@InterfaceAudience.Public @InterfaceStability.Evolving public class RestCsrfPreventionFilter extends Object implements javax.servlet.Filter
| Modifier and Type | Class and Description |
|---|---|
static interface |
RestCsrfPreventionFilter.HttpInteraction
Defines the minimal API requirements for the filter to execute its
filtering logic.
|
| Modifier and Type | Field and Description |
|---|---|
static String |
BROWSER_USER_AGENT_PARAM |
static String |
CUSTOM_HEADER_PARAM |
static String |
CUSTOM_METHODS_TO_IGNORE_PARAM |
static String |
HEADER_DEFAULT |
static String |
HEADER_USER_AGENT |
| Constructor and Description |
|---|
RestCsrfPreventionFilter() |
| Modifier and Type | Method and Description |
|---|---|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain) |
static Map<String,String> |
getFilterParams(Configuration conf,
String confPrefix)
Constructs a mapping of configuration properties to be used for filter
initialization.
|
void |
handleHttpInteraction(RestCsrfPreventionFilter.HttpInteraction httpInteraction)
Handles an
RestCsrfPreventionFilter.HttpInteraction by applying the filtering logic. |
void |
init(javax.servlet.FilterConfig filterConfig) |
protected boolean |
isBrowser(String userAgent)
This method interrogates the User-Agent String and returns whether it
refers to a browser.
|
public static final String HEADER_USER_AGENT
public static final String BROWSER_USER_AGENT_PARAM
public static final String CUSTOM_HEADER_PARAM
public static final String CUSTOM_METHODS_TO_IGNORE_PARAM
public static final String HEADER_DEFAULT
public void init(javax.servlet.FilterConfig filterConfig)
throws javax.servlet.ServletException
init in interface javax.servlet.Filterjavax.servlet.ServletExceptionprotected boolean isBrowser(String userAgent)
A User-Agent String is considered to be a browser if it matches any of the regex patterns from browser-useragent-regex; the default behavior is to consider everything a browser that matches the following: "^Mozilla.*,^Opera.*". Subclasses can optionally override this method to use different behavior.
userAgent - The User-Agent String, or null if there isn't onepublic void handleHttpInteraction(RestCsrfPreventionFilter.HttpInteraction httpInteraction) throws IOException, javax.servlet.ServletException
RestCsrfPreventionFilter.HttpInteraction by applying the filtering logic.httpInteraction - caller's HTTP interactionIOException - if there is an I/O errorjavax.servlet.ServletException - if the implementation relies on the servlet API
and a servlet API call has failedpublic void doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
doFilter in interface javax.servlet.FilterIOExceptionjavax.servlet.ServletExceptionpublic void destroy()
destroy in interface javax.servlet.Filterpublic static Map<String,String> getFilterParams(Configuration conf, String confPrefix)
conf - configuration to readconfPrefix - configuration prefixCopyright © 2008–2022 Apache Software Foundation. All rights reserved.