Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.owasp.esapi.waf
Class ESAPIWebApplicationFirewallFilter

java.lang.Object
  extended by org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
All Implemented Interfaces:
javax.servlet.Filter
public class ESAPIWebApplicationFirewallFilter
extends java.lang.Object
implements javax.servlet.Filter

This is the main class for the ESAPI Web Application Firewall (WAF). It is a standard J2EE servlet filter that, in different methods, invokes the reading of the configuration file and handles the runtime processing and enforcing of the developer-specified rules. Ideally the filter should be configured to catch all requests (/*) in web.xml. If there are URL segments that need to be extremely fast and don't require any protection, the pattern may be modified with extreme caution.

Author:
Arshan Dabirsiaghi

Constructor Summary
ESAPIWebApplicationFirewallFilter()
           
 
Method Summary
 void destroy()
           
 void doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain chain)
          This is the where the main interception and rule-checking logic of the WAF resides.
 AppGuardianConfiguration getConfiguration()
           
 void init(javax.servlet.FilterConfig fc)
          This function is invoked at application startup and when the configuration file polling period has elapsed and a change in the configuration file has been detected.
 void setConfiguration(java.lang.String policyFilePath, java.lang.String webRootDir)
          This function is used in testing to dynamically alter the configuration.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ESAPIWebApplicationFirewallFilter

public ESAPIWebApplicationFirewallFilter()
Method Detail

setConfiguration

public void setConfiguration(java.lang.String policyFilePath,
                             java.lang.String webRootDir)
                      throws java.io.FileNotFoundException
This function is used in testing to dynamically alter the configuration.

Parameters:
policyFilePath - The path to the policy file
webRootDir - The root directory of the web application.
Throws:
java.io.FileNotFoundException - if the policy file cannot be located

getConfiguration

public AppGuardianConfiguration getConfiguration()

init

public void init(javax.servlet.FilterConfig fc)
          throws javax.servlet.ServletException
This function is invoked at application startup and when the configuration file polling period has elapsed and a change in the configuration file has been detected. It's main purpose is to read the configuration file and establish the configuration object model for use at runtime during the doFilter() method.

Specified by:
init in interface javax.servlet.Filter
Throws:
javax.servlet.ServletException

doFilter

public void doFilter(javax.servlet.ServletRequest servletRequest,
                     javax.servlet.ServletResponse servletResponse,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException
This is the where the main interception and rule-checking logic of the WAF resides.

Specified by:
doFilter in interface javax.servlet.Filter
Throws:
java.io.IOException
javax.servlet.ServletException

destroy

public void destroy()
Specified by:
destroy in interface javax.servlet.Filter
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2010 The Open Web Application Security Project (OWASP). All Rights Reserved.