it's suitable to add servlet proxy that check parameters in get or post... with regular expression and return 400 if there's wrong value?
oracle can add this feature in the screen of parmeters definition