Class CsrfPreventionFilterBase

    • Field Summary

      • Fields inherited from class org.apache.catalina.filters.FilterBase

        sm
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected java.lang.String generateNonce()
      Generate a once time token (nonce) for authenticating subsequent requests.
      int getDenyStatus()  
      protected Log getLogger()  
      protected java.lang.String getRequestedPath​(HttpServletRequest request)  
      void init​(FilterConfig filterConfig)
      Iterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.
      protected boolean isConfigProblemFatal()
      Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.
      void setDenyStatus​(int denyStatus)
      Set response status code that is used to reject denied request.
      void setRandomClass​(java.lang.String randomClass)
      Specify the class to use to generate the nonces.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • CsrfPreventionFilterBase

        public CsrfPreventionFilterBase()
    • Method Detail

      • getDenyStatus

        public int getDenyStatus()
        Returns:
        response status code that is used to reject denied request.
      • setDenyStatus

        public void setDenyStatus​(int denyStatus)
        Set response status code that is used to reject denied request. If none set, the default value of 403 will be used.
        Parameters:
        denyStatus - HTTP status code
      • setRandomClass

        public void setRandomClass​(java.lang.String randomClass)
        Specify the class to use to generate the nonces. Must be in instance of Random.
        Parameters:
        randomClass - The name of the class to use
      • init

        public void init​(FilterConfig filterConfig)
                  throws ServletException
        Description copied from class: FilterBase
        Iterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.
        Specified by:
        init in interface Filter
        Overrides:
        init in class FilterBase
        Parameters:
        filterConfig - The configuration information associated with the filter instance being initialised
        Throws:
        ServletException - if FilterBase.isConfigProblemFatal() returns true and a configured parameter does not have a matching setter
      • isConfigProblemFatal

        protected boolean isConfigProblemFatal()
        Description copied from class: FilterBase
        Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.
        Overrides:
        isConfigProblemFatal in class FilterBase
        Returns:
        true if a problem should trigger the failure of this filter, else false
      • generateNonce

        protected java.lang.String generateNonce()
        Generate a once time token (nonce) for authenticating subsequent requests. The nonce generation is a simplified version of ManagerBase.generateSessionId().
        Returns:
        the generated nonce
      • getRequestedPath

        protected java.lang.String getRequestedPath​(HttpServletRequest request)