Package org.apache.catalina.filters

Class HttpHeaderSecurityFilter

java.lang.Object
org.apache.catalina.filters.FilterBase
org.apache.catalina.filters.HttpHeaderSecurityFilter
All Implemented Interfaces:
Filter
public class HttpHeaderSecurityFilter extends FilterBase
Provides a single configuration point for security measures that required the addition of one or more HTTP headers to the response.

  • Constructor Details

    • HttpHeaderSecurityFilter

      public HttpHeaderSecurityFilter()

  • Method Details

    • init

      public void init(FilterConfig filterConfig) throws ServletException
      Description copied from class: FilterBase
      Iterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.
      Specified by:
      init in interface Filter
      Overrides:
      init in class FilterBase
      Parameters:
      filterConfig - The configuration information associated with the filter instance being initialised
      Throws:
      ServletException - if FilterBase.isConfigProblemFatal() returns true and a configured parameter does not have a matching setter

    • doFilter

      public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
      Description copied from interface: jakarta.servlet.Filter
      The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.

      A typical implementation of this method would follow the following pattern:-
      1. Examine the request
      2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
      3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
      4. a) Either invoke the next entity in the chain using the FilterChain object (chain.doFilter()),
      4. b) or not pass on the request/response pair to the next entity in the filter chain to block the request processing
      5. Directly set headers on the response after invocation of the next entity in the filter chain.

      Parameters:
      request - The request to process
      response - The response associated with the request
      chain - Provides access to the next filter in the chain for this filter to pass the request and response to for further processing
      Throws:
      IOException - if an I/O error occurs during this filter's processing of the request
      ServletException - if the processing fails for any other reason

    • getLogger

      protected Log getLogger()
      Specified by:
      getLogger in class FilterBase

    • isConfigProblemFatal

      protected boolean isConfigProblemFatal()
      Description copied from class: FilterBase
      Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.
      Overrides:
      isConfigProblemFatal in class FilterBase
      Returns:
      true if a problem should trigger the failure of this filter, else false

    • isHstsEnabled

      public boolean isHstsEnabled()

    • setHstsEnabled

      public void setHstsEnabled(boolean hstsEnabled)

    • getHstsMaxAgeSeconds

      public int getHstsMaxAgeSeconds()

    • setHstsMaxAgeSeconds

      public void setHstsMaxAgeSeconds(int hstsMaxAgeSeconds)

    • isHstsIncludeSubDomains

      public boolean isHstsIncludeSubDomains()

    • setHstsIncludeSubDomains

      public void setHstsIncludeSubDomains(boolean hstsIncludeSubDomains)

    • isHstsPreload

      public boolean isHstsPreload()

    • setHstsPreload

      public void setHstsPreload(boolean hstsPreload)

    • isAntiClickJackingEnabled

      public boolean isAntiClickJackingEnabled()

    • setAntiClickJackingEnabled

      public void setAntiClickJackingEnabled(boolean antiClickJackingEnabled)

    • getAntiClickJackingOption

      public String getAntiClickJackingOption()

    • setAntiClickJackingOption

      public void setAntiClickJackingOption(String antiClickJackingOption)

    • getAntiClickJackingUri

      public String getAntiClickJackingUri()

    • isBlockContentTypeSniffingEnabled

      public boolean isBlockContentTypeSniffingEnabled()

    • setBlockContentTypeSniffingEnabled

      public void setBlockContentTypeSniffingEnabled(boolean blockContentTypeSniffingEnabled)

    • setAntiClickJackingUri

      public void setAntiClickJackingUri(String antiClickJackingUri)

    • isXssProtectionEnabled

      @Deprecated public boolean isXssProtectionEnabled()
      Deprecated.

    • setXssProtectionEnabled

      @Deprecated public void setXssProtectionEnabled(boolean xssProtectionEnabled)
      Deprecated.