|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter
public class ESAPIWebApplicationFirewallFilter
This is the main class for the ESAPI Web Application Firewall (WAF). It is a standard J2EE servlet filter that, in different methods, invokes the reading of the configuration file and handles the runtime processing and enforcing of the developer-specified rules. Ideally the filter should be configured to catch all requests (/*) in web.xml. If there are URL segments that need to be extremely fast and don't require any protection, the pattern may be modified with extreme caution.
Constructor Summary | |
---|---|
ESAPIWebApplicationFirewallFilter()
|
Method Summary | |
---|---|
void |
destroy()
|
void |
doFilter(javax.servlet.ServletRequest servletRequest,
javax.servlet.ServletResponse servletResponse,
javax.servlet.FilterChain chain)
This is the where the main interception and rule-checking logic of the WAF resides. |
AppGuardianConfiguration |
getConfiguration()
|
void |
init(javax.servlet.FilterConfig fc)
This function is invoked at application startup and when the configuration file polling period has elapsed and a change in the configuration file has been detected. |
void |
setConfiguration(java.lang.String policyFilePath,
java.lang.String webRootDir)
This function is used in testing to dynamically alter the configuration. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public ESAPIWebApplicationFirewallFilter()
Method Detail |
---|
public void setConfiguration(java.lang.String policyFilePath, java.lang.String webRootDir) throws java.io.FileNotFoundException
policyFilePath
- The path to the policy filewebRootDir
- The root directory of the web application.
java.io.FileNotFoundException
- if the policy file cannot be locatedpublic AppGuardianConfiguration getConfiguration()
public void init(javax.servlet.FilterConfig fc) throws javax.servlet.ServletException
doFilter()
method.
init
in interface javax.servlet.Filter
javax.servlet.ServletException
public void doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
java.io.IOException
javax.servlet.ServletException
public void destroy()
destroy
in interface javax.servlet.Filter
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |