Hi all,
There is a general need to validate input sent from the client to the
server before actually acting upon the input. Of course, we could leave
this validation to the implementation of the input consumer. But then we
would prevent the use of the generic microjax handling of input as we
would have to implement POST (and other) servlets or scripts for each
case. Rather I suggest, we define an extensible input validation system,
which is used mainly by the microjax handling but may also be used other
consumers of client supplied input data.
I have been looking at the Spring 2.5 validation package [1] for some
inspiration. Though I think this package is somewhat overkill for our
case, there are two interfaces, which look interesting:
* Validator - this is the interface to be implemented by input
validators
* Errors - this is the interface gathering all validation issues
For Sling, the validator interface will be rather simple :
public interface Validator {
void validate(??? input, Errors errors);
}
The validate method checks the input and reports issues to the errors
object. I am not sure about the type of the input. Probably it is best,
if it would be the request object. The validator itself does not send
any response, it just fills the errors object.
The Validator implementation is registered as an OSGi service (hold on,
scripting will follow) of type Validator. The question is, how the
validator is selected for a given request :
(1) Simply use the resource type
or (2) Same as servlet/script resolution take resource type, selectors,
extension and
request method into account
A validator may also be a script. The script would of course get
different input than a normal request rendering script. The location of
the script should be different from the normal request rendering
scripts, e.g. /apps/<resourcetype>/validators/* (of course this collides
with a normal request rendering script for the selector "validators",
which may or may not be an issue).
To use the validation framework, we would have a validation service :
public interface ValidationService {
Errors validate(SlingHttpServletRequest request);
}
Scripts and servlets requiring validation would call the
ValidationService.validate method with the request and response objects.
The ValidationService internally manages the validator selection and
call. The validate method returns null if the input validates
successfully. Otherwise an Errors instance is returned which may be
inspected and from which a response may be generated to send back to the
client.
WDYT ?
Regards
Felix
[1]
http://static.springframework.org/spring/docs/2.5.x/api/org/springframework/validation/package-summary.html
