Class CsrfPreventionFilterBase

java.lang.Object
org.apache.catalina.filters.FilterBase
org.apache.catalina.filters.CsrfPreventionFilterBase
All Implemented Interfaces:
Filter
Direct Known Subclasses:
CsrfPreventionFilter, RestCsrfPreventionFilter

public abstract class CsrfPreventionFilterBase extends FilterBase
  • Constructor Details

    • CsrfPreventionFilterBase

      public CsrfPreventionFilterBase()
  • Method Details

    • getLogger

      protected Log getLogger()
      Specified by:
      getLogger in class FilterBase
    • getDenyStatus

      public int getDenyStatus()
      Returns:
      response status code that is used to reject denied request.
    • setDenyStatus

      public void setDenyStatus(int denyStatus)
      Set response status code that is used to reject denied request. If none set, the default value of 403 will be used.
      Parameters:
      denyStatus - HTTP status code
    • setRandomClass

      public void setRandomClass(String randomClass)
      Specify the class to use to generate the nonces. Must be in instance of Random.
      Parameters:
      randomClass - The name of the class to use
    • init

      public void init(FilterConfig filterConfig) throws ServletException
      Description copied from class: FilterBase
      Iterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.
      Specified by:
      init in interface Filter
      Overrides:
      init in class FilterBase
      Parameters:
      filterConfig - The configuration information associated with the filter instance being initialised
      Throws:
      ServletException - if FilterBase.isConfigProblemFatal() returns true and a configured parameter does not have a matching setter
    • isConfigProblemFatal

      protected boolean isConfigProblemFatal()
      Description copied from class: FilterBase
      Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.
      Overrides:
      isConfigProblemFatal in class FilterBase
      Returns:
      true if a problem should trigger the failure of this filter, else false
    • generateNonce

      protected String generateNonce(HttpServletRequest request)
      Generate a once time token (nonce) for authenticating subsequent requests. The nonce generation is a simplified version of ManagerBase.generateSessionId().
      Parameters:
      request - The request. Unused in this method but present for the the benefit of sub-classes.
      Returns:
      the generated nonce
    • getRequestedPath

      protected String getRequestedPath(HttpServletRequest request)