Constructor Detail

• CsrfPreventionFilterBase

  public CsrfPreventionFilterBase()

Method Detail

• getLogger

  protected Log getLogger()

  Specified by:

  getLogger in class FilterBase

• getDenyStatus

  public int getDenyStatus()

  Return response status code that is used to reject denied request.

• setDenyStatus

  public void setDenyStatus(int denyStatus)

  Set response status code that is used to reject denied request. If none set, the default value of 403 will be used.

  Parameters:

  denyStatus - HTTP status code

• setRandomClass

  public void setRandomClass(java.lang.String randomClass)

  Specify the class to use to generate the nonces. Must be in instance of Random.

  Parameters:

  randomClass - The name of the class to use

• init

  public void init(FilterConfig filterConfig)
            throws ServletException

  Description copied from interface: javax.servlet.Filter
  Called by the web container to indicate to a filter that it is being placed into service. The servlet container calls the init method exactly once after instantiating the filter. The init method must complete successfully before the filter is asked to do any filtering work.
  
  The web container cannot place the filter into service if the init method either
  1.Throws a ServletException
  2.Does not return within a time period defined by the web container

  Specified by:

  init in interface Filter

  Overrides:

  init in class FilterBase

  Throws:

  ServletException

• isConfigProblemFatal

  protected boolean isConfigProblemFatal()

  Description copied from class: FilterBase
  Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.

  Overrides:

  isConfigProblemFatal in class FilterBase

  Returns:

  true if a problem should trigger the failure of this filter, else false

• generateNonce

  protected java.lang.String generateNonce()

  Generate a once time token (nonce) for authenticating subsequent requests. The nonce generation is a simplified version of ManagerBase.generateSessionId().

• getRequestedPath

  protected java.lang.String getRequestedPath(HttpServletRequest request)