Package org.apache.catalina.filters
Class HttpHeaderSecurityFilter
java.lang.Object
org.apache.catalina.filters.FilterBase
org.apache.catalina.filters.HttpHeaderSecurityFilter
- All Implemented Interfaces:
Filter
Provides a single configuration point for security measures that required the addition of one or more HTTP headers to
the response.
-
Field Summary
Fields inherited from class org.apache.catalina.filters.FilterBase
sm
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
doFilter
(ServletRequest request, ServletResponse response, FilterChain chain) ThedoFilter
method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain.int
protected Log
void
init
(FilterConfig filterConfig) Iterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.boolean
boolean
protected boolean
Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.boolean
boolean
boolean
boolean
Deprecated.void
setAntiClickJackingEnabled
(boolean antiClickJackingEnabled) void
setAntiClickJackingOption
(String antiClickJackingOption) void
setAntiClickJackingUri
(String antiClickJackingUri) void
setBlockContentTypeSniffingEnabled
(boolean blockContentTypeSniffingEnabled) void
setHstsEnabled
(boolean hstsEnabled) void
setHstsIncludeSubDomains
(boolean hstsIncludeSubDomains) void
setHstsMaxAgeSeconds
(int hstsMaxAgeSeconds) void
setHstsPreload
(boolean hstsPreload) void
setXssProtectionEnabled
(boolean xssProtectionEnabled) Deprecated.
-
Constructor Details
-
HttpHeaderSecurityFilter
public HttpHeaderSecurityFilter()
-
-
Method Details
-
init
Description copied from class:FilterBase
Iterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.- Specified by:
init
in interfaceFilter
- Overrides:
init
in classFilterBase
- Parameters:
filterConfig
- The configuration information associated with the filter instance being initialised- Throws:
ServletException
- ifFilterBase.isConfigProblemFatal()
returnstrue
and a configured parameter does not have a matching setter
-
doFilter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException Description copied from interface:jakarta.servlet.Filter
ThedoFilter
method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.A typical implementation of this method would follow the following pattern:-
1. Examine the request
2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
4. a) Either invoke the next entity in the chain using the FilterChain object (chain.doFilter()
),
4. b) or not pass on the request/response pair to the next entity in the filter chain to block the request processing
5. Directly set headers on the response after invocation of the next entity in the filter chain.- Parameters:
request
- The request to processresponse
- The response associated with the requestchain
- Provides access to the next filter in the chain for this filter to pass the request and response to for further processing- Throws:
IOException
- if an I/O error occurs during this filter's processing of the requestServletException
- if the processing fails for any other reason
-
getLogger
- Specified by:
getLogger
in classFilterBase
-
isConfigProblemFatal
protected boolean isConfigProblemFatal()Description copied from class:FilterBase
Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.- Overrides:
isConfigProblemFatal
in classFilterBase
- Returns:
true
if a problem should trigger the failure of this filter, elsefalse
-
isHstsEnabled
public boolean isHstsEnabled() -
setHstsEnabled
public void setHstsEnabled(boolean hstsEnabled) -
getHstsMaxAgeSeconds
public int getHstsMaxAgeSeconds() -
setHstsMaxAgeSeconds
public void setHstsMaxAgeSeconds(int hstsMaxAgeSeconds) -
isHstsIncludeSubDomains
public boolean isHstsIncludeSubDomains() -
setHstsIncludeSubDomains
public void setHstsIncludeSubDomains(boolean hstsIncludeSubDomains) -
isHstsPreload
public boolean isHstsPreload() -
setHstsPreload
public void setHstsPreload(boolean hstsPreload) -
isAntiClickJackingEnabled
public boolean isAntiClickJackingEnabled() -
setAntiClickJackingEnabled
public void setAntiClickJackingEnabled(boolean antiClickJackingEnabled) -
getAntiClickJackingOption
-
setAntiClickJackingOption
-
getAntiClickJackingUri
-
isBlockContentTypeSniffingEnabled
public boolean isBlockContentTypeSniffingEnabled() -
setBlockContentTypeSniffingEnabled
public void setBlockContentTypeSniffingEnabled(boolean blockContentTypeSniffingEnabled) -
setAntiClickJackingUri
-
isXssProtectionEnabled
Deprecated. -
setXssProtectionEnabled
Deprecated.
-