SecurityWrapper (ESAPI 2.1.0.1 API)

java.lang.Object
- org.owasp.esapi.filters.SecurityWrapper

All Implemented Interfaces:

javax.servlet.Filter
```
public class SecurityWrapper
extends Object
implements javax.servlet.Filter
```
This filter wraps the incoming request and outgoing response and overrides many methods with safer versions. Many of the safer versions simply validate parts of the request or response for unwanted characters before allowing the call to complete. Some examples of attacks that use these vectors include request splitting, response splitting, and file download injection. Attackers use techniques like CRLF injection and null byte injection to confuse the parsing of requests and responses.
Example Configuration #1 (Default Configuration allows /WEB-INF):
```
 <filter>
    <filter-name>SecurityWrapperDefault</filter-name>
    <filter-class>org.owasp.filters.SecurityWrapper</filter-class>
 </filter>
 
```
Example Configuration #2 (Allows /servlet)
```
 <filter>
    <filter-name>SecurityWrapperForServlet</filter-name>
    <filter-class>org.owasp.filters.SecurityWrapper</filter-class>
    <init-param>
       <param-name>allowableResourceRoot</param-name>
       <param-value>/servlet</param-value>
    </init-param>
 </filter>
 
```
Author:

Chris Schmidt ([email protected])

Constructor Summary

Constructors
Constructor and Description

SecurityWrapper()

Constructors
Constructor and Description
`SecurityWrapper()`

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`destroy()`
`void`	`doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)`
`void`	`init(javax.servlet.FilterConfig filterConfig)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- SecurityWrapper
```
public SecurityWrapper()
```

Method Detail

doFilter

public void doFilter(javax.servlet.ServletRequest request,
            javax.servlet.ServletResponse response,
            javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Specified by:: doFilter in interface javax.servlet.Filter
Parameters:: request -; response -; chain -
Throws:: IOException; javax.servlet.ServletException

destroy
```
public void destroy()
```
Specified by:

destroy in interface javax.servlet.Filter

init
```
public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
```
Specified by:

init in interface javax.servlet.Filter

Parameters:
filterConfig -

Throws:

javax.servlet.ServletException

Class SecurityWrapper

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SecurityWrapper

Method Detail

doFilter

destroy

init