HttpHeaderSecurityFilter (Apache Tomcat 8.0.53 API Documentation)

java.lang.Object
- org.apache.catalina.filters.FilterBase
- - org.apache.catalina.filters.HttpHeaderSecurityFilter

All Implemented Interfaces:

Filter
```
public class HttpHeaderSecurityFilter
extends FilterBase
```
Provides a single configuration point for security measures that required the addition of one or more HTTP headers to the response.

Field Summary
- Fields inherited from class org.apache.catalina.filters.FilterBase
  sm

Constructor Summary

Constructors
Constructor and Description

HttpHeaderSecurityFilter()

Constructors
Constructor and Description
`HttpHeaderSecurityFilter()`

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`doFilter(ServletRequest request, ServletResponse response, FilterChain chain)` The `doFilter` method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain.
`java.lang.String`	`getAntiClickJackingOption()`
`java.lang.String`	`getAntiClickJackingUri()`
`int`	`getHstsMaxAgeSeconds()`
`protected Log`	`getLogger()`
`void`	`init(FilterConfig filterConfig)` Iterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.
`boolean`	`isAntiClickJackingEnabled()`
`boolean`	`isBlockContentTypeSniffingEnabled()`
`protected boolean`	`isConfigProblemFatal()` Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.
`boolean`	`isHstsEnabled()`
`boolean`	`isHstsIncludeSubDomains()`
`boolean`	`isHstsPreload()`
`boolean`	`isXssProtectionEnabled()`
`void`	`setAntiClickJackingEnabled(boolean antiClickJackingEnabled)`
`void`	`setAntiClickJackingOption(java.lang.String antiClickJackingOption)`
`void`	`setAntiClickJackingUri(java.lang.String antiClickJackingUri)`
`void`	`setBlockContentTypeSniffingEnabled(boolean blockContentTypeSniffingEnabled)`
`void`	`setHstsEnabled(boolean hstsEnabled)`
`void`	`setHstsIncludeSubDomains(boolean hstsIncludeSubDomains)`
`void`	`setHstsMaxAgeSeconds(int hstsMaxAgeSeconds)`
`void`	`setHstsPreload(boolean hstsPreload)`
`void`	`setXssProtectionEnabled(boolean xssProtectionEnabled)`

Methods inherited from class org.apache.catalina.filters.FilterBase
destroy

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - HttpHeaderSecurityFilter
```
public HttpHeaderSecurityFilter()
```
- Method Detail
  - init
```
public void init(FilterConfig filterConfig)
          throws ServletException
```
    Description copied from class: FilterBase
    
    Iterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.
    
    Specified by:
    
    init in interface Filter
    
    Overrides:
    
    init in class FilterBase
    
    Parameters:
    filterConfig - The configuration information associated with the filter instance being initialised
    
    Throws:
    
    ServletException - if FilterBase.isConfigProblemFatal() returns true and a configured parameter does not have a matching setter
  - doFilter
```
public void doFilter(ServletRequest request,
            ServletResponse response,
            FilterChain chain)
              throws java.io.IOException,
                     ServletException
```
    Description copied from interface: javax.servlet.Filter
    
    The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.
    A typical implementation of this method would follow the following pattern:-
    1. Examine the request
    2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
    3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
    4. a) Either invoke the next entity in the chain using the FilterChain object (chain.doFilter()),
    4. b) or not pass on the request/response pair to the next entity in the filter chain to block the request processing
    5. Directly set headers on the response after invocation of the next entity in the filter chain.
    
    Parameters:
    request - The request to process
    response - The response associated with the request
    chain - Provides access to the next filter in the chain for this filter to pass the request and response to for further processing
    
    Throws:
    
    java.io.IOException - if an I/O error occurs during this filter's processing of the request
    
    ServletException - if the processing fails for any other reason
  - getLogger
```
protected Log getLogger()
```
    Specified by:
    
    getLogger in class FilterBase
  - isConfigProblemFatal
```
protected boolean isConfigProblemFatal()
```
    Description copied from class: FilterBase
    
    Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.
    
    Overrides:
    
    isConfigProblemFatal in class FilterBase
    
    Returns:
    true if a problem should trigger the failure of this filter, else false
  - isHstsEnabled
```
public boolean isHstsEnabled()
```
  - setHstsEnabled
```
public void setHstsEnabled(boolean hstsEnabled)
```
  - getHstsMaxAgeSeconds
```
public int getHstsMaxAgeSeconds()
```
  - setHstsMaxAgeSeconds
```
public void setHstsMaxAgeSeconds(int hstsMaxAgeSeconds)
```
  - isHstsIncludeSubDomains
```
public boolean isHstsIncludeSubDomains()
```
  - setHstsIncludeSubDomains
```
public void setHstsIncludeSubDomains(boolean hstsIncludeSubDomains)
```
  - isHstsPreload
```
public boolean isHstsPreload()
```
  - setHstsPreload
```
public void setHstsPreload(boolean hstsPreload)
```
  - isAntiClickJackingEnabled
```
public boolean isAntiClickJackingEnabled()
```
  - setAntiClickJackingEnabled
```
public void setAntiClickJackingEnabled(boolean antiClickJackingEnabled)
```
  - getAntiClickJackingOption
```
public java.lang.String getAntiClickJackingOption()
```
  - setAntiClickJackingOption
```
public void setAntiClickJackingOption(java.lang.String antiClickJackingOption)
```
  - getAntiClickJackingUri
```
public java.lang.String getAntiClickJackingUri()
```
  - isBlockContentTypeSniffingEnabled
```
public boolean isBlockContentTypeSniffingEnabled()
```
  - setBlockContentTypeSniffingEnabled
```
public void setBlockContentTypeSniffingEnabled(boolean blockContentTypeSniffingEnabled)
```
  - setAntiClickJackingUri
```
public void setAntiClickJackingUri(java.lang.String antiClickJackingUri)
```
  - isXssProtectionEnabled
```
public boolean isXssProtectionEnabled()
```
  - setXssProtectionEnabled
```
public void setXssProtectionEnabled(boolean xssProtectionEnabled)
```

Class HttpHeaderSecurityFilter

Field Summary

Fields inherited from class org.apache.catalina.filters.FilterBase

Constructor Summary

Method Summary

Methods inherited from class org.apache.catalina.filters.FilterBase

Methods inherited from class java.lang.Object

Constructor Detail

HttpHeaderSecurityFilter

Method Detail

init

doFilter

getLogger

isConfigProblemFatal

isHstsEnabled

setHstsEnabled

getHstsMaxAgeSeconds

setHstsMaxAgeSeconds

isHstsIncludeSubDomains

setHstsIncludeSubDomains

isHstsPreload

setHstsPreload

isAntiClickJackingEnabled

setAntiClickJackingEnabled

getAntiClickJackingOption

setAntiClickJackingOption

getAntiClickJackingUri

isBlockContentTypeSniffingEnabled

setBlockContentTypeSniffingEnabled

setAntiClickJackingUri

isXssProtectionEnabled

setXssProtectionEnabled