ever goes to 2.0 and adopters want to use then
460	those objects can be resurrected or new XALAN objects can be created as
461	needed.
462
463	PRODUCTION: It is highly recommended to use the caching Saxon XSLT engine:
464	<bean id="commonXSLTTransformerFactory" class="org.ibisph.xslt.CachedSaxonTransformerFactory"/>
465
466	XSLT DEVELOPMENT: Use the normal, thread safe non caching Saxon XSLT
467	Transformation Factory. This avoids having to restart the app or touch
468	the core XSLT file.
469	<bean id="commonXSLTTransformerFactory" class="net.sf.saxon.TransformerFactoryImpl"/>
470	-->
471	<bean id="commonXSLTTransformerFactory" class="org.ibisph.xslt.CachedSaxonTransformerFactory"/>
472	<bean id="commonXSLTTransformation" class="org.ibisph.xslt.Transformation">
473	<constructor-arg ref="commonXSLTTransformerFactory"/>
474	</bean>
475	<bean id="commonXSLTTransformationView" class="org.ibisph.xml.springmvc.XSLTXMLTransformationView">
476	<description>
477	Core transformation view that almost all views use/extend from.
478	</description>
479	<constructor-arg ref="commonXSLTTransformation"/>
480	<property name="XMLModelMapKey" value="#{commonXMLModelMapKey.string}"/>
481	<property name="XSLTURLModelMapKey" value="XSLT"/>
482	<property name="XSLTURLGetModelService" ref="commonXSLTFilePathModelService"/>
483	</bean>
484
485
486	<bean id="commonXSSStringValidator" class="org.ibisph.util.ExclusionRegexFindStringValidator">
487	<description>
488	Series of regex that attempts to detect XSS - injected javascript. For
489	IBIS the main issue is that you could embed some script into a saved
490	query and a user could then share that saved query def with another
491	user. When that user opens the saved query it could execute some
492	script that could do a few things. However, this is quickly found as
493	the victim can report it and the admin can see exactly which user is
494	the offender and take action.
495
496	This validator will catch very basic XSS and is provided mostly for
497	IT departments to feel better about things. To do this right the
498	text MUST be processed as HTML and parsed to being valid etc.
499	</description>
500	<property name="regEx">
501	<list>
502	<value>javascript:\|<\sscript.?\s*></value>
503	</list>
504	</property>
505	</bean>
506
507	<bean id="commonXMLStringCleaner" class="org.ibisph.util.ReplacementStringCleaner">
508	<description>Cleans/replaces characters. Stubbed out for now...</description>
509	<property name="replacementCharsMap">
510	<map>
511	<entry key="‘" value="'"/>
512	<entry key="’" value="'"/>
513	</map>
514	</property>
515	</bean>
516
517
518	<!-- E X C E P T I O N R E S O L V E R -->
519
520	<!-- Exception Resolvers are typically a list of exceptions with associated
521	views to be used to display an error for a given type of exception.
522	Note that the resolver is ONLY used for exceptions thrown/uncaught
523	within controller objects e.g. objects controlled by the Request Dispatcher
524	servlet/container. For "view" related errors a HandlerInterceptor
525	is needed see:
526
527	http://stackoverflow.com/questions/196495/how-to-configure-spring-handlerexceptionresolver-to-handle-nullpointerexception-t)
528
529	Other types of errors that happen outside of the servlet (like filter
530	errors) are also not able to be handled. Many of these errors that occur
531	within the IBIS applications are view related and due to the fact that
532	the web.xml error handling can be used to handle ALL types of errors,
533	there's not much value in an ErrorResolver. As if 2010, all errors
534	simply go through to the container which will then use the web.xml
535	which uses a centralized error jsp to handle all errors. The error
536	page logs the error and returns an error page to the user. The two
537	major down sides to this centralized JSP approach is that 1) the error
538	JSP has to be bullet proof, and 2) the error handling is limited to
539	what can be done within a JSP. The pro to this approach is that it
540	is all centralized and handled consistently.
541	-->
542
543	<!-- Below is a basic ExceptionResolver that many Spring MVC apps implement.
544	Specific exceptions are handled by the simple exception to view resolver
545	This resolver needs to be used first and MUST not be configured to do the
546	general error handling as the next resolver will not be called. Note that
547	this can be setup to handle everything but it's was easier to understand
548	and control doing this way.
549
550	<bean id="commonSpecificExceptionResolver" class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
551	<property name="order" value="1"/>
552	<property name="defaultStatusCode" value="700"/>
553	<property name="defaultErrorView" value="/WEB-INF/jsp/error/detail.jsp"/>
554	<property name="exceptionAttribute" value="Exception"/>
555	<property name="mappedHandlers">
556	<set><value>java.lang.Throwable</value><ref local="commonDefault.ExceptionHandler"/></set>
557	</property>
558	<property name="exceptionMappings">
559	<props>
560	<prop key="org.ibisph.web.springmvc.controller.query.NullModuleException">Query.NullModuleDocument.View</prop>
561	<prop key="java.lang.Exception ">Query.NullModuleDocument.View</prop>
562	</props>
563	</property>
564	</bean>
565
566	For many years a simple logging type ExceptionResolver was used. The code
567	below is left in case the logging exception handler is wanted by an adopter.
568
569	<bean id="commonDefaultExceptionHandler" class="org.ibisph.web.springmvc.LoggingControllerExceptionHandler">
570	<property name="order" value="1"/>
571	</bean>
572	-->
573
574	</beans>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: