Package com.avoka.fc.core.servlet

Class SafeRequestWrapper

java.lang.Object

javax.servlet.ServletRequestWrapper

javax.servlet.http.HttpServletRequestWrapper

com.avoka.fc.core.servlet.SafeRequestWrapper

All Implemented Interfaces:

HttpServletRequest, ServletRequest

public class SafeRequestWrapper
extends HttpServletRequestWrapper

Provides an XSS Safe HTTP Request Wrapper which will not XSS unsafe request parameter names and values.

Since:

4.0.0

Field Summary

Fields inherited from interface javax.servlet.http.HttpServletRequest

BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

Constructor Summary

Constructors

Constructor	Description
SafeRequestWrapper(HttpServletRequest request)	Create an XSS Safe HTTP Request Wrapper.
SafeRequestWrapper(HttpServletRequest request, String callingService)	Create an XSS Safe HTTP Request Wrapper.

Method Summary

Modifier and Type	Method	Description
String	getParameter(String name)
Map	getParameterMap()
Enumeration	getParameterNames()
String[]	getParameterValues(String name)
String	toString()

Methods inherited from class javax.servlet.http.HttpServletRequestWrapper

authenticate, changeSessionId, getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getHttpServletMapping, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRemoteUser, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, getTrailerFields, getUserPrincipal, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid, isTrailerFieldsReady, isUserInRole, login, logout, newPushBuilder, upgrade

Methods inherited from class javax.servlet.ServletRequestWrapper

getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface javax.servlet.ServletRequest

getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync

Constructor Detail

SafeRequestWrapper

public SafeRequestWrapper(HttpServletRequest request)

Create an XSS Safe HTTP Request Wrapper.

Parameters:

request - the underlying HTTP request

SafeRequestWrapper

public SafeRequestWrapper(HttpServletRequest request,
                          String callingService)

Create an XSS Safe HTTP Request Wrapper.

Parameters:

request - the underlying HTTP request

callingService - the calling service

Since:

4.1.0

Method Detail

getParameter

public String getParameter(String name)

Specified by:

getParameter in interface ServletRequest

Overrides:

getParameter in class ServletRequestWrapper

Parameters:

name - the request parameter name

Returns:

the XSS safe request parameter value

See Also:

ServletRequestWrapper.getParameter(java.lang.String)

getParameterMap

public Map getParameterMap()

Specified by:

getParameterMap in interface ServletRequest

Overrides:

getParameterMap in class ServletRequestWrapper

Returns:

a Map of XSS safe request parameters

See Also:

ServletRequestWrapper.getParameterMap()

getParameterNames

public Enumeration getParameterNames()

Specified by:

getParameterNames in interface ServletRequest

Overrides:

getParameterNames in class ServletRequestWrapper

Returns:

an XSS safe request parameter names enumeration

See Also:

ServletRequestWrapper.getParameterNames()

getParameterValues

public String[] getParameterValues(String name)

Specified by:

getParameterValues in interface ServletRequest

Overrides:

getParameterValues in class ServletRequestWrapper

Parameters:

name - the request parameter name

Returns:

an XSS safe request parameter values array

See Also:

ServletRequestWrapper.getParameterValues(java.lang.String)

toString

public String toString()

Overrides:

toString in class Object

Returns:

string representation of this object