org.apache.shiro.web.filter.InvalidRequestFilter

All Implemented Interfaces:: javax.servlet.Filter, org.apache.shiro.lang.util.Nameable, PathConfigProcessor

public class InvalidRequestFilter extends AccessControlFilter

Field Summary

Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD

Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
Constructor Summary

Constructors

Constructor

Description

InvalidRequestFilter()
Method Summary

Modifier and Type

Method

Description

protected boolean

isAccessAllowed(javax.servlet.ServletRequest req, javax.servlet.ServletResponse response, Object mappedValue)

Returns true if the request is allowed to proceed through the filter normally, or false if the request should be handled by the onAccessDenied(request,response,mappedValue) method instead.

boolean

isBlockBackslash()

boolean

isBlockEncodedForwardSlash()

boolean

isBlockEncodedPeriod()

boolean

isBlockNonAscii()

boolean

isBlockRewriteTraversal()

boolean

isBlockSemicolon()

boolean

isBlockTraversal()

protected boolean

onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)

Processes requests where the subject was denied access as determined by the isAccessAllowed method.

void

setBlockBackslash(boolean blockBackslash)

void

setBlockEncodedForwardSlash(boolean blockEncodedForwardSlash)

void

setBlockEncodedPeriod(boolean blockEncodedPeriod)

void

setBlockNonAscii(boolean blockNonAscii)

void

setBlockRewriteTraversal(boolean blockRewriteTraversal)

void

setBlockSemicolon(boolean blockSemicolon)

void

setBlockTraversal(boolean blockTraversal)

Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl

Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, isFilterOncePerRequest, setEnabled, setFilterOncePerRequest, shouldNotFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Details
- InvalidRequestFilter
  
  public InvalidRequestFilter()
Method Details
- isAccessAllowed
  
  protected boolean isAccessAllowed(javax.servlet.ServletRequest req, javax.servlet.ServletResponse response, Object mappedValue) throws Exception
  
  Description copied from class: AccessControlFilter
  
  Returns true if the request is allowed to proceed through the filter normally, or false if the request should be handled by the onAccessDenied(request,response,mappedValue) method instead.
  
  Specified by:
  
  isAccessAllowed in class AccessControlFilter
  
  Parameters:
  
  req - the incoming ServletRequest
  
  response - the outgoing ServletResponse
  
  mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
  
  Returns:
  
  true if the request should proceed through the filter normally, false if the request should be processed by this filter's AccessControlFilter.onAccessDenied(ServletRequest, ServletResponse, Object) method instead.
  
  Throws:
  
  Exception - if an error occurs during processing.
- onAccessDenied
  
  protected boolean onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws Exception
  
  Description copied from class: AccessControlFilter
  
  Processes requests where the subject was denied access as determined by the isAccessAllowed method.
  
  Specified by:
  
  onAccessDenied in class AccessControlFilter
  
  Parameters:
  
  request - the incoming ServletRequest
  
  response - the outgoing ServletResponse
  
  Returns:
  
  true if the request should continue to be processed; false if the subclass will handle/render the response directly.
  
  Throws:
  
  Exception - if there is an error processing the request.
- isBlockSemicolon
  
  public boolean isBlockSemicolon()
- setBlockSemicolon
  
  public void setBlockSemicolon(boolean blockSemicolon)
- isBlockBackslash
  
  public boolean isBlockBackslash()
- setBlockBackslash
  
  public void setBlockBackslash(boolean blockBackslash)
- isBlockNonAscii
  
  public boolean isBlockNonAscii()
- setBlockNonAscii
  
  public void setBlockNonAscii(boolean blockNonAscii)
- isBlockTraversal
  
  public boolean isBlockTraversal()
- setBlockTraversal
  
  public void setBlockTraversal(boolean blockTraversal)
- isBlockEncodedPeriod
  
  public boolean isBlockEncodedPeriod()
- setBlockEncodedPeriod
  
  public void setBlockEncodedPeriod(boolean blockEncodedPeriod)
- isBlockEncodedForwardSlash
  
  public boolean isBlockEncodedForwardSlash()
- setBlockEncodedForwardSlash
  
  public void setBlockEncodedForwardSlash(boolean blockEncodedForwardSlash)
- isBlockRewriteTraversal
  
  public boolean isBlockRewriteTraversal()
- setBlockRewriteTraversal
  
  public void setBlockRewriteTraversal(boolean blockRewriteTraversal)

Class InvalidRequestFilter

Field Summary

Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter

Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

Constructor Summary

Method Summary

Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter

Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

Methods inherited from class java.lang.Object

Constructor Details

InvalidRequestFilter

Method Details

isAccessAllowed

onAccessDenied

isBlockSemicolon

setBlockSemicolon

isBlockBackslash

setBlockBackslash

isBlockNonAscii

setBlockNonAscii

isBlockTraversal

setBlockTraversal

isBlockEncodedPeriod

setBlockEncodedPeriod

isBlockEncodedForwardSlash

setBlockEncodedForwardSlash

isBlockRewriteTraversal

setBlockRewriteTraversal