Package no.nsd.qddt.configuration

Class AnnotatingHttpFirewall

  • All Implemented Interfaces:
    org.springframework.security.web.firewall.HttpFirewall
    public final class AnnotatingHttpFirewall
extends org.springframework.security.web.firewall.StrictHttpFirewall
    Overrides the StrictHttpFirewall to log some useful information about blocked requests.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String HTTP_HEADER_REQUEST_REJECTED
      The name of the HTTP header representing a request that has been rejected by this firewall.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      org.springframework.security.web.firewall.FirewalledRequest getFirewalledRequest​(javax.servlet.http.HttpServletRequest request)
      Provides the request object which will be passed through the filter chain.
      javax.servlet.http.HttpServletResponse getFirewalledResponse​(javax.servlet.http.HttpServletResponse response)
      Provides the response which will be passed through the filter chain.

      • Methods inherited from class org.springframework.security.web.firewall.StrictHttpFirewall

        setAllowBackSlash, setAllowSemicolon, setAllowUrlEncodedPercent, setAllowUrlEncodedPeriod, setAllowUrlEncodedSlash

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • HTTP_HEADER_REQUEST_REJECTED

        public static final java.lang.String HTTP_HEADER_REQUEST_REJECTED
        The name of the HTTP header representing a request that has been rejected by this firewall.
        See Also:
        Constant Field Values

    • Constructor Detail

      • AnnotatingHttpFirewall

        public AnnotatingHttpFirewall()
        Default constructor.

    • Method Detail

      • getFirewalledRequest

        public org.springframework.security.web.firewall.FirewalledRequest getFirewalledRequest​(javax.servlet.http.HttpServletRequest request)
                                                                                 throws org.springframework.security.web.firewall.RequestRejectedException
        Provides the request object which will be passed through the filter chain.
        Specified by:
        getFirewalledRequest in interface org.springframework.security.web.firewall.HttpFirewall
        Overrides:
        getFirewalledRequest in class org.springframework.security.web.firewall.StrictHttpFirewall
        Throws:
        org.springframework.security.web.firewall.RequestRejectedException - if the request should be rejected immediately.

      • getFirewalledResponse

        public javax.servlet.http.HttpServletResponse getFirewalledResponse​(javax.servlet.http.HttpServletResponse response)
        Provides the response which will be passed through the filter chain. This method isn't extensible because the request may already be committed. Furthermore, this is only invoked for requests that were not blocked, so we can't control the status or response for blocked requests here.
        Specified by:
        getFirewalledResponse in interface org.springframework.security.web.firewall.HttpFirewall
        Overrides:
        getFirewalledResponse in class org.springframework.security.web.firewall.StrictHttpFirewall
        Parameters:
        response - The original HttpServletResponse.
        Returns:
        the original response or a replacement/wrapper.