SecureXSSHttpServletRequest

Overview

Package

Class

Use

Tree

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.basecmp.core.util
Class SecureXSSHttpServletRequest

java.lang.Object
  com.basecmp.core.util.SecureXSSHttpServletRequest

public class SecureXSSHttpServletRequest
extends java.lang.Object

Http-Request-Wrapper filters all posted request-variables against malicious XSS-attacks by replacing suspicious characters against unsuspicous HTML-entities.

Replacements:

< to <
> to >
" to "
' to '
( to (
) to )
: to :
[ to [
] to ]

Implementationsnotes:
For performance and resource-saving reasons and a filtered parametervalue value will be cached withing the lifetime of the instance of this request at first request of its corresponding parametername.
Essentially all getter-methods are overwritten. Created on 08.01.2007

Author:: Wolfgang Schröder

Constructor Summary
`SecureXSSHttpServletRequest(HttpServletRequest request)`

Method Summary
`void`	`addParameterValues(java.util.Map pm, java.lang.String key, java.lang.String[] value)`
`java.lang.Object`	`getAttribute(java.lang.String arg0)`
`java.util.Enumeration`	`getAttributeNames()`
`java.lang.String`	`getAuthType()`
`java.lang.String`	`getCharacterEncoding()`
`int`	`getContentLength()`
`java.lang.String`	`getContentType()`
`java.lang.String`	`getContextPath()`
`Cookie[]`	`getCookies()`
`long`	`getDateHeader(java.lang.String arg0)`
`java.lang.String`	`getHeader(java.lang.String arg0)`
`java.util.Enumeration`	`getHeaderNames()`
`java.util.Enumeration`	`getHeaders(java.lang.String arg0)`
`ServletInputStream`	`getInputStream()`
`int`	`getIntHeader(java.lang.String arg0)`
`java.lang.String`	`getLocalAddr()`
`java.util.Locale`	`getLocale()`
`java.util.Enumeration`	`getLocales()`
`java.lang.String`	`getLocalName()`
`int`	`getLocalPort()`
`java.lang.String`	`getMethod()`
`java.lang.String`	`getParameter(java.lang.String parametername)`
`java.util.Map`	`getParameterMap()`
`java.util.Map`	`getParameterMap(java.lang.String url)` Parst die mit der URL übegebenen Get-Parameter und liefert eine Map aller Parameter mit dem Namen der Parameter als Key und den Wert(en) als String-Array.
`java.util.Enumeration`	`getParameterNames()`
`java.lang.String[]`	`getParameterValues(java.lang.String parametername)`
`java.lang.String`	`getPathInfo()`
`java.lang.String`	`getPathTranslated()`
`java.lang.String`	`getProtocol()`
`java.lang.String`	`getQueryString()`
`java.io.BufferedReader`	`getReader()`
`java.lang.String`	`getRealPath(java.lang.String arg0)`
`java.lang.String`	`getRemoteAddr()`
`java.lang.String`	`getRemoteHost()`
`int`	`getRemotePort()`
`java.lang.String`	`getRemoteUser()`
`RequestDispatcher`	`getRequestDispatcher(java.lang.String arg0)`
`java.lang.String`	`getRequestedSessionId()`
`java.lang.String`	`getRequestURI()`
`java.lang.StringBuffer`	`getRequestURL()`
`java.lang.String`	`getScheme()`
`java.lang.String`	`getServerName()`
`int`	`getServerPort()`
`java.lang.String`	`getServletPath()`
`HttpSession`	`getSession()`
`HttpSession`	`getSession(boolean arg0)`
`java.security.Principal`	`getUserPrincipal()`
`boolean`	`isRequestedSessionIdFromCookie()`
`boolean`	`isRequestedSessionIdFromUrl()`
`boolean`	`isRequestedSessionIdFromURL()`
`boolean`	`isRequestedSessionIdValid()`
`boolean`	`isSecure()`
`boolean`	`isUserInRole(java.lang.String arg0)`
`void`	`removeAttribute(java.lang.String arg0)`
`void`	`setAttribute(java.lang.String arg0, java.lang.Object arg1)`
`void`	`setCharacterEncoding(java.lang.String arg0)`

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail