Package org.apache.catalina.filters

Class HttpHeaderSecurityFilter

java.lang.Object

org.apache.catalina.filters.FilterBase

org.apache.catalina.filters.HttpHeaderSecurityFilter

public class HttpHeaderSecurityFilter
extends FilterBase

Provides a single configuration point for security measures that required the addition of one or more HTTP headers to the response.

Field Summary

Fields inherited from class org.apache.catalina.filters.FilterBase

sm

Constructor Summary

Constructors

Constructor	Description
HttpHeaderSecurityFilter()

Method Summary

Modifier and Type	Method	Description
void	doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
java.lang.String	getAntiClickJackingOption()
java.lang.String	getAntiClickJackingUri()
int	getHstsMaxAgeSeconds()
protected Log	getLogger()
void	init(javax.servlet.FilterConfig filterConfig)	Iterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.
boolean	isAntiClickJackingEnabled()
boolean	isBlockContentTypeSniffingEnabled()
protected boolean	isConfigProblemFatal()	Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.
boolean	isHstsEnabled()
boolean	isHstsIncludeSubDomains()
boolean	isHstsPreload()
boolean	isXssProtectionEnabled()
void	setAntiClickJackingEnabled(boolean antiClickJackingEnabled)
void	setAntiClickJackingOption(java.lang.String antiClickJackingOption)
void	setAntiClickJackingUri(java.lang.String antiClickJackingUri)
void	setBlockContentTypeSniffingEnabled(boolean blockContentTypeSniffingEnabled)
void	setHstsEnabled(boolean hstsEnabled)
void	setHstsIncludeSubDomains(boolean hstsIncludeSubDomains)
void	setHstsMaxAgeSeconds(int hstsMaxAgeSeconds)
void	setHstsPreload(boolean hstsPreload)
void	setXssProtectionEnabled(boolean xssProtectionEnabled)

Methods inherited from interface javax.servlet.Filter

destroy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HttpHeaderSecurityFilter

public HttpHeaderSecurityFilter()

Method Detail

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Description copied from class: FilterBase

Iterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.

Overrides:

init in class FilterBase

Parameters:

filterConfig - The configuration information associated with the filter instance being initialised

Throws:

javax.servlet.ServletException - if FilterBase.isConfigProblemFatal() returns true and a configured parameter does not have a matching setter

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException

Throws:

java.io.IOException

javax.servlet.ServletException

getLogger

protected Log getLogger()

Specified by:

getLogger in class FilterBase

isConfigProblemFatal

protected boolean isConfigProblemFatal()

Description copied from class: FilterBase

Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.

Overrides:

isConfigProblemFatal in class FilterBase

Returns:

true if a problem should trigger the failure of this filter, else false

isHstsEnabled

public boolean isHstsEnabled()

setHstsEnabled

public void setHstsEnabled(boolean hstsEnabled)

getHstsMaxAgeSeconds

public int getHstsMaxAgeSeconds()

setHstsMaxAgeSeconds

public void setHstsMaxAgeSeconds(int hstsMaxAgeSeconds)

isHstsIncludeSubDomains

public boolean isHstsIncludeSubDomains()

setHstsIncludeSubDomains

public void setHstsIncludeSubDomains(boolean hstsIncludeSubDomains)

isHstsPreload

public boolean isHstsPreload()

setHstsPreload

public void setHstsPreload(boolean hstsPreload)

isAntiClickJackingEnabled

public boolean isAntiClickJackingEnabled()

setAntiClickJackingEnabled

public void setAntiClickJackingEnabled(boolean antiClickJackingEnabled)

getAntiClickJackingOption

public java.lang.String getAntiClickJackingOption()

setAntiClickJackingOption

public void setAntiClickJackingOption(java.lang.String antiClickJackingOption)

getAntiClickJackingUri

public java.lang.String getAntiClickJackingUri()

isBlockContentTypeSniffingEnabled

public boolean isBlockContentTypeSniffingEnabled()

setBlockContentTypeSniffingEnabled

public void setBlockContentTypeSniffingEnabled(boolean blockContentTypeSniffingEnabled)

setAntiClickJackingUri

public void setAntiClickJackingUri(java.lang.String antiClickJackingUri)

isXssProtectionEnabled

public boolean isXssProtectionEnabled()

setXssProtectionEnabled

public void setXssProtectionEnabled(boolean xssProtectionEnabled)