001/* 002 * Copyright 2002-2018 the original author or authors. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * https://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 017package org.springframework.web.servlet.support; 018 019import java.util.Map; 020 021import javax.servlet.http.HttpServletRequest; 022 023import org.springframework.lang.Nullable; 024 025/** 026 * A contract for inspecting and potentially modifying request data values such 027 * as URL query parameters or form field values before they are rendered by a 028 * view or before a redirect. 029 * 030 * <p>Implementations may use this contract for example as part of a solution 031 * to provide data integrity, confidentiality, protection against cross-site 032 * request forgery (CSRF), and others or for other tasks such as automatically 033 * adding a hidden field to all forms and URLs. 034 * 035 * <p>View technologies that support this contract can obtain an instance to 036 * delegate to via {@link RequestContext#getRequestDataValueProcessor()}. 037 * 038 * @author Rossen Stoyanchev 039 * @since 3.1 040 */ 041public interface RequestDataValueProcessor { 042 043 /** 044 * Invoked when a new form action is rendered. 045 * @param request the current request 046 * @param action the form action 047 * @param httpMethod the form HTTP method 048 * @return the action to use, possibly modified 049 */ 050 String processAction(HttpServletRequest request, String action, String httpMethod); 051 052 /** 053 * Invoked when a form field value is rendered. 054 * @param request the current request 055 * @param name the form field name (if any) 056 * @param value the form field value 057 * @param type the form field type ("text", "hidden", etc.) 058 * @return the form field value to use, possibly modified 059 */ 060 String processFormFieldValue(HttpServletRequest request, @Nullable String name, String value, String type); 061 062 /** 063 * Invoked after all form fields have been rendered. 064 * @param request the current request 065 * @return additional hidden form fields to be added, or {@code null} if none 066 */ 067 @Nullable 068 Map<String, String> getExtraHiddenFields(HttpServletRequest request); 069 070 /** 071 * Invoked when a URL is about to be rendered or redirected to. 072 * @param request the current request 073 * @param url the URL value 074 * @return the URL to use, possibly modified 075 */ 076 String processUrl(HttpServletRequest request, String url); 077 078}