Package org.apache.catalina.filters
Class CsrfPreventionFilterBase
- java.lang.Object
- 
- org.apache.catalina.filters.FilterBase
- 
- org.apache.catalina.filters.CsrfPreventionFilterBase
 
 
- 
- All Implemented Interfaces:
- Filter
 - Direct Known Subclasses:
- CsrfPreventionFilter,- RestCsrfPreventionFilter
 
 public abstract class CsrfPreventionFilterBase extends FilterBase 
- 
- 
Field Summary- 
Fields inherited from class org.apache.catalina.filters.FilterBasesm
 
- 
 - 
Constructor SummaryConstructors Constructor Description CsrfPreventionFilterBase()
 - 
Method SummaryAll Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description protected java.lang.StringgenerateNonce()Deprecated.UsegenerateNonce(HttpServletRequest)instead.protected java.lang.StringgenerateNonce(HttpServletRequest request)Generate a once time token (nonce) for authenticating subsequent requests.intgetDenyStatus()protected LoggetLogger()protected java.lang.StringgetRequestedPath(HttpServletRequest request)voidinit(FilterConfig filterConfig)Iterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.protected booleanisConfigProblemFatal()Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.voidsetDenyStatus(int denyStatus)Set response status code that is used to reject denied request.voidsetRandomClass(java.lang.String randomClass)Specify the class to use to generate the nonces.- 
Methods inherited from class org.apache.catalina.filters.FilterBasedestroy
 
- 
 
- 
- 
- 
Method Detail- 
getLoggerprotected Log getLogger() - Specified by:
- getLoggerin class- FilterBase
 
 - 
getDenyStatuspublic int getDenyStatus() - Returns:
- response status code that is used to reject denied request.
 
 - 
setDenyStatuspublic void setDenyStatus(int denyStatus) Set response status code that is used to reject denied request. If none set, the default value of 403 will be used.- Parameters:
- denyStatus- HTTP status code
 
 - 
setRandomClasspublic void setRandomClass(java.lang.String randomClass) Specify the class to use to generate the nonces. Must be in instance ofRandom.- Parameters:
- randomClass- The name of the class to use
 
 - 
initpublic void init(FilterConfig filterConfig) throws ServletException Description copied from class:FilterBaseIterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.- Specified by:
- initin interface- Filter
- Overrides:
- initin class- FilterBase
- Parameters:
- filterConfig- The configuration information associated with the filter instance being initialised
- Throws:
- ServletException- if- FilterBase.isConfigProblemFatal()returns- trueand a configured parameter does not have a matching setter
 
 - 
isConfigProblemFatalprotected boolean isConfigProblemFatal() Description copied from class:FilterBaseDetermines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.- Overrides:
- isConfigProblemFatalin class- FilterBase
- Returns:
- trueif a problem should trigger the failure of this filter, else- false
 
 - 
generateNonceprotected java.lang.String generateNonce(HttpServletRequest request) Generate a once time token (nonce) for authenticating subsequent requests. The nonce generation is a simplified version of ManagerBase.generateSessionId().- Parameters:
- request- The request. Unused in this method but present for the the benefit of sub-classes.
- Returns:
- the generated nonce
 
 - 
generateNonce@Deprecated protected java.lang.String generateNonce() Deprecated.UsegenerateNonce(HttpServletRequest)instead. This method will be removed in Apache Tomcat 10.1.x onwards.Generate a once time token (nonce) for authenticating subsequent requests. The nonce generation is a simplified version of ManagerBase.generateSessionId().- Returns:
- the generated nonce
 
 - 
getRequestedPathprotected java.lang.String getRequestedPath(HttpServletRequest request) 
 
- 
 
-