public final class URLChecker extends Object
An instance of this class holds an internal instance to java.net.URI which is part of JDK 1.4. The URLChecker uses reflections therefore this class can be used also in a build environment JDK 1.3, but the runtime environment must be at least JRE 1.4, because of the dependencies to Regex and URI.
setWhiteURLPattern(String)
.
setHosts(String[])
.
URI
,
StringUtils
,
XSSEncoder
Constructor and Description |
---|
URLChecker()
Creates and initializes a plain URLChecker object, without validation.
|
URLChecker(String uri)
Creates URLChecker object and verfies a the passed URL.
|
URLChecker(String[] defaultProtocols)
Creates a URLChecker object
|
URLChecker(String uri,
String encoded)
Creates URL verfier object from a given string with additional setting of
the used character set.
|
Modifier and Type | Method and Description |
---|---|
void |
addProtocol(String proc)
Add a protocol for the URLChecker
|
boolean |
addWhiteURLPattern(String pattern)
Add a new white liste entry for the URLChecker routine.
|
String |
getDefaultProtocol()
Get the default protocol.
|
String[] |
getProtocols()
Get the allowed protocol list.
|
URL |
getValidURL(String uri)
Returns a valid URL object or null
|
String |
getValidURLString()
Returns a the valid URL string.
|
static String |
getValidURLString(String url)
Checks the URL string.
|
void |
ignoreInheritedException(boolean ign)
This works only in restrictive mode
If this flag is set to true, the URLChecker
ignores exceptions in the decoder loop.
|
boolean |
isValid()
Checks whether the URI is valid using the rules decribed in the header of
this class.
|
boolean |
isValid(String uri)
Checks whether the URI is valid using the rules decribed in the header of
this class.
|
boolean |
isValid(String url,
boolean restrict,
String[] allowedProtocols)
Checks a provided URL string whether is is valid of not.
|
boolean |
isValid(String url,
String encoding,
boolean restrict,
boolean ignoreInDecExcep,
String defaultProtocol,
String[] allowedProtocols,
RegexPattern blackpattern)
Checks a provided URL string whether is is valid of not.
|
boolean |
isValid(String url,
String encoding,
boolean restrict,
String defaultProtocol,
String[] allowedProtocols,
RegexPattern blackpattern)
Checks a provided URL string whether is is valid of not.
|
boolean |
isValid(String url,
String encoding,
boolean restrict,
String defaultProtocol,
String[] allowedProtocols,
RegexPattern whitePattern,
RegexPattern blackpattern)
Checks a provided URL string whether is is valid of not.
|
static boolean |
isValidURL(String url)
Checks a provided URL string whether it is valid or not.
|
static boolean |
isValidURL(String url,
boolean restrict,
String[] allowedProtocols)
Checks a provided URL string whether is is valid of not.
|
static boolean |
isValidURL(String url,
String encoding,
boolean restrict,
boolean ignoreInDecExcep,
String defaultProtocol,
String[] allowedProtocols,
RegexPattern blackpattern)
Checks a provided URL string whether is is valid of not.
|
static boolean |
isValidURL(String url,
String encoding,
boolean restrict,
boolean ignoreInDecExcep,
String defaultProtocol,
String[] allowedProtocols,
RegexPattern whitepattern,
RegexPattern blackpattern)
Checks a provided URL string whether is is valid of not.
|
static boolean |
isValidURL(String url,
String encoding,
boolean restrict,
String defaultProtocol,
String[] allowedProtocols,
RegexPattern blackpattern)
Checks a provided URL string whether is is valid of not.
|
Object |
normalize()
Normalizes the URI path and return a URI object java.net.URI
|
boolean |
setBlackURLPattern(String pattern)
Set (compile internally) a new regular expression for the URLChecker
routine.
|
boolean |
setBlackURLPattern(String pattern,
int flags)
Set (compile internally) a new regular expression for the URLChecker
routine.
|
void |
setDefaultProtocol(String proc)
Set the default protocol.
|
void |
setHosts(String[] hosts)
Reset the complete list.
|
void |
setProtocols(String[] protocols)
Reset the complete allowed protocol list.
|
void |
setRestrictive(boolean chk)
Set the default check mechanism.
|
boolean |
setWhiteURLPattern(String pattern)
Set (compile internally) a new regular expression for the URLChecker
routine.
|
boolean |
setWhiteURLPattern(String pattern,
int flags)
Set (compile internally) a new regular expression for the URLChecker
routine.
|
static String |
urlNormalize(String url)
Normalize the given path string.
