Class CsrfPreventionFilterBase

    • Constructor Detail

      • CsrfPreventionFilterBase

        public CsrfPreventionFilterBase()
    • Method Detail

      • getDenyStatus

        public int getDenyStatus()
        Returns:
        response status code that is used to reject denied request.
      • setDenyStatus

        public void setDenyStatus​(int denyStatus)
        Set response status code that is used to reject denied request. If none set, the default value of 403 will be used.
        Parameters:
        denyStatus - HTTP status code
      • setRandomClass

        public void setRandomClass​(String randomClass)
        Specify the class to use to generate the nonces. Must be in instance of Random.
        Parameters:
        randomClass - The name of the class to use
      • init

        public void init​(FilterConfig filterConfig)
                  throws ServletException
        Description copied from class: FilterBase
        Iterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.
        Specified by:
        init in interface Filter
        Overrides:
        init in class FilterBase
        Parameters:
        filterConfig - The configuration information associated with the filter instance being initialised
        Throws:
        ServletException - if FilterBase.isConfigProblemFatal() returns true and a configured parameter does not have a matching setter
      • isConfigProblemFatal

        protected boolean isConfigProblemFatal()
        Description copied from class: FilterBase
        Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.
        Overrides:
        isConfigProblemFatal in class FilterBase
        Returns:
        true if a problem should trigger the failure of this filter, else false
      • generateNonce

        protected String generateNonce​(HttpServletRequest request)
        Generate a once time token (nonce) for authenticating subsequent requests. The nonce generation is a simplified version of ManagerBase.generateSessionId().
        Parameters:
        request - The request. Unused in this method but present for the the benefit of sub-classes.
        Returns:
        the generated nonce
      • generateNonce

        @Deprecated
        protected String generateNonce()
        Deprecated.
        Use generateNonce(HttpServletRequest) instead. This method will be removed in Apache Tomcat 10.1.x onwards.
        Generate a once time token (nonce) for authenticating subsequent requests. The nonce generation is a simplified version of ManagerBase.generateSessionId().
        Returns:
        the generated nonce