49 lines
1.6 KiB
Java
49 lines
1.6 KiB
Java
|
package org.gcube.portlets.user.td.server;
|
||
|
|
||
|
import org.gcube.portlets.user.td.client.rpc.GreetingService;
|
||
|
import org.gcube.portlets.user.td.shared.FieldVerifier;
|
||
|
import com.google.gwt.user.server.rpc.RemoteServiceServlet;
|
||
|
|
||
|
/**
|
||
|
* The server side implementation of the RPC service.
|
||
|
*/
|
||
|
@SuppressWarnings("serial")
|
||
|
public class GreetingServiceImpl extends RemoteServiceServlet implements
|
||
|
GreetingService {
|
||
|
|
||
|
public String greetServer(String input) throws IllegalArgumentException {
|
||
|
// Verify that the input is valid.
|
||
|
if (!FieldVerifier.isValidName(input)) {
|
||
|
// If the input is not valid, throw an IllegalArgumentException back to
|
||
|
// the client.
|
||
|
throw new IllegalArgumentException(
|
||
|
"Name must be at least 4 characters long");
|
||
|
}
|
||
|
|
||
|
String serverInfo = getServletContext().getServerInfo();
|
||
|
String userAgent = getThreadLocalRequest().getHeader("User-Agent");
|
||
|
|
||
|
// Escape data from the client to avoid cross-site script vulnerabilities.
|
||
|
input = escapeHtml(input);
|
||
|
userAgent = escapeHtml(userAgent);
|
||
|
|
||
|
return "Hello, " + input + "!<br><br>I am running " + serverInfo
|
||
|
+ ".<br><br>It looks like you are using:<br>" + userAgent;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Escape an html string. Escaping data received from the client helps to
|
||
|
* prevent cross-site script vulnerabilities.
|
||
|
*
|
||
|
* @param html the html string to escape
|
||
|
* @return the escaped string
|
||
|
*/
|
||
|
private String escapeHtml(String html) {
|
||
|
if (html == null) {
|
||
|
return null;
|
||
|
}
|
||
|
return html.replaceAll("&", "&").replaceAll("<", "<").replaceAll(
|
||
|
">", ">");
|
||
|
}
|
||
|
}
|