com.avoka.fc.core.servlet.SafeRequestWrapper

All Implemented Interfaces:: HttpServletRequest, ServletRequest

public class SafeRequestWrapper extends HttpServletRequestWrapper

Provides an XSS Safe HTTP Request Wrapper which will not XSS unsafe request parameter names and values.

Since:: 4.0.0

Field Summary

Fields inherited from interface javax.servlet.http.HttpServletRequest
BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH
Constructor Summary

Constructors

Constructor

Description

SafeRequestWrapper(HttpServletRequest request)

Create an XSS Safe HTTP Request Wrapper.

SafeRequestWrapper(HttpServletRequest request, String callingService)

Create an XSS Safe HTTP Request Wrapper.
Method Summary

Modifier and Type

Method

Description

String

getParameter(String name)

Map

getParameterMap()

Enumeration

getParameterNames()

String[]

getParameterValues(String name)

String

toString()

Methods inherited from class javax.servlet.http.HttpServletRequestWrapper
authenticate, changeSessionId, getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getHttpServletMapping, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRemoteUser, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, getTrailerFields, getUserPrincipal, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid, isTrailerFieldsReady, isUserInRole, login, logout, newPushBuilder, upgrade

Methods inherited from class javax.servlet.ServletRequestWrapper
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface javax.servlet.ServletRequest
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync

Constructor Details
- SafeRequestWrapper
  
  public SafeRequestWrapper(HttpServletRequest request)
  
  Create an XSS Safe HTTP Request Wrapper.
  
  Parameters:
  
  request - the underlying HTTP request
- SafeRequestWrapper
  
  public SafeRequestWrapper(HttpServletRequest request, String callingService)
  
  Create an XSS Safe HTTP Request Wrapper.
  
  Parameters:
  
  request - the underlying HTTP request
  
  callingService - the calling service
  
  Since:
  
  4.1.0
Method Details
- getParameter
  
  public String getParameter(String name)
  Specified by:
  
  getParameter in interface ServletRequest
  
  Overrides:
  
  getParameter in class ServletRequestWrapper
  
  Parameters:
  
  name - the request parameter name
  
  Returns:
  
  the XSS safe request parameter value
  
  See Also:
  
  ServletRequestWrapper.getParameter(java.lang.String)
- getParameterMap
  
  public Map getParameterMap()
  Specified by:
  
  getParameterMap in interface ServletRequest
  
  Overrides:
  
  getParameterMap in class ServletRequestWrapper
  
  Returns:
  
  a Map of XSS safe request parameters
  
  See Also:
  
  ServletRequestWrapper.getParameterMap()
- getParameterNames
  
  public Enumeration getParameterNames()
  Specified by:
  
  getParameterNames in interface ServletRequest
  
  Overrides:
  
  getParameterNames in class ServletRequestWrapper
  
  Returns:
  
  an XSS safe request parameter names enumeration
  
  See Also:
  
  ServletRequestWrapper.getParameterNames()
- getParameterValues
  
  public String[] getParameterValues(String name)
  Specified by:
  
  getParameterValues in interface ServletRequest
  
  Overrides:
  
  getParameterValues in class ServletRequestWrapper
  
  Parameters:
  
  name - the request parameter name
  
  Returns:
  
  an XSS safe request parameter values array
  
  See Also:
  
  ServletRequestWrapper.getParameterValues(java.lang.String)
- toString
  
  public String toString()
  
  Overrides:
  
  toString in class Object
  
  Returns:
  
  string representation of this object

Class SafeRequestWrapper

Field Summary

Fields inherited from interface javax.servlet.http.HttpServletRequest

Constructor Summary

Method Summary

Methods inherited from class javax.servlet.http.HttpServletRequestWrapper

Methods inherited from class javax.servlet.ServletRequestWrapper

Methods inherited from class java.lang.Object

Methods inherited from interface javax.servlet.ServletRequest

Constructor Details

SafeRequestWrapper

SafeRequestWrapper

Method Details

getParameter

getParameterMap

getParameterNames

getParameterValues

toString