Package com.day.cq.wcm.foundation.security

Interface SaferSlingPostValidator

public interface SaferSlingPostValidator
Service to check Sling Post requests for unsafe constructs.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final boolean
    ACCEPT
    ACCEPT returned when a request may be accepted.
    static final String
    POST_DEPTH_ATTRIBUTE
    Attribute set on the request to indicate the depth under the target request which :applyTo should be allowed to reference.
    static final boolean
    REJECT
    REJECT returned when a request should be rejected.

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    reject(SlingHttpServletRequest request, String... whitelistPatterns)
    Reject any unsafe post requests.

  • Field Details

    • REJECT

      static final boolean REJECT
      REJECT returned when a request should be rejected.
      See Also:

    • ACCEPT

      static final boolean ACCEPT
      ACCEPT returned when a request may be accepted.
      See Also:

    • POST_DEPTH_ATTRIBUTE

      static final String POST_DEPTH_ATTRIBUTE
      Attribute set on the request to indicate the depth under the target request which :applyTo should be allowed to reference.

  • Method Details

    • reject

      boolean reject(SlingHttpServletRequest request, String... whitelistPatterns)
      Reject any unsafe post requests.
      Parameters:
      request - the request to check
      whitelistPatterns - additional whitelist patterns
      Returns:
      REJECT if the request should be rejected, otherwise return ACCEPT.