47 lines
1.5 KiB
Java
47 lines
1.5 KiB
Java
package org.gcube.portlets.widgets.gdvw.server;
|
|
|
|
import org.gcube.portlets.widgets.gdvw.client.GreetingService;
|
|
import org.gcube.portlets.widgets.gdvw.shared.FieldVerifier;
|
|
|
|
import com.google.gwt.user.server.rpc.RemoteServiceServlet;
|
|
|
|
/**
|
|
* The server-side implementation of the RPC service.
|
|
*/
|
|
@SuppressWarnings("serial")
|
|
public class GreetingServiceImpl extends RemoteServiceServlet implements GreetingService {
|
|
|
|
public String greetServer(String input) throws IllegalArgumentException {
|
|
// Verify that the input is valid.
|
|
if (!FieldVerifier.isValidName(input)) {
|
|
// If the input is not valid, throw an IllegalArgumentException back to
|
|
// the client.
|
|
throw new IllegalArgumentException("Name must be at least 4 characters long");
|
|
}
|
|
|
|
String serverInfo = getServletContext().getServerInfo();
|
|
String userAgent = getThreadLocalRequest().getHeader("User-Agent");
|
|
|
|
// Escape data from the client to avoid cross-site script vulnerabilities.
|
|
input = escapeHtml(input);
|
|
userAgent = escapeHtml(userAgent);
|
|
|
|
return "Hello, " + input + "!<br><br>I am running " + serverInfo + ".<br><br>It looks like you are using:<br>"
|
|
+ userAgent;
|
|
}
|
|
|
|
/**
|
|
* Escape an html string. Escaping data received from the client helps to
|
|
* prevent cross-site script vulnerabilities.
|
|
*
|
|
* @param html the html string to escape
|
|
* @return the escaped string
|
|
*/
|
|
private String escapeHtml(String html) {
|
|
if (html == null) {
|
|
return null;
|
|
}
|
|
return html.replaceAll("&", "&").replaceAll("<", "<").replaceAll(">", ">");
|
|
}
|
|
}
|