In this paper, we investigate the use of Javaannotations for software security purposes. In particular, weimplement a framework for content validation where thevalidation tests are specified by annotations. This approachallows to tag what properties to validate directly in theapplication code and eliminates the need for external XMLconfiguration files. Furthermore, the testing code is still keptseparate from the application code, hence facilitating thecreation and reuse of custom tests. The main novelty of thisframework consists in the possibility of defining tests forthe validation of multiple and interdependent properties. Theflexibility and reusability of tests are also improved by allowingcomposition and boolean expressions. The main result of thepaper is a flexible framework for content-validation based onJava annotations.
展开▼
