|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object javax.servlet.ServletResponseWrapper javax.servlet.http.HttpServletResponseWrapper org.owasp.esapi.filters.SecurityWrapperResponse
public class SecurityWrapperResponse
This response wrapper simply overrides unsafe methods in the HttpServletResponse API with safe versions.
Field Summary |
---|
Fields inherited from interface javax.servlet.http.HttpServletResponse |
---|
SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_FOUND, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY |
Constructor Summary | |
---|---|
SecurityWrapperResponse(javax.servlet.http.HttpServletResponse response)
Construct a safe response that overrides the default response methods with safer versions. |
|
SecurityWrapperResponse(javax.servlet.http.HttpServletResponse response,
java.lang.String mode)
|
Method Summary | |
---|---|
void |
addCookie(javax.servlet.http.Cookie cookie)
Add a cookie to the response after ensuring that there are no encoded or illegal characters in the name and name and value. |
void |
addDateHeader(java.lang.String name,
long date)
Add a cookie to the response after ensuring that there are no encoded or illegal characters in the name. |
void |
addHeader(java.lang.String name,
java.lang.String value)
Add a header to the response after ensuring that there are no encoded or illegal characters in the name and name and value. |
void |
addIntHeader(java.lang.String name,
int value)
Add an int header to the response after ensuring that there are no encoded or illegal characters in the name and name. |
boolean |
containsHeader(java.lang.String name)
Same as HttpServletResponse, no security changes required. |
java.lang.String |
encodeRedirectUrl(java.lang.String url)
Deprecated. in servlet spec 2.1. Use encodeRedirectUrl(String) instead. |
java.lang.String |
encodeRedirectURL(java.lang.String url)
Return the URL without any changes, to prevent disclosure of the Session ID The default implementation of this method can add the Session ID to the URL if support for cookies is not detected. |
java.lang.String |
encodeUrl(java.lang.String url)
Deprecated. in servlet spec 2.1. Use encodeURL(String) instead. |
java.lang.String |
encodeURL(java.lang.String url)
Return the URL without any changes, to prevent disclosure of the Session ID The default implementation of this method can add the Session ID to the URL if support for cookies is not detected. |
void |
flushBuffer()
Same as HttpServletResponse, no security changes required. |
int |
getBufferSize()
Same as HttpServletResponse, no security changes required. |
java.lang.String |
getCharacterEncoding()
Same as HttpServletResponse, no security changes required. |
java.lang.String |
getContentType()
Same as HttpServletResponse, no security changes required. |
java.util.Locale |
getLocale()
Same as HttpServletResponse, no security changes required. |
javax.servlet.ServletOutputStream |
getOutputStream()
Same as HttpServletResponse, no security changes required. |
java.io.PrintWriter |
getWriter()
Same as HttpServletResponse, no security changes required. |
boolean |
isCommitted()
Same as HttpServletResponse, no security changes required. |
void |
reset()
Same as HttpServletResponse, no security changes required. |
void |
resetBuffer()
Same as HttpServletResponse, no security changes required. |
void |
sendError(int sc)
Override the error code with a 200 in order to confound attackers using automated scanners. |
void |
sendError(int sc,
java.lang.String msg)
Override the error code with a 200 in order to confound attackers using automated scanners. |
void |
sendRedirect(java.lang.String location)
This method generates a redirect response that can only be used to redirect the browser to safe locations, as configured in the ESAPI security configuration. |
void |
setBufferSize(int size)
Same as HttpServletResponse, no security changes required. |
void |
setCharacterEncoding(java.lang.String charset)
Sets the character encoding to the ESAPI configured encoding. |
void |
setContentLength(int len)
Same as HttpServletResponse, no security changes required. |
void |
setContentType(java.lang.String type)
Same as HttpServletResponse, no security changes required. |
void |
setDateHeader(java.lang.String name,
long date)
Add a date header to the response after ensuring that there are no encoded or illegal characters in the name. |
void |
setHeader(java.lang.String name,
java.lang.String value)
Add a header to the response after ensuring that there are no encoded or illegal characters in the name and value. |
void |
setIntHeader(java.lang.String name,
int value)
Add an int header to the response after ensuring that there are no encoded or illegal characters in the name. |
void |
setLocale(java.util.Locale loc)
Same as HttpServletResponse, no security changes required. |
void |
setStatus(int sc)
Override the status code with a 200 in order to confound attackers using automated scanners. |
void |
setStatus(int sc,
java.lang.String sm)
Deprecated. In Servlet spec 2.1. |
Methods inherited from class javax.servlet.ServletResponseWrapper |
---|
getResponse, setResponse |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public SecurityWrapperResponse(javax.servlet.http.HttpServletResponse response)
response
- public SecurityWrapperResponse(javax.servlet.http.HttpServletResponse response, java.lang.String mode)
response
- mode
- Method Detail |
---|
public void addCookie(javax.servlet.http.Cookie cookie)
addCookie
in interface javax.servlet.http.HttpServletResponse
addCookie
in class javax.servlet.http.HttpServletResponseWrapper
cookie
- public void addDateHeader(java.lang.String name, long date)
addDateHeader
in interface javax.servlet.http.HttpServletResponse
addDateHeader
in class javax.servlet.http.HttpServletResponseWrapper
name
- date
- public void addHeader(java.lang.String name, java.lang.String value)
addHeader
in interface javax.servlet.http.HttpServletResponse
addHeader
in class javax.servlet.http.HttpServletResponseWrapper
name
- value
- public void addIntHeader(java.lang.String name, int value)
addIntHeader
in interface javax.servlet.http.HttpServletResponse
addIntHeader
in class javax.servlet.http.HttpServletResponseWrapper
name
- value
- public boolean containsHeader(java.lang.String name)
containsHeader
in interface javax.servlet.http.HttpServletResponse
containsHeader
in class javax.servlet.http.HttpServletResponseWrapper
name
-
@Deprecated public java.lang.String encodeRedirectUrl(java.lang.String url)
encodeRedirectUrl(String)
instead.
