SessionIdNormalizer.java example

Explorer

servlet-safety-master
- src
  - main
    - java
      - com
        wesabe
        servlet
        BadRequestException.java
        BadResponseException.java
        ErrorReporterFilter.java
        SafeFilter.java
        SafeRequest.java
        SafeResponse.java
        errors
        DebugErrorReporter.java
        ErrorReporter.java
        SendmailErrorReporter.java
        normalizers
        ContextPathNormalizer.java
        CookieNormalizer.java
        HeaderNameNormalizer.java
        HeaderValueNormalizer.java
        HostnameNormalizer.java
        MethodNormalizer.java
        Normalizer.java
        ParameterNameNormalizer.java
        ParameterValueNormalizer.java
        PathInfoNormalizer.java
        PortNormalizer.java
        QueryStringNormalizer.java
        SchemeNormalizer.java
        SessionIdNormalizer.java
        UriFragmentNormalizer.java
        UriNormalizer.java
        ValidationException.java
        util
        CaseInsensitiveSet.java
        CharacterSet.java
  - test
    - java
      - com
        wesabe
        servlet
        errors
        tests
        DebugErrorReporterTest.java
        ErrorReporterTest.java
        SendmailErrorReporterTest.java
        normalizers
        tests
        ContextPathNormalizerTest.java
        CookieNormalizerTest.java
        HeaderNameNormalizerTest.java
        HeaderValueNormalizerTest.java
        HostnameNormalizerTest.java
        MethodNormalizerTest.java
        ParameterNameNormalizerTest.java
        ParameterValueNormalizerTest.java
        PathInfoNormalizerTest.java
        PortNormalizerTest.java
        QueryStringNormalizerTest.java
        SchemeNormalizerTest.java
        SessionIdNormalizerTest.java
        UriNormalizerTest.java
        ValidationExceptionTest.java
        util
        tests
        CaseInsensitiveSetTest.java
        CharacterSetTest.java
        tests
        BadRequestExceptionTest.java
        BadResponseExceptionTest.java
        ErrorReporterFilterTest.java
        SafeFilterTest.java
        SafeRequestTest.java
        SafeResponseTest.java
        stubs
        BadServlet.java
        GoodServlet.java

package com.wesabe.servlet.normalizers;

import com.wesabe.servlet.normalizers.util.CharacterSet;

/**
 * Normalizes session IDs.
 * 
 * @author coda
 */
public class SessionIdNormalizer implements Normalizer<String> {
	private static final CharacterSet VALID_CHARACTERS = CharacterSet.of("ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
	private static final int MIN_SESSION_ID_LENGTH = 10;
	private static final int MAX_SESSION_ID_LENGTH = 30;

	@Override
	public String normalize(String input) throws ValidationException {
		if (VALID_CHARACTERS.composes(input) && validLength(input)) {
			return input;
		}
		
		throw new ValidationException(input, "not a valid session ID");
	}

	private boolean validLength(String input) {
		return input.length() >= MIN_SESSION_ID_LENGTH && input.length() <= MAX_SESSION_ID_LENGTH;
	}

}