Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
APACHE SLING & FRIENDS TECH MEETUP 
BERLIN, 22-24 SEPTEMBER 2014 
Apache Sling Generic Validation Framework 
rev 3.2014092...
adaptTo() 
Apache Sling Generic Validation Framework 
The most common web application security 
weakness is the failure to...
adaptTo() 
A Bit of History 
3
adaptTo() 
A Bit of History 
4
The Building Blocks 
adaptTo() 5
adaptTo() 
The Building Blocks 
6 
ValidationService 
•main entry point into the 
Validation API 
•responsible for retriev...
adaptTo() 
The Building Blocks 
6 
ValidationModel 
•descriptive structure for the 
validated object
adaptTo() 
The Building Blocks 
6 
ResourceProperty 
•describes one of the validated 
object’s properties 
•it has a Type ...
adaptTo() 
The Building Blocks 
6 
Validator 
•validates a single piece of 
information 
•can receive arguments
adaptTo() 
The Building Blocks 
6 
ChildResource 
•defines validation rules for 
resource trees 
•it’s comprised of one or...
adaptTo() 
The Building Blocks 
6 
ValidationResult 
•holds the validation result - 
boolean 
•it can contain validation e...
adaptTo() 
Expressing a ValidationModel as content 
7
adaptTo() 
Expressing a ValidationModel as content 
apps.validation.model.page 
--applicablePaths=[‘/content/p/1’, ‘/conte...
codeExamples(); 
adaptTo() 9
adaptTo() 
The ValidationService 
// resource validation 
ValidationModel model = validationService.getValidationModel(res...
adaptTo() 
Simple integration with Sling Models 
@PostConstruct 
protected void validateResource() { 
ValidationModel vm =...
adaptTo() 
Features available today 
1. ValidationModels based on content 
structures. 
2. The ValidationModels allow reso...
adaptTo() 
Planned features 
1. Provide JavaScript validators. 
2. Translate ValidationModel content 
structures into Java...
Demo 
adaptTo() 14
adaptTo() 
Apache Sling Generic Validation Framework 
15
adaptTo() 
Thank you! 
Links & Resources 
https://github.com/raducotescu/org.apache.sling.validation 
https://issues.apach...
Upcoming SlideShare
Loading in …5
×

Apache Sling Generic Validation Framework

1,346 views

Published on

The Apache Sling Generic Validation Framework is a prototype implementation capable of verifying the integrity of Resources or of any object capable of being adapted to a ValueMap (e.g. requests).

Published in: Software
  • Be the first to comment

  • Be the first to like this

Apache Sling Generic Validation Framework

  1. 1. APACHE SLING & FRIENDS TECH MEETUP BERLIN, 22-24 SEPTEMBER 2014 Apache Sling Generic Validation Framework rev 3.20140922 Radu Cotescu ASF committer, Sling contributor Computer Scientist @ Adobe Systems @raducotescu -­‐ radu@apache.org
  2. 2. adaptTo() Apache Sling Generic Validation Framework The most common web application security weakness is the failure to properly validate input from the client or environment. [1] 2
  3. 3. adaptTo() A Bit of History 3
  4. 4. adaptTo() A Bit of History 4
  5. 5. The Building Blocks adaptTo() 5
  6. 6. adaptTo() The Building Blocks 6 ValidationService •main entry point into the Validation API •responsible for retrieving a ValidationModel and for performing the validation operation
  7. 7. adaptTo() The Building Blocks 6 ValidationModel •descriptive structure for the validated object
  8. 8. adaptTo() The Building Blocks 6 ResourceProperty •describes one of the validated object’s properties •it has a Type and optionally a Validator
  9. 9. adaptTo() The Building Blocks 6 Validator •validates a single piece of information •can receive arguments
  10. 10. adaptTo() The Building Blocks 6 ChildResource •defines validation rules for resource trees •it’s comprised of one or more ResourceProperty objects
  11. 11. adaptTo() The Building Blocks 6 ValidationResult •holds the validation result - boolean •it can contain validation error messages
  12. 12. adaptTo() Expressing a ValidationModel as content 7
  13. 13. adaptTo() Expressing a ValidationModel as content apps.validation.model.page --applicablePaths=[‘/content/p/1’, ‘/content/p/2’] --sling:resourceType=sling/validation/model --validatedResourceType=/apps/p/c/page greeting --propertyType=string org.apache.sling.validation.impl.validators.RegexValidator --validatorArguments=[‘regex=^HelloWorld$’] 8
  14. 14. codeExamples(); adaptTo() 9
  15. 15. adaptTo() The ValidationService // resource validation ValidationModel model = validationService.getValidationModel(resource); if (model != null) { ValidationResult result = validationService.validate(resource, model); } // request validation ValueMap map = request.adaptTo(ValueMap.class); ValidationModel model = validationService.getValidationModel(VALIDATED_RESOURCE_TYPE, APPLICABLE_PATH); if (model != null) { ValidationResult result = validationService.validate(map, model); } 10
  16. 16. adaptTo() Simple integration with Sling Models @PostConstruct protected void validateResource() { ValidationModel vm = validationService.getValidationModel(resource); if (vm != null) { ValidationResult vr = validationService.validate(resource, vm); if (!vr.isValid()) { // do your processing here } } } 11
  17. 17. adaptTo() Features available today 1. ValidationModels based on content structures. 2. The ValidationModels allow resource-tree validation but also request parameters validation. 3. Non-intrusive for existing Sling Models 12
  18. 18. adaptTo() Planned features 1. Provide JavaScript validators. 2. Translate ValidationModel content structures into JavaScript objects for client-side validation. 3. Define a Validation client library. 13
  19. 19. Demo adaptTo() 14
  20. 20. adaptTo() Apache Sling Generic Validation Framework 15
  21. 21. adaptTo() Thank you! Links & Resources https://github.com/raducotescu/org.apache.sling.validation https://issues.apache.org/jira/browse/SLING-2803 [1] https://www.owasp.org/index.php/Data_Validation#Description The demo artifacts can be found in the examples folder from the Git repository. 16

×