Package com.avoka.fc.core.servlet

Class SafeRequestWrapper

java.lang.Object
jakarta.servlet.ServletRequestWrapper
jakarta.servlet.http.HttpServletRequestWrapper
com.avoka.fc.core.servlet.SafeRequestWrapper
All Implemented Interfaces:
jakarta.servlet.http.HttpServletRequest, jakarta.servlet.ServletRequest
public class SafeRequestWrapper extends jakarta.servlet.http.HttpServletRequestWrapper
Provides an XSS Safe HTTP Request Wrapper which will not XSS unsafe request parameter names and values.
Since:
4.0.0

  • Field Summary

    Fields inherited from interface jakarta.servlet.http.HttpServletRequest

    BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

  • Constructor Summary

    Constructors
    Constructor
    Description
    SafeRequestWrapper(jakarta.servlet.http.HttpServletRequest request)
    Create an XSS Safe HTTP Request Wrapper.
    SafeRequestWrapper(jakarta.servlet.http.HttpServletRequest request, String callingService)
    Create an XSS Safe HTTP Request Wrapper.

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    getParameter(String name)
     
    Map
    getParameterMap()
     
    Enumeration
    getParameterNames()
     
    String[]
    getParameterValues(String name)
     
    String
    toString()
     

    Methods inherited from class jakarta.servlet.http.HttpServletRequestWrapper

    authenticate, changeSessionId, getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getHttpServletMapping, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRemoteUser, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, getTrailerFields, getUserPrincipal, isRequestedSessionIdFromCookie, isRequestedSessionIdFromURL, isRequestedSessionIdValid, isTrailerFieldsReady, isUserInRole, login, logout, newPushBuilder, upgrade

    Methods inherited from class jakarta.servlet.ServletRequestWrapper

    getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getProtocol, getProtocolRequestId, getReader, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getRequestId, getScheme, getServerName, getServerPort, getServletConnection, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

    Methods inherited from interface jakarta.servlet.ServletRequest

    getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getProtocol, getProtocolRequestId, getReader, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getRequestId, getScheme, getServerName, getServerPort, getServletConnection, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync

  • Constructor Details

    • SafeRequestWrapper

      public SafeRequestWrapper(jakarta.servlet.http.HttpServletRequest request)
      Create an XSS Safe HTTP Request Wrapper.
      Parameters:
      request - the underlying HTTP request

    • SafeRequestWrapper

      public SafeRequestWrapper(jakarta.servlet.http.HttpServletRequest request, String callingService)
      Create an XSS Safe HTTP Request Wrapper.
      Parameters:
      request - the underlying HTTP request
      callingService - the calling service
      Since:
      4.1.0

  • Method Details

    • getParameter

      public String getParameter(String name)
      Specified by:
      getParameter in interface jakarta.servlet.ServletRequest
      Overrides:
      getParameter in class jakarta.servlet.ServletRequestWrapper
      Parameters:
      name - the request parameter name
      Returns:
      the XSS safe request parameter value
      See Also:
      • ServletRequestWrapper.getParameter(java.lang.String)

    • getParameterMap

      public Map getParameterMap()
      Specified by:
      getParameterMap in interface jakarta.servlet.ServletRequest
      Overrides:
      getParameterMap in class jakarta.servlet.ServletRequestWrapper
      Returns:
      a Map of XSS safe request parameters
      See Also:
      • ServletRequestWrapper.getParameterMap()

    • getParameterNames

      public Enumeration getParameterNames()
      Specified by:
      getParameterNames in interface jakarta.servlet.ServletRequest
      Overrides:
      getParameterNames in class jakarta.servlet.ServletRequestWrapper
      Returns:
      an XSS safe request parameter names enumeration
      See Also:
      • ServletRequestWrapper.getParameterNames()

    • getParameterValues

      public String[] getParameterValues(String name)
      Specified by:
      getParameterValues in interface jakarta.servlet.ServletRequest
      Overrides:
      getParameterValues in class jakarta.servlet.ServletRequestWrapper
      Parameters:
      name - the request parameter name
      Returns:
      an XSS safe request parameter values array
      See Also:
      • ServletRequestWrapper.getParameterValues(java.lang.String)

    • toString

      public String toString()
      Overrides:
      toString in class Object
      Returns:
      string representation of this object