Package com.avoka.fc.core.servlet
Class SafeRequestWrapper
java.lang.Object
jakarta.servlet.ServletRequestWrapper
jakarta.servlet.http.HttpServletRequestWrapper
com.avoka.fc.core.servlet.SafeRequestWrapper
- All Implemented Interfaces:
jakarta.servlet.http.HttpServletRequest
,jakarta.servlet.ServletRequest
public class SafeRequestWrapper
extends jakarta.servlet.http.HttpServletRequestWrapper
Provides an XSS Safe HTTP Request Wrapper which will not XSS unsafe request parameter names and values.
- Since:
- 4.0.0
-
Field Summary
Fields inherited from interface jakarta.servlet.http.HttpServletRequest
BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH
-
Constructor Summary
ConstructorDescriptionSafeRequestWrapper
(jakarta.servlet.http.HttpServletRequest request) Create an XSS Safe HTTP Request Wrapper.SafeRequestWrapper
(jakarta.servlet.http.HttpServletRequest request, String callingService) Create an XSS Safe HTTP Request Wrapper. -
Method Summary
Modifier and TypeMethodDescriptiongetParameter
(String name) String[]
getParameterValues
(String name) toString()
Methods inherited from class jakarta.servlet.http.HttpServletRequestWrapper
authenticate, changeSessionId, getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getHttpServletMapping, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRemoteUser, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, getTrailerFields, getUserPrincipal, isRequestedSessionIdFromCookie, isRequestedSessionIdFromURL, isRequestedSessionIdValid, isTrailerFieldsReady, isUserInRole, login, logout, newPushBuilder, upgrade
Methods inherited from class jakarta.servlet.ServletRequestWrapper
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getProtocol, getProtocolRequestId, getReader, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getRequestId, getScheme, getServerName, getServerPort, getServletConnection, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface jakarta.servlet.ServletRequest
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getProtocol, getProtocolRequestId, getReader, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getRequestId, getScheme, getServerName, getServerPort, getServletConnection, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync
-
Constructor Details
-
SafeRequestWrapper
public SafeRequestWrapper(jakarta.servlet.http.HttpServletRequest request) Create an XSS Safe HTTP Request Wrapper.- Parameters:
request
- the underlying HTTP request
-
SafeRequestWrapper
Create an XSS Safe HTTP Request Wrapper.- Parameters:
request
- the underlying HTTP requestcallingService
- the calling service- Since:
- 4.1.0
-
-
Method Details
-
getParameter
- Specified by:
getParameter
in interfacejakarta.servlet.ServletRequest
- Overrides:
getParameter
in classjakarta.servlet.ServletRequestWrapper
- Parameters:
name
- the request parameter name- Returns:
- the XSS safe request parameter value
- See Also:
-
ServletRequestWrapper.getParameter(java.lang.String)
-
getParameterMap
- Specified by:
getParameterMap
in interfacejakarta.servlet.ServletRequest
- Overrides:
getParameterMap
in classjakarta.servlet.ServletRequestWrapper
- Returns:
- a Map of XSS safe request parameters
- See Also:
-
ServletRequestWrapper.getParameterMap()
-
getParameterNames
- Specified by:
getParameterNames
in interfacejakarta.servlet.ServletRequest
- Overrides:
getParameterNames
in classjakarta.servlet.ServletRequestWrapper
- Returns:
- an XSS safe request parameter names enumeration
- See Also:
-
ServletRequestWrapper.getParameterNames()
-
getParameterValues
- Specified by:
getParameterValues
in interfacejakarta.servlet.ServletRequest
- Overrides:
getParameterValues
in classjakarta.servlet.ServletRequestWrapper
- Parameters:
name
- the request parameter name- Returns:
- an XSS safe request parameter values array
- See Also:
-
ServletRequestWrapper.getParameterValues(java.lang.String)
-
toString
-