Package org.eclnt.jsfserver.util
Class SecurityFilterGeneral
java.lang.Object
org.eclnt.jsfserver.util.CCFilterBase
org.eclnt.jsfserver.util.SecurityFilterGeneral
- All Implemented Interfaces:
javax.servlet.Filter
,ICCServerConstants
public class SecurityFilterGeneral
extends CCFilterBase
implements javax.servlet.Filter, ICCServerConstants
Filter checking the availability of a client side cookie holding
a unique key that is required for all request response activities
to prevent accessing internal functions with a hijacked session id.
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic interface
Extension that you might add to this filter. -
Field Summary
Fields inherited from interface org.eclnt.jsfserver.util.ICCServerConstants
CLIENTJAVATYPE_FX, CLIENTJAVATYPE_SWING, CLIENTTYPE_APPLET, CLIENTTYPE_APPLICATION, CLIENTTYPE_BROWSER, CLIENTTYPE_RISC, CLIENTTYPE_UI5, CLIENTTYPE_WEBSTART, EXPLICIT_NULL, FOCUSSEQUENCE_FIX_PREFIX, HEADER_ATTRIBUTE_CLIENT, HEADER_ATTRIBUTE_CLIENTJAVATYPE, HEADER_ATTRIBUTE_COOKIESENABLED, HEADER_ATTRIBUTE_COUNTRY, HEADER_ATTRIBUTE_DEVICESCREENHEIGHT, HEADER_ATTRIBUTE_DEVICESCREENWIDTH, HEADER_ATTRIBUTE_DEVICETYPE, HEADER_ATTRIBUTE_LANGUAGE, HEADER_ATTRIBUTE_MEDIADEVICES, HEADER_ATTRIBUTE_ORIGINALURL, HEADER_ATTRIBUTE_PERFORMANCEDATA, HEADER_ATTRIBUTE_REQUESTID, HEADER_ATTRIBUTE_TIMEZONEOFFSET, HEADER_ATTRIBUTE_USERAGENT, HEADER_ATTRIBUTE_XFRAMEOPTIONS, HEADER_RESPONSE_ATTRIBUTE_HTTPSESSIONID, HEADER_RESPONSE_ATTRIBUTE_HTTPSESSIONREFERENCEURL, HEADER_RESPONSE_ATTRIBUTE_HTTPSESSIONTRACKINGMODE, HEADER_RESPONSE_ATTRIBUTE_OVERRIDE, HEADER_RESPONSE_ATTRIBUTE_RELOAD, HEADER_RESPONSE_ATTRIBUTE_STYLE, INPUTMASK_VALUEMODE_WITHMASK, INPUTMASK_VALUEMODE_WITHOUTMASK, LAYOUTEXTENSION_JSP, LAYOUTEXTENSION_XML, QP_CCSTYLE, QP_KEEPDIALOGSESSION, QP_SUBPAGEID, SECURITY_ROLE_CCADMIN, SESSION_TRACKING_COOKIE, SESSION_TRACKING_URL, TEXTPANE_CONTENTTYPE_HTML, TEXTPANE_CONTENTTYPE_PLAIN
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic void
Adds a filter extension.void
destroy()
void
doFilterExecute
(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) Deprecated.void
init
(javax.servlet.FilterConfig arg0) static void
manageSecurityFilterDownloadCookie
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.http.HttpSession session) Central method for setting the client side cookie.static void
static void
Deprecated.Methods inherited from class org.eclnt.jsfserver.util.CCFilterBase
doFilter
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface javax.servlet.Filter
doFilter
-
Constructor Details
-
SecurityFilterGeneral
public SecurityFilterGeneral()
-
-
Method Details
-
init
public void init(javax.servlet.FilterConfig arg0) throws javax.servlet.ServletException - Specified by:
init
in interfacejavax.servlet.Filter
- Overrides:
init
in classCCFilterBase
- Throws:
javax.servlet.ServletException
-
doFilterExecute
public void doFilterExecute(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException - Specified by:
doFilterExecute
in classCCFilterBase
- Throws:
IOException
javax.servlet.ServletException
-
destroy
public void destroy()- Specified by:
destroy
in interfacejavax.servlet.Filter
-
setSecurityFilterExtension
@Deprecated public static void setSecurityFilterExtension(SecurityFilterGeneral.IExtension extension) Deprecated.Please useaddSecurityFilterExtension(IExtension)
. -
getSecurityFilterExtension
Deprecated. -
addSecurityFilterExtension
Adds a filter extension. In the extension you can allow the corresponding request to be processed without any further cross session check. The cross session check if NOT executed if one of the extensions does allow so. -
removeSecurityFilterExtension
-
manageSecurityFilterDownloadCookie
public static void manageSecurityFilterDownloadCookie(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.http.HttpSession session) Central method for setting the client side cookie. Called byThreadingFilter
with every request.- Parameters:
request
- Faces request.
-