Class CsrfPreventionFilterBase

java.lang.Object
org.apache.catalina.filters.FilterBase
org.apache.catalina.filters.CsrfPreventionFilterBase
All Implemented Interfaces:
Filter
Direct Known Subclasses:
CsrfPreventionFilter, RestCsrfPreventionFilter
public abstract class CsrfPreventionFilterBase extends FilterBase
Base class for CSRF prevention filters.

  • Constructor Details

    • CsrfPreventionFilterBase

      public CsrfPreventionFilterBase()
      Default constructor.

  • Method Details

    • getLogger

      protected Log getLogger()
      Description copied from class: FilterBase
      Returns the logger for this filter.
      Specified by:
      getLogger in class FilterBase
      Returns:
      the logger

    • getDenyStatus

      public int getDenyStatus()
      Get the HTTP status code used to reject denied requests.
      Returns:
      The response status code that is used to reject denied requests

    • setDenyStatus

      public void setDenyStatus(int denyStatus)
      Set response status code that is used to reject denied request. If none set, the default value of 403 will be used.
      Parameters:
      denyStatus - HTTP status code

    • setRandomClass

      public void setRandomClass(String randomClass)
      Specify the class to use to generate the nonces. Must be in instance of Random.
      Parameters:
      randomClass - The name of the class to use

    • init

      public void init(FilterConfig filterConfig) throws ServletException
      Description copied from class: FilterBase
      Iterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.
      Specified by:
      init in interface Filter
      Overrides:
      init in class FilterBase
      Parameters:
      filterConfig - The configuration information associated with the filter instance being initialised
      Throws:
      ServletException - if FilterBase.isConfigProblemFatal() returns true and a configured parameter does not have a matching setter

    • isConfigProblemFatal

      protected boolean isConfigProblemFatal()
      Description copied from class: FilterBase
      Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of this filter which in turn will prevent the web application from starting.
      Overrides:
      isConfigProblemFatal in class FilterBase
      Returns:
      true if a problem should trigger the failure of this filter, else false

    • generateNonce

      protected String generateNonce(HttpServletRequest request)
      Generate a once time token (nonce) for authenticating subsequent requests. The nonce generation is a simplified version of ManagerBase.generateSessionId().
      Parameters:
      request - The request. Unused in this method but present for the benefit of subclasses.
      Returns:
      the generated nonce

    • getRequestedPath

      protected String getRequestedPath(HttpServletRequest request)
      Get the requested path from the given request.
      Parameters:
      request - The HTTP servlet request
      Returns:
      The requested path