HeaderSanitisingResponseWrapper (Atlassian Core 4.6.20 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.atlassian.core.filters
Class HeaderSanitisingResponseWrapper

java.lang.Object
  javax.servlet.ServletResponseWrapper
      javax.servlet.http.HttpServletResponseWrapper
          com.atlassian.core.filters.HeaderSanitisingResponseWrapper

All Implemented Interfaces:: javax.servlet.http.HttpServletResponse, javax.servlet.ServletResponse

public class HeaderSanitisingResponseWrapper
extends javax.servlet.http.HttpServletResponseWrapper
extends javax.servlet.http.HttpServletResponseWrapper

A wrapper for a HttpServletResponse that sanitises all mutations to the header of the response to ensure that no suspect values are being written. The protocol for sanitising header values is essentially to replace any encountered carriage return or new line characters with a single space.

Since:: v4.2

Field Summary

Fields inherited from interface javax.servlet.http.HttpServletResponse
SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY

Fields inherited from interface javax.servlet.http.HttpServletResponse

SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY

Constructor Summary
`HeaderSanitisingResponseWrapper(javax.servlet.http.HttpServletResponse httpServletResponse)`

Method Summary
`void`	`addCookie(javax.servlet.http.Cookie cookie)` Sanitises cookie value before adding it to the response.
`void`	`addDateHeader(String name, long value)`
`void`	`addHeader(String name, String value)`
`void`	`addIntHeader(String name, int value)`
`void`	`sendError(int code, String message)`
`void`	`sendRedirect(String location)`
`void`	`setContentType(String contentType)`
`void`	`setDateHeader(String name, long value)`
`void`	`setHeader(String name, String value)`
`void`	`setIntHeader(String name, int value)`
`void`	`setStatus(int code, String status)`

Methods inherited from class javax.servlet.http.HttpServletResponseWrapper
`containsHeader, encodeRedirectUrl, encodeRedirectURL, encodeUrl, encodeURL, sendError, setStatus`

Methods inherited from class javax.servlet.ServletResponseWrapper
`flushBuffer, getBufferSize, getCharacterEncoding, getLocale, getOutputStream, getResponse, getWriter, isCommitted, reset, resetBuffer, setBufferSize, setContentLength, setLocale, setResponse`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Methods inherited from interface javax.servlet.ServletResponse
`flushBuffer, getBufferSize, getCharacterEncoding, getLocale, getOutputStream, getWriter, isCommitted, reset, resetBuffer, setBufferSize, setContentLength, setLocale`

Constructor Detail

HeaderSanitisingResponseWrapper

public HeaderSanitisingResponseWrapper(javax.servlet.http.HttpServletResponse httpServletResponse)

Method Detail

addCookie

public void addCookie(javax.servlet.http.Cookie cookie)

Sanitises cookie value before adding it to the response. Note that cookie names are immutable and so cannot be sanitised here.

Specified by:: addCookie in interface javax.servlet.http.HttpServletResponse
Overrides:: addCookie in class javax.servlet.http.HttpServletResponseWrapper

Parameters:: cookie - the cookie to add to the header.

setContentType

public void setContentType(String contentType)

Specified by:: setContentType in interface javax.servlet.ServletResponse
Overrides:: setContentType in class javax.servlet.ServletResponseWrapper

setDateHeader

public void setDateHeader(String name,
                          long value)

Specified by:: setDateHeader in interface javax.servlet.http.HttpServletResponse
Overrides:: setDateHeader in class javax.servlet.http.HttpServletResponseWrapper

addDateHeader

public void addDateHeader(String name,
                          long value)

Specified by:: addDateHeader in interface javax.servlet.http.HttpServletResponse
Overrides:: addDateHeader in class javax.servlet.http.HttpServletResponseWrapper

setHeader

public void setHeader(String name,
                      String value)

Specified by:: setHeader in interface javax.servlet.http.HttpServletResponse
Overrides:: setHeader in class javax.servlet.http.HttpServletResponseWrapper

addHeader

public void addHeader(String name,
                      String value)

Specified by:: addHeader in interface javax.servlet.http.HttpServletResponse
Overrides:: addHeader in class javax.servlet.http.HttpServletResponseWrapper

setIntHeader

public void setIntHeader(String name,
                         int value)

Specified by:: setIntHeader in interface javax.servlet.http.HttpServletResponse
Overrides:: setIntHeader in class javax.servlet.http.HttpServletResponseWrapper

addIntHeader

public void addIntHeader(String name,
                         int value)

Specified by:: addIntHeader in interface javax.servlet.http.HttpServletResponse
Overrides:: addIntHeader in class javax.servlet.http.HttpServletResponseWrapper

sendRedirect

public void sendRedirect(String location)
                  throws IOException

Specified by:: sendRedirect in interface javax.servlet.http.HttpServletResponse
Overrides:: sendRedirect in class javax.servlet.http.HttpServletResponseWrapper

Throws:: IOException

sendError

public void sendError(int code,
                      String message)
               throws IOException

Specified by:: sendError in interface javax.servlet.http.HttpServletResponse
Overrides:: sendError in class javax.servlet.http.HttpServletResponseWrapper

Throws:: IOException

setStatus

public void setStatus(int code,
                      String status)

Specified by:: setStatus in interface javax.servlet.http.HttpServletResponse
Overrides:: setStatus in class javax.servlet.http.HttpServletResponseWrapper