001/* 002 * Copyright 2002-2013 the original author or authors. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * https://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 017package org.springframework.web.servlet.support; 018 019import java.util.Map; 020import javax.servlet.http.HttpServletRequest; 021 022/** 023 * A contract for inspecting and potentially modifying request data values such 024 * as URL query parameters or form field values before they are rendered by a 025 * view or before a redirect. 026 * 027 * <p>Implementations may use this contract for example as part of a solution 028 * to provide data integrity, confidentiality, protection against cross-site 029 * request forgery (CSRF), and others or for other tasks such as automatically 030 * adding a hidden field to all forms and URLs. 031 * 032 * <p>View technologies that support this contract can obtain an instance to 033 * delegate to via {@link RequestContext#getRequestDataValueProcessor()}. 034 * 035 * @author Rossen Stoyanchev 036 * @since 3.1 037 */ 038public interface RequestDataValueProcessor { 039 040 /** 041 * Invoked when a new form action is rendered. 042 * @param request the current request 043 * @param action the form action 044 * @param httpMethod the form HTTP method 045 * @return the action to use, possibly modified 046 */ 047 String processAction(HttpServletRequest request, String action, String httpMethod); 048 049 /** 050 * Invoked when a form field value is rendered. 051 * @param request the current request 052 * @param name the form field name 053 * @param value the form field value 054 * @param type the form field type ("text", "hidden", etc.) 055 * @return the form field value to use, possibly modified 056 */ 057 String processFormFieldValue(HttpServletRequest request, String name, String value, String type); 058 059 /** 060 * Invoked after all form fields have been rendered. 061 * @param request the current request 062 * @return additional hidden form fields to be added, or {@code null} 063 */ 064 Map<String, String> getExtraHiddenFields(HttpServletRequest request); 065 066 /** 067 * Invoked when a URL is about to be rendered or redirected to. 068 * @param request the current request 069 * @param url the URL value 070 * @return the URL to use, possibly modified 071 */ 072 String processUrl(HttpServletRequest request, String url); 073 074}