|
public URLChecker()
public URLChecker(String[] defaultProtocols)
defaultProtocols
- public URLChecker(String uri) throws MalformedURLException
uri
- String of URLMalformedURLException
public URLChecker(String uri, String encoded) throws MalformedURLException
uri
- String of URLencoded
- Character set of URLMalformedURLException
public static String urlNormalize(String url)
url
- URL string to be normalizedpublic Object normalize() throws MalformedURLException
MalformedURLException
public void setRestrictive(boolean chk)
chk
- true: Checks for all HTML tags in a ULRpublic void ignoreInheritedException(boolean ign)
If this flag is set to true, the URLChecker ignores exceptions in the decoder loop. The restrictive mode activates a decoding of an URL as long as there are no changes of the URL. In this loop there might be exceptions because of signs e.g. '%' which are encoded but a decode step > 1 might lead to unwilling problmes.
ign
- true: Ignore exceptions in decoding looppublic void setDefaultProtocol(String proc)
proc
- String with default protocol (e.g. http,https,ftp)public String getDefaultProtocol()
public void setProtocols(String[] protocols)
protocols
- String array of allowed protocols, e.g. { "http", "https" }.
If you don't want check the protocol, then
setRestrictive
to false or pass
null
public void setHosts(String[] hosts)
The hosts can be passed as plain string parameters (strongly
recommended) or with patterns (e.g. *, ?) to perform a
regex match. The regex search is more powerful but slower
and therefore not recommended if not needed. If no entry in the
list contains any pattern characters, then String.compareTo
is
used otherwise String.mathes
is used for the check.
hosts
- String array of allowed hosts, e.g.
{ "localhost", "server1" , "server1.domain.com", "server2"}.
If you dont want check the hosts, then
setRestrictive
to false or pass
null
String
public String[] getProtocols()
public void addProtocol(String proc)
proc
- String with a protocol (e.g. http, flash)public boolean setBlackURLPattern(String pattern)
Default pattern is <\\s*script[^>]*>(.*)<\\s* /script\\s*>|\n|\r|\0
pattern
- A regular expression, based on POSIX 1003. If pattern is null,
the interal check is deactivated.public boolean setBlackURLPattern(String pattern, int flags)
Default pattern is <\\s*script[^>]*>(.*)<\\s* /script\\s*>|\n|\r|\0
pattern
- A regular expression, based on POSIX 1003. If pattern is null,
the interal check is deactivated.flags
- Match flags, a bit mask that may include RegexPattern.CASE_INSENSITIVE
,
RegexPattern.MULTILINE
,
RegexPattern.DOTALL
,
RegexPattern.UNICODE_CASE
,
and
RegexPattern.CANON_EQ
public boolean setWhiteURLPattern(String pattern)
Default pattern is empty.
pattern
- A regular expression, based on POSIX 1003. If pattern is null,
the interal check is deactivated.public boolean setWhiteURLPattern(String pattern, int flags)
Default pattern is empty.
pattern
- A regular expression, based on POSIX 1003. If pattern is null,
the interal check is deactivated.flags
- Match flags, a bit mask that may include RegexPattern.CASE_INSENSITIVE
,
RegexPattern.MULTILINE
,
RegexPattern.DOTALL
,
RegexPattern.UNICODE_CASE
,
and
RegexPattern.CANON_EQ
public boolean addWhiteURLPattern(String pattern) throws IllegalArgumentException
Default pattern is empty. Therefore if you invoke this method, internally a setWhiteURLPattern method is invoked.
pattern
- A regular expression, based on POSIX 1003. If pattern is null,
the interal check is deactivated.IllegalArgumentException
public boolean isValid() throws MalformedURLException
MalformedURLException
public boolean isValid(String uri) throws MalformedURLException
uri
- String of URLMalformedURLException
public boolean isValid(String url, boolean restrict, String[] allowedProtocols) throws MalformedURLException
url
- URL String ( must not be null )restrict
- boolean flag which switch for a more restrictive checkallowedProtocols
- List of allowed protocols ( if null, the class internal
default protocol list is used !!! )MalformedURLException
setProtocols(String[])
public boolean isValid(String url, String encoding, boolean restrict, String defaultProtocol, String[] allowedProtocols, RegexPattern blackpattern) throws MalformedURLException
url
- URL String ( must not be null )encoding
- Character encoding ( if null, default is UTF-8 )restrict
- boolean flag which switch on/off a more restrictive checkdefaultProtocol
- Default protocol ( if null, default is http )allowedProtocols
- List of allowed protocols ( if null, the class internal
default protocol list is used !!! )blackpattern
- A RegexPattern object to perform a regular expression match on
the string ( if null, no pattern match is performed !!!
) See the compile method of RegexPattern to create a
object.MalformedURLException
RegexPattern.compile(java.lang.String)
,
setProtocols(String[])
public boolean isValid(String url, String encoding, boolean restrict, String defaultProtocol, String[] allowedProtocols, RegexPattern whitePattern, RegexPattern blackpattern) throws MalformedURLException
url
- URL String ( must not be null )encoding
- Character encoding ( if null, default is UTF-8 )restrict
- boolean flag which switch on/off a more restrictive checkdefaultProtocol
- Default protocol ( if null, default is http )allowedProtocols
- List of allowed protocols ( if null, the class internal
default protocol list is used !!! )whitePattern
- A RegexPattern object to perform a regular expression match on
the string ( if null, no pattern match is performed !!!
