Package org.apache.catalina.filters

Class CsrfPreventionFilterBase

    • Constructor Detail

      • CsrfPreventionFilterBase

        public CsrfPreventionFilterBase()

    • Method Detail

      • getDenyStatus

        public int getDenyStatus()
        Returns:
        response status code that is used to reject denied request.

      • setDenyStatus

        public void setDenyStatus​(int denyStatus)
        Set response status code that is used to reject denied request. If none set, the default value of 403 will be used.
        Parameters:
        denyStatus - HTTP status code

      • setRandomClass

        public void setRandomClass​(java.lang.String randomClass)
        Specify the class to use to generate the nonces. Must be in instance of Random.
        Parameters:
        randomClass - The name of the class to use

      • init

        public void init​(FilterConfig filterConfig)
          throws ServletException
        Description copied from class: FilterBase
        Iterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.
        Specified by:
        init in interface Filter
        Overrides:
        init in class FilterBase
        Parameters:
        filterConfig - The configuration information associated with the filter instance being initialised
        Throws:
        ServletException - if FilterBase.isConfigProblemFatal() returns true and a configured parameter does not have a matching setter

      • isConfigProblemFatal

        protected boolean isConfigProblemFatal()
        Description copied from class: FilterBase
        Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.
        Overrides:
        isConfigProblemFatal in class FilterBase
        Returns:
        true if a problem should trigger the failure of this filter, else false

      • generateNonce

        protected java.lang.String generateNonce​(HttpServletRequest request)
        Generate a once time token (nonce) for authenticating subsequent requests. The nonce generation is a simplified version of ManagerBase.generateSessionId().
        Parameters:
        request - The request. Unused in this method but present for the the benefit of sub-classes.
        Returns:
        the generated nonce

      • generateNonce

        @Deprecated
protected java.lang.String generateNonce()
        Deprecated.
        Use generateNonce(HttpServletRequest) instead. This method will be removed in Apache Tomcat 10.1.x onwards.
        Generate a once time token (nonce) for authenticating subsequent requests. The nonce generation is a simplified version of ManagerBase.generateSessionId().
        Returns:
        the generated nonce

      • getRequestedPath

        protected java.lang.String getRequestedPath​(HttpServletRequest request)