GreetingServiceDelegateImpl.java

package com.innowhere.relproxyexgwt.server;

import com.innowhere.relproxyexgwt.shared.FieldVerifier;

public class GreetingServiceDelegateImpl implements GreetingServiceDelegate
{
	protected GreetingServiceImpl parent;
	
	public GreetingServiceDelegateImpl()
	{
	}	
	
	public GreetingServiceDelegateImpl(GreetingServiceImpl parent)
	{
		this.parent = parent;
	}	
	
	public String greetServer(String input) throws IllegalArgumentException {
		
		// Verify that the input is valid. 
		if (!FieldVerifier.isValidName(input)) {
			// If the input is not valid, throw an IllegalArgumentException back to
			// the client.
			throw new IllegalArgumentException("Name must be at least 4 characters long");
		}

		String serverInfo = parent.getServletContext().getServerInfo();
		String userAgent = parent.getThreadLocalRequestPublic().getHeader("User-Agent");

		// Escape data from the client to avoid cross-site script vulnerabilities.
		input = escapeHtml(input);
		userAgent = escapeHtml(userAgent);

		return "Hello, " + input + "!<br><br>I am running " + serverInfo
				+ ".<br><br>It looks like you are using:<br>" + userAgent;
	}

	/**
	 * Escape an html string. Escaping data received from the client helps to
	 * prevent cross-site script vulnerabilities.
	 * 
	 * @param html the html string to escape
	 * @return the escaped string
	 */
	private String escapeHtml(String html) {
		if (html == null) {
			return null;
		}
		return html.replaceAll("&", "&").replaceAll("<", "<")
				.replaceAll(">", ">");
	}
}