CsrfPreventionFilterBase (Apache Tomcat 9.0.87.redhat-00013 API Documentation)

java.lang.Object
- org.apache.catalina.filters.FilterBase
- - org.apache.catalina.filters.CsrfPreventionFilterBase

All Implemented Interfaces:

Filter

Direct Known Subclasses:

CsrfPreventionFilter, RestCsrfPreventionFilter
```
public abstract class CsrfPreventionFilterBase
extends FilterBase
```

Field Summary
- Fields inherited from class org.apache.catalina.filters.FilterBase
  sm

Constructor Summary

Constructors
Constructor and Description

CsrfPreventionFilterBase()

Constructors
Constructor and Description
`CsrfPreventionFilterBase()`

Method Summary

All Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`protected java.lang.String`	`generateNonce()` Deprecated. Use `generateNonce(HttpServletRequest)` instead. This method will be removed in Apache Tomcat 10.1.x onwards.
`protected java.lang.String`	`generateNonce(HttpServletRequest request)` Generate a once time token (nonce) for authenticating subsequent requests.
`int`	`getDenyStatus()`
`protected Log`	`getLogger()`
`protected java.lang.String`	`getRequestedPath(HttpServletRequest request)`
`void`	`init(FilterConfig filterConfig)` Iterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.
`protected boolean`	`isConfigProblemFatal()` Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.
`void`	`setDenyStatus(int denyStatus)` Set response status code that is used to reject denied request.
`void`	`setRandomClass(java.lang.String randomClass)` Specify the class to use to generate the nonces.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.servlet.Filter
destroy, doFilter

- Constructor Detail
  - CsrfPreventionFilterBase
```
public CsrfPreventionFilterBase()
```
- Method Detail
  - getLogger
```
protected Log getLogger()
```
    Specified by:
    
    getLogger in class FilterBase
  - getDenyStatus
```
public int getDenyStatus()
```
    Returns:
    
    response status code that is used to reject denied request.
  - setDenyStatus
```
public void setDenyStatus(int denyStatus)
```
    Set response status code that is used to reject denied request. If none set, the default value of 403 will be used.
    
    Parameters:
    
    denyStatus - HTTP status code
  - setRandomClass
```
public void setRandomClass(java.lang.String randomClass)
```
    Specify the class to use to generate the nonces. Must be in instance of Random.
    
    Parameters:
    
    randomClass - The name of the class to use
  - init
```
public void init(FilterConfig filterConfig)
          throws ServletException
```
    Description copied from class: FilterBase
    
    Iterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.
    
    Specified by:
    
    init in interface Filter
    
    Overrides:
    
    init in class FilterBase
    
    Parameters:
    
    filterConfig - The configuration information associated with the filter instance being initialised
    
    Throws:
    
    ServletException - if FilterBase.isConfigProblemFatal() returns true and a configured parameter does not have a matching setter
  - isConfigProblemFatal
```
protected boolean isConfigProblemFatal()
```
    Description copied from class: FilterBase
    
    Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.
    
    Overrides:
    
    isConfigProblemFatal in class FilterBase
    
    Returns:
    
    true if a problem should trigger the failure of this filter, else false
  - generateNonce
```
protected java.lang.String generateNonce(HttpServletRequest request)
```
    Generate a once time token (nonce) for authenticating subsequent requests. The nonce generation is a simplified version of ManagerBase.generateSessionId().
    
    Parameters:
    
    request - The request. Unused in this method but present for the the benefit of sub-classes.
    
    Returns:
    
    the generated nonce
  - generateNonce
```
@Deprecated
protected java.lang.String generateNonce()
```
    Deprecated. Use generateNonce(HttpServletRequest) instead. This method will be removed in Apache Tomcat 10.1.x onwards.
    
    Generate a once time token (nonce) for authenticating subsequent requests. The nonce generation is a simplified version of ManagerBase.generateSessionId().
    
    Returns:
    
    the generated nonce
  - getRequestedPath
```
protected java.lang.String getRequestedPath(HttpServletRequest request)
```

Copyright © 2000-2024 Apache Software Foundation.
Apache Tomcat, Tomcat, Apache, the Apache Tomcat logo and the Apache logo are either registered trademarks or trademarks of the Apache Software Foundation.

Class CsrfPreventionFilterBase

Field Summary

Fields inherited from class org.apache.catalina.filters.FilterBase

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Methods inherited from interface javax.servlet.Filter

Constructor Detail

CsrfPreventionFilterBase

Method Detail

getLogger

getDenyStatus

setDenyStatus

setRandomClass

init

isConfigProblemFatal

generateNonce

generateNonce

getRequestedPath