Class ESAPIFilter

  • All Implemented Interfaces:
    javax.servlet.Filter

    public class ESAPIFilter
    extends java.lang.Object
    implements javax.servlet.Filter
    Author:
    jwilliams
    • Constructor Summary

      Constructors 
      Constructor Description
      ESAPIFilter()  
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void destroy()
      Called by the web container to indicate to a filter that it is being taken out of service.
      void doFilter​(javax.servlet.ServletRequest req, javax.servlet.ServletResponse resp, javax.servlet.FilterChain chain)
      The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain.
      void init​(javax.servlet.FilterConfig filterConfig)
      Called by the web container to indicate to a filter that it is being placed into service.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • ESAPIFilter

        public ESAPIFilter()
    • Method Detail

      • init

        public void init​(javax.servlet.FilterConfig filterConfig)
        Called by the web container to indicate to a filter that it is being placed into service. The servlet container calls the init method exactly once after instantiating the filter. The init method must complete successfully before the filter is asked to do any filtering work.

        Init parameters in web.xml for this filter:

        • resourceDirectory: sets ESAPI resource directory. No default.
        • loginPage: login page for your application. Default is "WEB-INF/login.jsp".
        • publicUnauthorizedLandingPage: page to forward unauthorized attempts to. Generally should be public, but must at least be available to all authenticated users. Default is "WEB-INF/index.jsp".

        Specified by:
        init in interface javax.servlet.Filter
        Parameters:
        filterConfig - configuration object
      • doFilter

        public void doFilter​(javax.servlet.ServletRequest req,
                             javax.servlet.ServletResponse resp,
                             javax.servlet.FilterChain chain)
                      throws java.io.IOException
        The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.
        Specified by:
        doFilter in interface javax.servlet.Filter
        Parameters:
        req - Request object to be processed
        resp - Response object
        chain - current FilterChain
        Throws:
        java.io.IOException - if any occurs
      • destroy

        public void destroy()
        Called by the web container to indicate to a filter that it is being taken out of service. This method is only called once all threads within the filter's doFilter method have exited or after a timeout period has passed. After the web container calls this method, it will not call the doFilter method again on this instance of the filter.
        Specified by:
        destroy in interface javax.servlet.Filter