youssefguenoun/gist:4672835

## gistfile1.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:hdiv="http://www.hdiv.org/schema/hdiv"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
		http://www.hdiv.org/schema/hdiv http://www.hdiv.org/schema/hdiv/hdiv.xsd">

		<!--
			Placer le debugMode à true pour vos devs
			Rebasculer en mode false pour parametrer la securite (token ...)
		-->

	<hdiv:config
		errorPage="web/errors/500"
		excludedExtensions="css,png,js,jpg,gif"
		debugMode="false"
		avoidCookiesConfidentiality="false"
		avoidValidationInUrlsWithoutParams="false"
		confidentiality="true"
		strategy="memory"
		maxPagesPerSession="5"
		randomName="false"
		>

			<hdiv:startPages>/,/web,/web/login,/web/accueil,/web/pages/scenes/ouvrage/.*,/web/rest/ouvrage/*,/web/rest/ouvrage/.*,/j_spring_security_check</hdiv:startPages>

			<hdiv:paramsWithoutValidation>
    			<hdiv:mapping url="/web/rest/ville/search" parameters="startsWith,maxSize"/>
    			<hdiv:mapping url="/web/commande/editeur/search" parameters="startsWith,maxSize"/>
    			<hdiv:mapping url="/web/commande/panier/addOuvrage" parameters="idOuvrage,titreOuvrage"/>
    			<hdiv:mapping url="/web/commande/ouvrage/search" parameters="idEditeur"/>
			</hdiv:paramsWithoutValidation>

	</hdiv:config>

	<hdiv:validation id="safeText" componentType="text">
		<hdiv:acceptedPattern><![CDATA[^[a-zA-Z0-9ÀÂÇÈÉÊËÎÔÙÛàâçèéêëîôùû@.\-_ ]*$]]></hdiv:acceptedPattern>
		<hdiv:rejectedPattern><![CDATA[(\s|\S)*((%65)|e)(\s)*((%76)|v)(\s)*((%61)|a)(\s)*((%6C)|l)(\s|\S)*]]></hdiv:rejectedPattern>
	</hdiv:validation>
	<hdiv:validation id="unsafeText" componentType="text">
		<hdiv:acceptedPattern><![CDATA[^[a-zA-Z0-9ÀÂÇÈÉÊËÎÔÙÛàâçèéêëîôùû@.\-_ ]*$]]></hdiv:acceptedPattern>
		<hdiv:rejectedPattern><![CDATA[(\s|\S)*((%65)|e)(\s)*((%76)|v)(\s)*((%61)|a)(\s)*((%6C)|l)(\s|\S)*]]></hdiv:rejectedPattern>
	</hdiv:validation>
	<hdiv:validation id="area" componentType="textarea">
		<hdiv:acceptedPattern><![CDATA[^[a-zA-Z0-9ÀÂÇÈÉÊËÎÔÙÛàâçèéêëîôùû@.\-_ ]*$]]></hdiv:acceptedPattern>
		<hdiv:rejectedPattern><![CDATA[(\s|\S)*((%65)|e)(\s)*((%76)|v)(\s)*((%61)|a)(\s)*((%6C)|l)(\s|\S)*]]></hdiv:rejectedPattern>
	</hdiv:validation>

	<hdiv:editableValidations registerDefaults="true">
		<hdiv:validationRule url="/web/.*" enableDefaults="true">safeText</hdiv:validationRule>
	 	<hdiv:validationRule url="/web/editeur/.*"	enableDefaults="true">area,unsafeText</hdiv:validationRule>
	</hdiv:editableValidations>

	<bean id="outValidation" class="org.hdiv.validator.Validation">
		<property name="componentType">
	 	   <value>text</value>
		</property>
		<property name="acceptedPattern">
		   <value><![CDATA[^[a-zA-Z0-9@.\-_ ]*$]]></value>
		</property>
		<property name="rejectedPattern">
		   <value><![CDATA[(\s|\S)*((%3C)|<)((%2F)|/)*[a-z0-9%]+((%3E)|>)(\s|\S)*]]></value>
		</property>
   </bean>

	<bean id="urlValidation" class="org.hdiv.validator.Validation">
		<property name="componentType">
	 	   <value>text</value>
		</property>
		<property name="acceptedPattern">
		   <value><![CDATA[^[a-zA-Z0-9()-=*.?%;,+/:&_ ]*$]]></value>
		</property>
		<property name="rejectedPattern">
		   <value><![CDATA[(onmouseover|alert)]]></value>
		</property>
   </bean>

	<bean id="redirectValidation" class="org.hdiv.validator.Validation">
		<property name="componentType">
	 	   <value>text</value>
		</property>
		<property name="acceptedPattern">
		   <value><![CDATA[^[a-zA-Z0-9()-=*.?%;,+/:&_ ]*$]]></value>
	   </property>
		<property name="rejectedPattern">
		   <value><![CDATA[(onmouseover|alert)]]></value>
		</property>
   </bean>

	<!-- TODO - affiner l'expression par Hossein -->
	<bean id="jsonValidation" class="org.hdiv.validator.Validation">
		<property name="componentType">
	 	   <value>text</value>
		</property>
		<property name="acceptedPattern">
		   <value><![CDATA[^[a-zA-Z0-9ÀÂÇÈÉÊËÎÔÙÛàâçèéêëîôùû'@.\-_ ]*$]]></value>
		</property>
		<property name="rejectedPattern">
		   <value><![CDATA[(\s|\S)*((%65)|e)(\s)*((%76)|v)(\s)*((%61)|a)(\s)*((%6C)|l)(\s|\S)*]]></value>
		</property>
   </bean>
</beans>
	<?xml version="1.0" encoding="UTF-8"?>
	<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:hdiv="http://www.hdiv.org/schema/hdiv"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
	http://www.hdiv.org/schema/hdiv http://www.hdiv.org/schema/hdiv/hdiv.xsd">

	<!--
	Placer le debugMode à true pour vos devs
	Rebasculer en mode false pour parametrer la securite (token ...)
	-->

	<hdiv:config
	errorPage="web/errors/500"
	excludedExtensions="css,png,js,jpg,gif"
	debugMode="false"
	avoidCookiesConfidentiality="false"
	avoidValidationInUrlsWithoutParams="false"
	confidentiality="true"
	strategy="memory"
	maxPagesPerSession="5"
	randomName="false"
	>

	<hdiv:startPages>/,/web,/web/login,/web/accueil,/web/pages/scenes/ouvrage/.,/web/rest/ouvrage/,/web/rest/ouvrage/.*,/j_spring_security_check</hdiv:startPages>

	<hdiv:paramsWithoutValidation>
	<hdiv:mapping url="/web/rest/ville/search" parameters="startsWith,maxSize"/>
	<hdiv:mapping url="/web/commande/editeur/search" parameters="startsWith,maxSize"/>
	<hdiv:mapping url="/web/commande/panier/addOuvrage" parameters="idOuvrage,titreOuvrage"/>
	<hdiv:mapping url="/web/commande/ouvrage/search" parameters="idEditeur"/>
	</hdiv:paramsWithoutValidation>

	</hdiv:config>

	<hdiv:validation id="safeText" componentType="text">
	<hdiv:acceptedPattern><![CDATA[^[a-zA-Z0-9ÀÂÇÈÉÊËÎÔÙÛàâçèéêëîôùû@.\-_ ]*$]]></hdiv:acceptedPattern>
	<hdiv:rejectedPattern><![CDATA[(\s\|\S)((%65)\|e)(\s)((%76)\|v)(\s)((%61)\|a)(\s)((%6C)\|l)(\s\|\S)*]]></hdiv:rejectedPattern>
	</hdiv:validation>
	<hdiv:validation id="unsafeText" componentType="text">
	<hdiv:acceptedPattern><![CDATA[^[a-zA-Z0-9ÀÂÇÈÉÊËÎÔÙÛàâçèéêëîôùû@.\-_ ]*$]]></hdiv:acceptedPattern>
	<hdiv:rejectedPattern><![CDATA[(\s\|\S)((%65)\|e)(\s)((%76)\|v)(\s)((%61)\|a)(\s)((%6C)\|l)(\s\|\S)*]]></hdiv:rejectedPattern>
	</hdiv:validation>
	<hdiv:validation id="area" componentType="textarea">
	<hdiv:acceptedPattern><![CDATA[^[a-zA-Z0-9ÀÂÇÈÉÊËÎÔÙÛàâçèéêëîôùû@.\-_ ]*$]]></hdiv:acceptedPattern>
	<hdiv:rejectedPattern><![CDATA[(\s\|\S)((%65)\|e)(\s)((%76)\|v)(\s)((%61)\|a)(\s)((%6C)\|l)(\s\|\S)*]]></hdiv:rejectedPattern>
	</hdiv:validation>

	<hdiv:editableValidations registerDefaults="true">
	<hdiv:validationRule url="/web/.*" enableDefaults="true">safeText</hdiv:validationRule>
	<hdiv:validationRule url="/web/editeur/.*" enableDefaults="true">area,unsafeText</hdiv:validationRule>
	</hdiv:editableValidations>

	<bean id="outValidation" class="org.hdiv.validator.Validation">
	<property name="componentType">
	<value>text</value>
	</property>
	<property name="acceptedPattern">
	<value><![CDATA[^[a-zA-Z0-9@.\-_ ]*$]]></value>
	</property>
	<property name="rejectedPattern">
	<value><![CDATA[(\s\|\S)((%3C)\|<)((%2F)\|/)[a-z0-9%]+((%3E)\|>)(\s\|\S)*]]></value>
	</property>
	</bean>

	<bean id="urlValidation" class="org.hdiv.validator.Validation">
	<property name="componentType">
	<value>text</value>
	</property>
	<property name="acceptedPattern">
	<value><![CDATA[^[a-zA-Z0-9()-=.?%;,+/:&_ ]$]]></value>
	</property>
	<property name="rejectedPattern">
	<value><![CDATA[(onmouseover\|alert)]]></value>
	</property>
	</bean>

	<bean id="redirectValidation" class="org.hdiv.validator.Validation">
	<property name="componentType">
	<value>text</value>
	</property>
	<property name="acceptedPattern">
	<value><![CDATA[^[a-zA-Z0-9()-=.?%;,+/:&_ ]$]]></value>
	</property>
	<property name="rejectedPattern">
	<value><![CDATA[(onmouseover\|alert)]]></value>
	</property>
	</bean>

	<!-- TODO - affiner l'expression par Hossein -->
	<bean id="jsonValidation" class="org.hdiv.validator.Validation">
	<property name="componentType">
	<value>text</value>
	</property>
	<property name="acceptedPattern">
	<value><![CDATA[^[a-zA-Z0-9ÀÂÇÈÉÊËÎÔÙÛàâçèéêëîôùû'@.\-_ ]*$]]></value>
	</property>
	<property name="rejectedPattern">
	<value><![CDATA[(\s\|\S)((%65)\|e)(\s)((%76)\|v)(\s)((%61)\|a)(\s)((%6C)\|l)(\s\|\S)*]]></value>
	</property>
	</bean>
	</beans>