Package org.owasp.esapi.filters
Class ESAPIFilter
- java.lang.Object
-
- org.owasp.esapi.filters.ESAPIFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
public class ESAPIFilter extends java.lang.Object implements javax.servlet.Filter
- Author:
- jwilliams
-
-
Constructor Summary
Constructors Constructor Description ESAPIFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
destroy()
Called by the web container to indicate to a filter that it is being taken out of service.void
doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse resp, javax.servlet.FilterChain chain)
The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain.void
init(javax.servlet.FilterConfig filterConfig)
Called by the web container to indicate to a filter that it is being placed into service.
-
-
-
Method Detail
-
init
public void init(javax.servlet.FilterConfig filterConfig)
Called by the web container to indicate to a filter that it is being placed into service. The servlet container calls the init method exactly once after instantiating the filter. The init method must complete successfully before the filter is asked to do any filtering work.Init parameters in web.xml for this filter:
- resourceDirectory: sets ESAPI resource directory. No default.
- loginPage: login page for your application. Default is "WEB-INF/login.jsp".
- publicUnauthorizedLandingPage: page to forward unauthorized attempts to. Generally should be public, but must at least be available to all authenticated users. Default is "WEB-INF/index.jsp".
- Specified by:
init
in interfacejavax.servlet.Filter
- Parameters:
filterConfig
- configuration object
-
doFilter
public void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse resp, javax.servlet.FilterChain chain) throws java.io.IOException
The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.- Specified by:
doFilter
in interfacejavax.servlet.Filter
- Parameters:
req
- Request object to be processedresp
- Response objectchain
- current FilterChain- Throws:
java.io.IOException
- if any occurs
-
destroy
public void destroy()
Called by the web container to indicate to a filter that it is being taken out of service. This method is only called once all threads within the filter's doFilter method have exited or after a timeout period has passed. After the web container calls this method, it will not call the doFilter method again on this instance of the filter.- Specified by:
destroy
in interfacejavax.servlet.Filter
-
-