@InterfaceAudience.Public public class RestCsrfPreventionFilter extends Object implements javax.servlet.Filter
Modifier and Type | Class and Description |
---|---|
static interface |
RestCsrfPreventionFilter.HttpInteraction
Defines the minimal API requirements for the filter to execute its
filtering logic.
|
private static class |
RestCsrfPreventionFilter.ServletFilterHttpInteraction
RestCsrfPreventionFilter.HttpInteraction implementation for use in the servlet filter. |
Modifier and Type | Field and Description |
---|---|
static String |
BROWSER_USER_AGENT_PARAM |
(package private) static String |
BROWSER_USER_AGENTS_DEFAULT |
private Set<Pattern> |
browserUserAgents |
static String |
CUSTOM_HEADER_PARAM |
static String |
CUSTOM_METHODS_TO_IGNORE_PARAM |
static String |
HEADER_DEFAULT |
static String |
HEADER_USER_AGENT |
private String |
headerName |
private static org.slf4j.Logger |
LOG |
(package private) static String |
METHODS_TO_IGNORE_DEFAULT |
private Set<String> |
methodsToIgnore |
Constructor and Description |
---|
RestCsrfPreventionFilter() |
Modifier and Type | Method and Description |
---|---|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain) |
static Map<String,String> |
getFilterParams(org.apache.hadoop.conf.Configuration conf,
String confPrefix)
Constructs a mapping of configuration properties to be used for filter
initialization.
|
void |
handleHttpInteraction(RestCsrfPreventionFilter.HttpInteraction httpInteraction)
Handles an
RestCsrfPreventionFilter.HttpInteraction by applying the filtering logic. |
void |
init(javax.servlet.FilterConfig filterConfig) |
protected boolean |
isBrowser(String userAgent)
This method interrogates the User-Agent String and returns whether it
refers to a browser.
|
(package private) void |
parseBrowserUserAgents(String userAgents) |
(package private) void |
parseMethodsToIgnore(String mti) |
private static final org.slf4j.Logger LOG
public static final String HEADER_USER_AGENT
public static final String BROWSER_USER_AGENT_PARAM
public static final String CUSTOM_HEADER_PARAM
public static final String CUSTOM_METHODS_TO_IGNORE_PARAM
static final String BROWSER_USER_AGENTS_DEFAULT
public static final String HEADER_DEFAULT
static final String METHODS_TO_IGNORE_DEFAULT
private String headerName
private Set<String> methodsToIgnore
private Set<Pattern> browserUserAgents
public RestCsrfPreventionFilter()
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
init
in interface javax.servlet.Filter
javax.servlet.ServletException
void parseBrowserUserAgents(String userAgents)
void parseMethodsToIgnore(String mti)
protected boolean isBrowser(String userAgent)
A User-Agent String is considered to be a browser if it matches any of the regex patterns from browser-useragent-regex; the default behavior is to consider everything a browser that matches the following: "^Mozilla.*,^Opera.*". Subclasses can optionally override this method to use different behavior.
userAgent
- The User-Agent String, or null if there isn't onepublic void handleHttpInteraction(RestCsrfPreventionFilter.HttpInteraction httpInteraction) throws IOException, javax.servlet.ServletException
RestCsrfPreventionFilter.HttpInteraction
by applying the filtering logic.httpInteraction
- caller's HTTP interactionIOException
- if there is an I/O errorjavax.servlet.ServletException
- if the implementation relies on the servlet API
and a servlet API call has failedpublic void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
IOException
javax.servlet.ServletException
public void destroy()
destroy
in interface javax.servlet.Filter
public static Map<String,String> getFilterParams(org.apache.hadoop.conf.Configuration conf, String confPrefix)
conf
- configuration to readconfPrefix
- configuration prefixCopyright © 2007–2019 The Apache Software Foundation. All rights reserved.