Package org.apache.jasper.security

Class SecurityUtil

  • public final class SecurityUtil
extends java.lang.Object
    Util class for Security related operations.

    • Constructor Summary

      Constructors 
      Constructor Description
      SecurityUtil()  

    • Method Summary

      All Methods Static Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      static java.lang.String filter​(java.lang.String message)
      Deprecated.
      This method will be removed in Tomcat 9
      static boolean isPackageProtectionEnabled()
      Return the SecurityManager only if Security is enabled AND package protection mechanism is enabled.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • SecurityUtil

        public SecurityUtil()

    • Method Detail

      • isPackageProtectionEnabled

        public static boolean isPackageProtectionEnabled()
        Return the SecurityManager only if Security is enabled AND package protection mechanism is enabled.
        Returns:
        true if package protection is enabled

      • filter

        @Deprecated
public static java.lang.String filter​(java.lang.String message)
        Deprecated.
        This method will be removed in Tomcat 9
        Filter the specified message string for characters that are sensitive in HTML. This avoids potential attacks caused by including JavaScript codes in the request URL that is often reported in error messages.
        Parameters:
        message - The message string to be filtered
        Returns:
        the HTML filtered message