encodeRedirectUrl
in interface javax.servlet.http.HttpServletResponse
encodeRedirectUrl
in class javax.servlet.http.HttpServletResponseWrapper
url
-
public java.lang.String encodeRedirectURL(java.lang.String url)
encodeRedirectURL
in interface javax.servlet.http.HttpServletResponse
encodeRedirectURL
in class javax.servlet.http.HttpServletResponseWrapper
url
-
@Deprecated public java.lang.String encodeUrl(java.lang.String url)
encodeURL(String)
instead.
encodeUrl
in interface javax.servlet.http.HttpServletResponse
encodeUrl
in class javax.servlet.http.HttpServletResponseWrapper
url
-
public java.lang.String encodeURL(java.lang.String url)
encodeURL
in interface javax.servlet.http.HttpServletResponse
encodeURL
in class javax.servlet.http.HttpServletResponseWrapper
url
-
public void flushBuffer() throws java.io.IOException
flushBuffer
in interface javax.servlet.ServletResponse
flushBuffer
in class javax.servlet.ServletResponseWrapper
java.io.IOException
public int getBufferSize()
getBufferSize
in interface javax.servlet.ServletResponse
getBufferSize
in class javax.servlet.ServletResponseWrapper
public java.lang.String getCharacterEncoding()
getCharacterEncoding
in interface javax.servlet.ServletResponse
getCharacterEncoding
in class javax.servlet.ServletResponseWrapper
public java.lang.String getContentType()
getContentType
in interface javax.servlet.ServletResponse
getContentType
in class javax.servlet.ServletResponseWrapper
public java.util.Locale getLocale()
getLocale
in interface javax.servlet.ServletResponse
getLocale
in class javax.servlet.ServletResponseWrapper
public javax.servlet.ServletOutputStream getOutputStream() throws java.io.IOException
getOutputStream
in interface javax.servlet.ServletResponse
getOutputStream
in class javax.servlet.ServletResponseWrapper
java.io.IOException
public java.io.PrintWriter getWriter() throws java.io.IOException
getWriter
in interface javax.servlet.ServletResponse
getWriter
in class javax.servlet.ServletResponseWrapper
java.io.IOException
public boolean isCommitted()
isCommitted
in interface javax.servlet.ServletResponse
isCommitted
in class javax.servlet.ServletResponseWrapper
public void reset()
reset
in interface javax.servlet.ServletResponse
reset
in class javax.servlet.ServletResponseWrapper
public void resetBuffer()
resetBuffer
in interface javax.servlet.ServletResponse
resetBuffer
in class javax.servlet.ServletResponseWrapper
public void sendError(int sc) throws java.io.IOException
sendError
in interface javax.servlet.http.HttpServletResponse
sendError
in class javax.servlet.http.HttpServletResponseWrapper
sc
-
java.io.IOException
public void sendError(int sc, java.lang.String msg) throws java.io.IOException
sendError
in interface javax.servlet.http.HttpServletResponse
sendError
in class javax.servlet.http.HttpServletResponseWrapper
sc
- msg
-
java.io.IOException
public void sendRedirect(java.lang.String location) throws java.io.IOException
sendRedirect
in interface javax.servlet.http.HttpServletResponse
sendRedirect
in class javax.servlet.http.HttpServletResponseWrapper
location
-
java.io.IOException
public void setBufferSize(int size)
setBufferSize
in interface javax.servlet.ServletResponse
setBufferSize
in class javax.servlet.ServletResponseWrapper
size
- public void setCharacterEncoding(java.lang.String charset)
setCharacterEncoding
in interface javax.servlet.ServletResponse
setCharacterEncoding
in class javax.servlet.ServletResponseWrapper
charset
- public void setContentLength(int len)
setContentLength
in interface javax.servlet.ServletResponse
setContentLength
in class javax.servlet.ServletResponseWrapper
len
- public void setContentType(java.lang.String type)
setContentType
in interface javax.servlet.ServletResponse
setContentType
in class javax.servlet.ServletResponseWrapper
type
- public void setDateHeader(java.lang.String name, long date)
setDateHeader
in interface javax.servlet.http.HttpServletResponse
setDateHeader
in class javax.servlet.http.HttpServletResponseWrapper
name
- date
- public void setHeader(java.lang.String name, java.lang.String value)
setHeader
in interface javax.servlet.http.HttpServletResponse
setHeader
in class javax.servlet.http.HttpServletResponseWrapper
name
- value
- public void setIntHeader(java.lang.String name, int value)
setIntHeader
in interface javax.servlet.http.HttpServletResponse
setIntHeader
in class javax.servlet.http.HttpServletResponseWrapper
name
- value
- public void setLocale(java.util.Locale loc)
setLocale
in interface javax.servlet.ServletResponse
setLocale
in class javax.servlet.ServletResponseWrapper
loc
- public void setStatus(int sc)
setStatus
in interface javax.servlet.http.HttpServletResponse
setStatus
in class javax.servlet.http.HttpServletResponseWrapper
sc
- @Deprecated public void setStatus(int sc, java.lang.String sm)
setStatus
in interface javax.servlet.http.HttpServletResponse
setStatus
in class javax.servlet.http.HttpServletResponseWrapper
sc
- sm
-
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |