Examples of hirondelle.web4j.model.BadRequestException

hirondelle.web4j.model.BadRequestException
Thrown by {@link hirondelle.web4j.security.ApplicationFirewall} when a problem with an incoming HTTP request is detected.
This class is intended only for bugs and malicious attacks. It is not intended for normal business logic. If a BadRequestException is thrown by {@link hirondelle.web4j.security.ApplicationFirewall}, then the {@link hirondelle.web4j.Controller} will reply with a short, unpolished response (often a default page defined by the server). Under normal operating conditions, the end user should not see such a response.
See {@link hirondelle.web4j.security.ApplicationFirewall} for more information.
Design Note
This class is not an {@link AppException}, since it is meant to encapsulate only a single item at a time.

   processing is attempted.
  */
  private void checkForExtremeSize(RequestParser aRequest) throws BadRequestException {
    fLogger.fine("Checking for extreme size.");
    if ( isRequestExcessivelyLarge(aRequest) ) {
      throw new BadRequestException(HttpServletResponse.SC_REQUEST_ENTITY_TOO_LARGE);
    }
  }

View Full Code Here

        String incomingParamName = (String)paramNames.nextElement();
        fLogger.fine("Checking parameter named " + Util.quote(incomingParamName));
        RequestParameter knownParam = matchToKnownParam(incomingParamName, expectedParams);
        if( knownParam == null ){
          fLogger.severe("*** Unknown Parameter *** : " + Util.quote(incomingParamName) + ". Please add public static final RequestParameter field for this item to your Action.");
          throw new BadRequestException(HttpServletResponse.SC_BAD_REQUEST);
        }
        if ( knownParam.isFileUploadParameter() ) {
          fLogger.fine("File Upload parameter - value not validatable here: " + knownParam.getName());
          continue; //prevents checks on values for file upload controls
        }

View Full Code Here

  private void checkParamValues(RequestParameter aKnownReqParam, Collection<SafeText> aParamValues) throws BadRequestException {
    for(SafeText paramValue: aParamValues){
      if ( Util.textHasContent(paramValue) ) {
        if ( ! aKnownReqParam.isValidParamValue(paramValue.getRawString()) ) {
          fLogger.severe("Request parameter named " + aKnownReqParam.getName() + " has an invalid value. Its size is: " + paramValue.getRawString().length());
          throw new BadRequestException(HttpServletResponse.SC_BAD_REQUEST);
        }
        if( fIsSpamDetectionOn ){
          SpamDetector spamDetector = BuildImpl.forSpamDetector();
          if( spamDetector.isSpam(paramValue.getRawString()) ){
            fLogger.fine("SPAM detected.");
            throw new BadRequestException(HttpServletResponse.SC_BAD_REQUEST);
          }
        }
      }
    }
  }

View Full Code Here

        String rawValue = aRequestParser.getRawParamValue(reqParam);
        if (Util.textHasContent(rawValue)){
          Operation operation = Operation.valueOf(rawValue);
          if ( isAttemptingSideEffectOperationWithoutPOST(operation, aRequestParser) ){
            fLogger.severe("Security problem. Attempted operation having side effects outside of a POST. Please use a <FORM> with method='POST'.");
            throw new BadRequestException(HttpServletResponse.SC_BAD_REQUEST);
          }
        }
      }
    }
  }

View Full Code Here

  private void defendAgainstCSRFAttacks(RequestParser aRequestParser) throws BadRequestException {
    if( requestNeedsDefendingAgainstCSRFAttacks(aRequestParser) ) {
      Id postedTokenValue = aRequestParser.toId(fCSRF_REQ_PARAM);
      if ( FAILS == toIncludeCsrfTokenWithForm(postedTokenValue) ){
        fLogger.severe("CSRF token not included in POSTed request. Rejecting this request, since it is likely an attack.");
        throw new BadRequestException(HttpServletResponse.SC_BAD_REQUEST);
      }
      
      if( FAILS == matchCurrentCSRFToken(aRequestParser, postedTokenValue) ) {
        if( FAILS == matchPreviousCSRFToken(aRequestParser, postedTokenValue) ) {
          fLogger.severe("CSRF token does not match the expected value. Rejecting this request, since it is likely an attack.");
          throw new BadRequestException(HttpServletResponse.SC_BAD_REQUEST);        
        }
      }
      fLogger.fine("Success: no CSRF problem detected.");
    }
  }

View Full Code Here

      if ( ! loggedInUserName.equals(ownerText) ) {
        fLogger.severe(
          "Violation of an ownership constraint! " + 
          "The currently logged in user-name ('" + loggedInUserName + "') does not match the name of the data-owner ('" + ownerText + "')." 
        );
        throw new BadRequestException(HttpServletResponse.SC_BAD_REQUEST, "Ownership Constraint has been violated.");
      }
    }
    else {
      ownershipConstraintNotImplementedCorrectly(
        "According to the configured UntrustedProxyForUserId implementation, the requested operation has an ownership constraint. " +

View Full Code Here

TOP

Related Classes of hirondelle.web4j.model.BadRequestException

hirondelle.web4j.Controller

hirondelle.web4j.security.ApplicationFirewallImpl

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.