|
Apache Tomcat 7.0.37 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.catalina.filters.FilterBase org.apache.catalina.filters.CsrfPreventionFilter
public class CsrfPreventionFilter
Provides basic CSRF protection for a web application. The filter assumes that:
HttpServletResponse.encodeRedirectURL(String)
and
HttpServletResponse.encodeURL(String)
are used to encode all URLs
returned to the client
Nested Class Summary | |
---|---|
protected static class |
CsrfPreventionFilter.CsrfResponseWrapper
|
protected static class |
CsrfPreventionFilter.LruCache<T>
|
Field Summary |
---|
Fields inherited from class org.apache.catalina.filters.FilterBase |
---|
sm |
Constructor Summary | |
---|---|
CsrfPreventionFilter()
|
Method Summary | |
---|---|
void |
doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain)
The doFilter method of the Filter is called by the container
each time a request/response pair is passed through the chain due to a
client request for a resource at the end of the chain. |
protected String |
generateNonce()
Generate a once time token (nonce) for authenticating subsequent requests. |
int |
getDenyStatus()
Return response status code that is used to reject denied request. |
protected Log |
getLogger()
|
void |
init(FilterConfig filterConfig)
Called by the web container to indicate to a filter that it is being placed into service. |
protected boolean |
isConfigProblemFatal()
Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting. |
void |
setDenyStatus(int denyStatus)
Set response status code that is used to reject denied request. |
void |
setEntryPoints(String entryPoints)
Entry points are URLs that will not be tested for the presence of a valid nonce. |
void |
setNonceCacheSize(int nonceCacheSize)
Sets the number of previously issued nonces that will be cached on a LRU basis to support parallel requests, limited use of the refresh and back in the browser and similar behaviors that may result in the submission of a previous nonce rather than the current one. |
void |
setRandomClass(String randomClass)
Specify the class to use to generate the nonces. |
Methods inherited from class org.apache.catalina.filters.FilterBase |
---|
destroy |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public CsrfPreventionFilter()
Method Detail |
---|
protected Log getLogger()
getLogger
in class FilterBase
public int getDenyStatus()
public void setDenyStatus(int denyStatus)
denyStatus
- HTTP status codepublic void setEntryPoints(String entryPoints)
entryPoints
- Comma separated list of URLs to be configured as
entry points.public void setNonceCacheSize(int nonceCacheSize)
nonceCacheSize
- The number of nonces to cachepublic void setRandomClass(String randomClass)
Random
.
randomClass
- The name of the class to usepublic void init(FilterConfig filterConfig) throws ServletException
javax.servlet.Filter
init
in interface Filter
init
in class FilterBase
ServletException
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
javax.servlet.Filter
doFilter
method of the Filter is called by the container
each time a request/response pair is passed through the chain due to a
client request for a resource at the end of the chain. The FilterChain
passed in to this method allows the Filter to pass on the request and
response to the next entity in the chain.
A typical implementation of this method would follow the following
pattern:-
1. Examine the request
2. Optionally wrap the request object with a custom implementation to
filter content or headers for input filtering
3. Optionally wrap the response object with a custom implementation to
filter content or headers for output filtering
4. a) Either invoke the next entity in the chain using
the FilterChain object (chain.doFilter()
),
4. b) or not pass on the request/response pair to the
next entity in the filter chain to block the request processing
5. Directly set headers on the response after invocation of the next
entity in the filter chain.
IOException
ServletException
protected boolean isConfigProblemFatal()
FilterBase
isConfigProblemFatal
in class FilterBase
true
if a problem should trigger the failure of this
filter, else false
protected String generateNonce()
|
Apache Tomcat 7.0.37 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |