Dissecting Java Server Faces for Penetration Testing - SecNiche ...

Notice in the above example that the contains a required,requiredMessage and validatorMessage attribute. The required attribute indicatesthat this value must be input by the end user and an error message isdisplayed if it is not provided.4.6.3 Custom ValidationsAll of the above approaches work well when the values are not tied closely tobusiness logic, or if these validators and tag libraries are suitable to performthe validation we need. Sometimes there is a need to build custom validationcomponents for data types that arent supported by standard JSF validators[19].In this scenario, the validator attribute of the tag referencesa validator method that is defined within the bean class [20] as presented inlisting 9.Bid Amount : Bid Amount : $Listing 9: Example : Bid Bean ClassIn the BidBean2 class, we would define our custom validation method aspresented in listing 10, validateBidAmount():p u b l i c void validateBidAmount ( FacesContext context , UIComponentcomponentToValidate ,UIComponent componentToValidate , Object value ) throwsV a l i d a t o r E x c e p t i o n {double bidAmount = ( ( Double ) value ) . doubleValue ( ) ;double p r e v i o u s H i g h e s t B i d = c u r r e n t H i g h e s t B i d ( ) ;i f ( bidAmount