Package org.eclnt.jsfserver.util
Class SecurityFilterGeneral
java.lang.Object
org.eclnt.jsfserver.util.CCFilterBase
org.eclnt.jsfserver.util.SecurityFilterGeneral
- All Implemented Interfaces:
javax.servlet.Filter,ICCServerConstants
public class SecurityFilterGeneral
extends CCFilterBase
implements javax.servlet.Filter, ICCServerConstants
Filter checking the availability of a client side cookie holding
a unique key that is required for all request response activities
to prevent accessing internal functions with a hijacked session id.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interfaceExtension that you might add to this filter. -
Field Summary
Fields inherited from interface org.eclnt.jsfserver.util.ICCServerConstants
CLIENTDEVICETYPE_DESKTOP, CLIENTDEVICETYPE_MOBILE, CLIENTJAVATYPE_FX, CLIENTJAVATYPE_SWING, CLIENTTYPE_APPLET, CLIENTTYPE_APPLICATION, CLIENTTYPE_BROWSER, CLIENTTYPE_RISC, CLIENTTYPE_UI5, CLIENTTYPE_WEBSTART, EXPLICIT_EMPTY, EXPLICIT_NULL, FOCUSSEQUENCE_FIX_PREFIX, HEADER_ATTRIBUTE_CLIENT, HEADER_ATTRIBUTE_CLIENTJAVATYPE, HEADER_ATTRIBUTE_COOKIESENABLED, HEADER_ATTRIBUTE_COUNTRY, HEADER_ATTRIBUTE_DEVICESCREENHEIGHT, HEADER_ATTRIBUTE_DEVICESCREENWIDTH, HEADER_ATTRIBUTE_DEVICETYPE, HEADER_ATTRIBUTE_LANGUAGE, HEADER_ATTRIBUTE_MEDIADEVICES, HEADER_ATTRIBUTE_ORIGINALURL, HEADER_ATTRIBUTE_PERFORMANCEDATA, HEADER_ATTRIBUTE_REQUESTID, HEADER_ATTRIBUTE_TIMEZONEOFFSET, HEADER_ATTRIBUTE_USERAGENT, HEADER_ATTRIBUTE_XFRAMEOPTIONS, HEADER_RESPONSE_ATTRIBUTE_HTTPSESSIONID, HEADER_RESPONSE_ATTRIBUTE_HTTPSESSIONREFERENCEURL, HEADER_RESPONSE_ATTRIBUTE_HTTPSESSIONTRACKINGMODE, HEADER_RESPONSE_ATTRIBUTE_OVERRIDE, HEADER_RESPONSE_ATTRIBUTE_RELOAD, HEADER_RESPONSE_ATTRIBUTE_STYLE, INPUTMASK_VALUEMODE_WITHMASK, INPUTMASK_VALUEMODE_WITHOUTMASK, LAYOUTEXTENSION_JSP, LAYOUTEXTENSION_XML, LITERAL_LINK_PREFIX, LITERAL_TEMP_PREFIX, QP_CCSTYLE, QP_KEEPDIALOGSESSION, QP_SUBPAGEID, SECURITY_ROLE_CCADMIN, SESSION_TRACKING_COOKIE, SESSION_TRACKING_URL, SIZE_UNDEFINED, TEXTPANE_CONTENTTYPE_HTML, TEXTPANE_CONTENTTYPE_PLAIN -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic voidAdds a filter extension.voiddestroy()voiddoFilterExecute(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) Deprecated.voidinit(javax.servlet.FilterConfig arg0) static voidmanageSecurityFilterDownloadCookie(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.http.HttpSession session) Central method for setting the client side cookie.static voidstatic voidDeprecated.Methods inherited from class org.eclnt.jsfserver.util.CCFilterBase
doFilterMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface javax.servlet.Filter
doFilter
-
Constructor Details
-
SecurityFilterGeneral
public SecurityFilterGeneral()
-
-
Method Details
-
init
public void init(javax.servlet.FilterConfig arg0) throws javax.servlet.ServletException - Specified by:
initin interfacejavax.servlet.Filter- Overrides:
initin classCCFilterBase- Throws:
javax.servlet.ServletException
-
doFilterExecute
public void doFilterExecute(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException - Specified by:
doFilterExecutein classCCFilterBase- Throws:
IOExceptionjavax.servlet.ServletException
-
destroy
public void destroy()- Specified by:
destroyin interfacejavax.servlet.Filter
-
setSecurityFilterExtension
@Deprecated public static void setSecurityFilterExtension(SecurityFilterGeneral.IExtension extension) Deprecated.Please useaddSecurityFilterExtension(IExtension). -
getSecurityFilterExtension
Deprecated. -
addSecurityFilterExtension
Adds a filter extension. In the extension you can allow the corresponding request to be processed without any further cross session check. The cross session check if NOT executed if one of the extensions does allow so. -
removeSecurityFilterExtension
-
manageSecurityFilterDownloadCookie
public static void manageSecurityFilterDownloadCookie(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.http.HttpSession session) Central method for setting the client side cookie. Called byThreadingFilterwith every request.- Parameters:
request- Faces request.
-