This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Category:OWASP J2EE Filters Project/AllowedHeadersOnly
From OWASP
Overview
Source Code
import java.io.IOException; import java.util.Enumeration; import java.util.HashMap; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; /** * Servlet filter class. */ public class AllowedHeadersOnlyFilter implements Filter { private HashMap map = new HashMap(); /** * Called by the web container to indicate to a filter that it is being * placed into service. The servlet container calls the init method exactly * once after instantiating the filter. The init method must complete * successfully before the filter is asked to do any filtering work. * * @param filterConfig * configuration object */ public void init(FilterConfig filterConfig) { Enumeration e = filterConfig.getInitParameterNames(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); String value = filterConfig.getInitParameter(name); map.put(name, value); } } /** * The doFilter method of the Filter is called by the container each time a * request/response pair is passed through the chain due to a client request * for a resource at the end of the chain. The FilterChain passed in to this * method allows the Filter to pass on the request and response to the next * entity in the chain. * * @param request * Request object to be processed * @param response * Response object * @param chain * current FilterChain * @exception IOException * if any occurs * @throws ServletException */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { chain.doFilter(request, response); //FIXME: parse headers here } /** * Called by the web container to indicate to a filter that it is being * taken out of service. This method is only called once all threads within * the filter's doFilter method have exited or after a timeout period has * passed. After the web container calls this method, it will not call the * doFilter method again on this instance of the filter. */ public void destroy() { // finalize } }
Project Sponsor
The OWASP J2EE Filters Project is sponsored by
This category currently contains no pages or media.