値の書き換えを防ぐValidator
hiddenタグの値を、JavaScriptとかリクエスト改ざんで
書き換えられた場合に、エラーを出力するバリデータ。
確認画面のhiddenタグには、必ず埋め込まなきゃいかんでしょう。
package examples.jsf.validator; import javax.faces.component.StateHolder; import javax.faces.component.UIComponent; import javax.faces.component.UIInput; import javax.faces.context.FacesContext; import javax.faces.validator.Validator; import javax.faces.validator.ValidatorException; import org.seasar.jsf.util.MessageUtil; import org.seasar.jsf.util.UIComponentUtil; public class UnalteredValidator implements Validator, StateHolder { public static final String MESSAGE_ID = "examples.jsf.validator.UnalteredValidator.ALTERED"; private boolean bTransient = false; public void validate(FacesContext context, UIComponent component, Object value) throws ValidatorException { if (value == null) { return; } UIInput input = (UIInput) component; Object oldValue = input.getValue(); if (value.equals(oldValue) == false) { Object[] args = { UIComponentUtil.getLabel(component) }; throw new ValidatorException(MessageUtil.getErrorMessage( MESSAGE_ID, args)); } } public boolean isTransient() { return bTransient; } public void setTransient(boolean transientValue) { this.bTransient = transientValue; } public Object saveState(FacesContext context) { return new Object[0]; } public void restoreState(FacesContext context, Object state) { } }