1 package com.atlassian.core.filters;
2
3 import java.io.IOException;
4 import javax.servlet.FilterChain;
5 import javax.servlet.FilterConfig;
6 import javax.servlet.ServletException;
7 import javax.servlet.ServletRequest;
8 import javax.servlet.ServletResponse;
9 import javax.servlet.http.HttpServletRequest;
10 import javax.servlet.http.HttpServletResponse;
11
12
13
14
15
16
17
18
19 public class HeaderSanitisingFilter extends AbstractFilter
20 {
21 static final String ALREADY_FILTERED = HeaderSanitisingFilter.class.getName() + "_already_filtered";
22
23 public void init(FilterConfig filterConfig) throws ServletException
24 {
25 super.init(filterConfig);
26 }
27
28 public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException
29 {
30 if (req.getAttribute(ALREADY_FILTERED) != null)
31 {
32 chain.doFilter(req, res);
33 return;
34 }
35 else
36 {
37 req.setAttribute(ALREADY_FILTERED, Boolean.TRUE);
38 }
39
40 if (req instanceof HttpServletRequest)
41 {
42 res = new HeaderSanitisingResponseWrapper((HttpServletResponse) res);
43 }
44 chain.doFilter(req, res);
45 }
46 }