) See the compile method of RegexPattern to create a
object.blackpattern
- A RegexPattern object to perform a regular expression match on
the string ( if null, no pattern match is performed !!!
) See the compile method of RegexPattern to create a
object.MalformedURLException
RegexPattern.compile(java.lang.String)
,
setProtocols(String[])
public boolean isValid(String url, String encoding, boolean restrict, boolean ignoreInDecExcep, String defaultProtocol, String[] allowedProtocols, RegexPattern blackpattern) throws MalformedURLException
url
- URL String ( must not be null )encoding
- Character encoding ( if null, default is UTF-8 )restrict
- boolean flag which switch on/off a more restrictive checkignoreInDecExcep
- boolean flag which ignores an inherited URLDecoder exception,
only if restrict is set to truedefaultProtocol
- Default protocol ( if null, default is http )allowedProtocols
- List of allowed protocols ( if null, the class internal
default protocol list is used !!! )blackpattern
- A RegexPattern object to perform a regular expression match on
the string ( if null, no pattern match is performed !!!
) See the compile method of RegexPattern to create a
object.MalformedURLException
RegexPattern.compile(java.lang.String)
,
setProtocols(String[])
public URL getValidURL(String uri) throws MalformedURLException
uri
- String of URLMalformedURLException
public String getValidURLString() throws MalformedURLException
MalformedURLException
public static String getValidURLString(String url)
url
- URL Stringpublic static boolean isValidURL(String url)
url
- URL String.public static boolean isValidURL(String url, String encoding, boolean restrict, String defaultProtocol, String[] allowedProtocols, RegexPattern blackpattern)
url
- URL String ( must not be null )encoding
- Character encoding ( if null, default is UTF-8 )restrict
- boolean flag which switch on/off a more restrictive checkdefaultProtocol
- Default protocol ( if null, default is http )allowedProtocols
- List of allowed protocols ( if null, no protocol check is
performed !!! )blackpattern
- A RegexPattern object to perform a regular expression match on
the string ( if null, no pattern match is performed !!!
) See the compile method of RegexPattern to create a
object.RegexPattern.compile(java.lang.String)
public static boolean isValidURL(String url, String encoding, boolean restrict, boolean ignoreInDecExcep, String defaultProtocol, String[] allowedProtocols, RegexPattern blackpattern)
url
- URL String ( must not be null )encoding
- Character encoding ( if null, default is UTF-8 )restrict
- boolean flag which switch on/off a more restrictive checkignoreInDecExcep
- boolean flag which ignores an inherited URLDecoder exception,
only if restrict is set to truedefaultProtocol
- Default protocol ( if null, default is http )allowedProtocols
- List of allowed protocols ( if null, no protocol check is
performed !!! )blackpattern
- A RegexPattern object to perform a regular expression match on
the string ( if null, no pattern match is performed !!!
) See the compile method of RegexPattern to create a
object.RegexPattern.compile(java.lang.String)
public static boolean isValidURL(String url, String encoding, boolean restrict, boolean ignoreInDecExcep, String defaultProtocol, String[] allowedProtocols, RegexPattern whitepattern, RegexPattern blackpattern)
url
- URL String ( must not be null )encoding
- Character encoding ( if null, default is UTF-8 )restrict
- boolean flag which switch on/off a more restrictive checkignoreInDecExcep
- boolean flag which ignores an inherited URLDecoder exception,
only if restrict is set to truedefaultProtocol
- Default protocol ( if null, default is http )allowedProtocols
- List of allowed protocols ( if null, no protocol check is
performed !!! )whitepattern
- A RegexPattern object to perform a regular expression match on
the string ( if null, no pattern match is performed !!!
) See the compile method of RegexPattern to create a
object.blackpattern
- A RegexPattern object to perform a regular expression match on
the string ( if null, no pattern match is performed !!!
) See the compile method of RegexPattern to create a
object.RegexPattern.compile(java.lang.String)
public static boolean isValidURL(String url, boolean restrict, String[] allowedProtocols)
url
- URL String ( must not be null )restrict
- boolean flag which switch for a more restrictive checkallowedProtocols
- List of allowed protocols ( if null, no protocol check is
performed !!! )Access Rights |
---|
SC | DC | Public Part | ACH |
---|---|---|---|
[sap.com] ENGFACADE
|
[sap.com] tc/bl/security/lib
|
api
|
BC-JAS-SEC
|
[sap.com] ENGINEAPI
|
[sap.com]
|
-
|
BC-JAS-SEC
|
[sap.com] FRAMEWORK
|
[sap.com] tc/ui/faces
|
api
|
BC-WD-UR
|
Copyright 2018 SAP AG Complete Copyright Notice