Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.owasp.esapi.waf.internal
Class InterceptingServletOutputStream

java.lang.Object
  extended by java.io.OutputStream
      extended by javax.servlet.ServletOutputStream
          extended by org.owasp.esapi.waf.internal.InterceptingServletOutputStream
All Implemented Interfaces:
java.io.Closeable, java.io.Flushable
public class InterceptingServletOutputStream
extends javax.servlet.ServletOutputStream

This class was inspired by ModSecurity for Java by Ivan Ristic. We hook the response stream and queue up all outbound data so that we can apply egress rules. For efficiency, we decide off the bat if we need to buffer responses to accomplish any of the rules in the policy file. If not, we just forward everything through, otherwise we write data to our byte stream that we will eventually forward en totale to the user agent.

Author:
Arshan Dabirsiaghi

Constructor Summary
InterceptingServletOutputStream(javax.servlet.ServletOutputStream os, boolean buffered)
           
 
Method Summary
 void close()
           
 void commit()
           
 void flush()
           
 byte[] getResponseBytes()
           
 void reset()
           
 void setResponseBytes(byte[] responseBytes)
           
 void write(byte[] b)
           
 void write(byte[] b, int off, int len)
           
 void write(int i)
           
 
Methods inherited from class javax.servlet.ServletOutputStream
print, print, print, print, print, print, print, println, println, println, println, println, println, println, println
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

InterceptingServletOutputStream

public InterceptingServletOutputStream(javax.servlet.ServletOutputStream os,
                                       boolean buffered)
                                throws java.io.FileNotFoundException,
                                       java.io.IOException
Throws:
java.io.FileNotFoundException
java.io.IOException
Method Detail

reset

public void reset()
           throws java.io.IOException
Throws:
java.io.IOException

getResponseBytes

public byte[] getResponseBytes()
                        throws java.io.IOException
Throws:
java.io.IOException

setResponseBytes

public void setResponseBytes(byte[] responseBytes)
                      throws java.io.IOException
Throws:
java.io.IOException

write

public void write(int i)
           throws java.io.IOException
Specified by:
write in class java.io.OutputStream
Throws:
java.io.IOException

write

public void write(byte[] b)
           throws java.io.IOException
Overrides:
write in class java.io.OutputStream
Throws:
java.io.IOException

write

public void write(byte[] b,
                  int off,
                  int len)
           throws java.io.IOException
Overrides:
write in class java.io.OutputStream
Throws:
java.io.IOException

flush

public void flush()
           throws java.io.IOException
Specified by:
flush in interface java.io.Flushable
Overrides:
flush in class java.io.OutputStream
Throws:
java.io.IOException

commit

public void commit()
            throws java.io.IOException
Throws:
java.io.IOException

close

public void close()
           throws java.io.IOException
Specified by:
close in interface java.io.Closeable
Overrides:
close in class java.io.OutputStream
Throws:
java.io.IOException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2011 The Open Web Application Security Project (OWASP). All Rights Reserved.