Package org.apache.jasper.security

Class SecurityUtil

java.lang.Object

org.apache.jasper.security.SecurityUtil

public final class SecurityUtil
extends Object

Util class for Security related operations.

Constructor Summary

Constructors

Constructor	Description
SecurityUtil()

Method Summary

Modifier and Type	Method	Description
static String	filter(String message)	Deprecated. This method will be removed in Tomcat 9
static boolean	isPackageProtectionEnabled()	Return the SecurityManager only if Security is enabled AND package protection mechanism is enabled.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SecurityUtil

public SecurityUtil()

Method Details

isPackageProtectionEnabled

public static boolean isPackageProtectionEnabled()

Return the SecurityManager only if Security is enabled AND package protection mechanism is enabled.

Returns:

true if package protection is enabled

filter

@Deprecated
public static String filter(String message)

Deprecated.

This method will be removed in Tomcat 9

Filter the specified message string for characters that are sensitive in HTML. This avoids potential attacks caused by including JavaScript codes in the request URL that is often reported in error messages.

Parameters:

message - The message string to be filtered

Returns:

the HTML filtered message