Defining validation rules in XML files

Validation rules that are not related to datatypes or parameter value validation cannot be defined in the datatypes.xml file.

But you can define such rules by creating a new Rule XML files. The rules XML files can be registered with the application by adding a context parameter for each rule XML file in the web.xml file.

To define a rule for input validation, create an XML file in the following format:

<ValidationRules>
   <Rule id="" ruleType="Regex" inputType="" inputName="" uri="" maxLength=""
          minLength="" allowNull="" >
      <Whitelist>
         <RegularExpression ref="" />
      </Whitelist>
      <Blacklist>
         <RegularExpression ref="" />
      </Blacklist>
   </Rule>
   <Rule id="" ruleType="Java" inputType="" inputName="" uri="" impl="" />
   <Rule id="abstract1" ruleType="Java" abstract="true" impl="" />
   <Rule id="" extends="abstract1" inputType="" inputName="" uri="" />
   <Rule id="abstract2" ruleType="Regex" abstract="true" maxLength=""
         minLength=""  allowNull="" >
      <Whitelist>
         <RegularExpression ref="" />
      </Whitelist>
      <Blacklist>
         <RegularExpression ref="" />
      </Blacklist>
   </Rule>
   <Rule id="" extends="abstract2" inputType="" inputName="" uri="" maxLength=""
         minLength="" allowNull="" /> 
</ValidationRules>

The following table describes various elements and attributes of the rules XML file.

Note: Any empty attribute will be considered as not provided. For example, an element defined as <Rule id="dates" ruleType="Regex" inputType="" inputName="" uri="" maxLength="" minLength="" allowNull="" > is equivalent to <Rule id="dates" ruleType="Regex" inputName="">. An exception to this behavior is attribute inputName. The inputName attribute can contain empty string and it is a valid value for inputName attribute.

Element/Attribute

Description

ValidationRules

Required. The rules XML file must have ValidationRules as root element.

Rule

Optional. Each rule (either java rule or regular expression rule) must be defined as one Rule element. It can have zero or more occurrences.

id

Optional. Unique identifier for the rule.

Note: This attribute is required, if you are extending an existing rule. If not provided, the existing rule cannot be extended. If a duplicate id found, and it does not result into extension, an exception is thrown.

abstract

Optional. Set the value of this attribute to true, if the rule is an abstract rule. An abstract rule can be extended by another rule.

extends

Optional. Identifier of the abstract rule being extended.

ruleType

Required. Type of rule.

Valid Values: Java™, Regex.

Note: If the rule is extending an abstract rule, this attribute should not be present.

inputType

Required. Type of the input.

Valid Values: HTTPParameterValue, HTTPParameterName, HTTPCookieValue, HTTPCookieName, HTTPHeaderValue, HTTPHeaderName, HTTPScheme, HTTPServerName, HTTPContextPath, HTTPPath, HTTPQueryString, HTTPURI, HTTPURL, HTTPJSESSIONID, HTTPServletPath, JavascriptClient.

Note: The JavascriptClient input type is used to fetch validation rules on the client for inputs, which do not have any datatype associated with them.
Note: For input type JavascriptClient, only global or default rules can be defined. Therefore, valid values for attribute inputName are _global_ or _default_. Value of attribute uri is ignored. The impl attribute should contain the name of the javascript method. The regular expression defined by attribute ref should have a javascript regular expression.
Note: For abstract rules, this attribute should not be present.

inputName

Required. Name of the input.

Note: For abstract rules, this attribute should not be present.

uri

Optional. URI for which the rule should be valid.

Note: For abstract rules, this attribute should not be present.

Child Elements and Attributes for rule type Java

impl

Required. Fully qualified name of the rule implementation class. This class must extend the ISCValidaitonRule class.

Note: If the rule is extending an abstract rule, this attribute should not be present.

Child Elements and Attributes for rule type Regex

maxLength

Optional. Allowed maximum length.

Valid Values: number, string.

Note: If the rule is extending an abstract rule, this value will override the maxLength defined for an abstract rule.

minLength

Optional. Allowed minimum length. Valid Values: number, string.

Note: If the rule is extending an abstract rule, this value will override the minLength defined for an abstract rule.

allowNull

Optional. Set the value of this attribute to false, if you want to mandate the value for the input.

Valid Values: true, false.

Note: If the rule is extending an abstract rule, this value will override the allowNull defined for an abstract rule.

Whitelist

Optional. Container element for white list patterns. It can have zero or one occurrence.

Note: If the rule is extending an abstract rule, this attribute should not be present.

Blacklist

Optional. Container element for black list patterns. It can have zero or one occurrence.

Note: If the rule is extending an abstract rule, this attribute should not be present.

RegularExpression

Optional. This element can have zero or many occurrences.

ref

Required. Reference of the regular expression definition.