public class CsrfPreventionFilter extends CsrfPreventionFilterBase
HttpServletResponse.encodeRedirectURL(String)
and
HttpServletResponse.encodeURL(String)
are used to encode all URLs
returned to the client
Modifier and Type | Class and Description |
---|---|
protected static class |
CsrfPreventionFilter.CsrfResponseWrapper |
protected static class |
CsrfPreventionFilter.LruCache<T> |
sm
Constructor and Description |
---|
CsrfPreventionFilter() |
Modifier and Type | Method and Description |
---|---|
void |
doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain)
The
doFilter method of the Filter is called by the container
each time a request/response pair is passed through the chain due to a
client request for a resource at the end of the chain. |
void |
setEntryPoints(java.lang.String entryPoints)
Entry points are URLs that will not be tested for the presence of a valid
nonce.
|
void |
setNonceCacheSize(int nonceCacheSize)
Sets the number of previously issued nonces that will be cached on a LRU
basis to support parallel requests, limited use of the refresh and back
in the browser and similar behaviors that may result in the submission
of a previous nonce rather than the current one.
|
generateNonce, getDenyStatus, getLogger, getRequestedPath, init, isConfigProblemFatal, setDenyStatus, setRandomClass
destroy
public void setEntryPoints(java.lang.String entryPoints)
entryPoints
- Comma separated list of URLs to be configured as
entry points.public void setNonceCacheSize(int nonceCacheSize)
nonceCacheSize
- The number of nonces to cachepublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws java.io.IOException, ServletException
javax.servlet.Filter
doFilter
method of the Filter is called by the container
each time a request/response pair is passed through the chain due to a
client request for a resource at the end of the chain. The FilterChain
passed in to this method allows the Filter to pass on the request and
response to the next entity in the chain.
A typical implementation of this method would follow the following
pattern:-
1. Examine the request
2. Optionally wrap the request object with a custom implementation to
filter content or headers for input filtering
3. Optionally wrap the response object with a custom implementation to
filter content or headers for output filtering
4. a) Either invoke the next entity in the chain using
the FilterChain object (chain.doFilter()
),
4. b) or not pass on the request/response pair to the
next entity in the filter chain to block the request processing
5. Directly set headers on the response after invocation of the next
entity in the filter chain.
java.io.IOException
ServletException
Copyright © 2000-2015 Apache Software Foundation. All Rights Reserved.