Package com.microstrategy.web.filter
Class RedirectResponseFilter
- java.lang.Object
-
- com.microstrategy.web.filter.RedirectResponseFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
public class RedirectResponseFilter extends java.lang.Object implements javax.servlet.FilterCentralized configuration of http response to avoid security issues. Fix: CWE-601 : URL Redirection to Untrusted Site ('Open Redirect') To enable this filter, add (if not already) the following<filter>declaration toWEB-INF/web.xml:<web-app ...> ... <filter> <filter-name>redirectResponseFilter</filter-name> <filter-class>com.microstrategy.web.filter.RedirectResponseFilter</filter-class> <init-param> <param-name>allowedProtocols</param-name> <param-value></param-value> </init-param> <init-param> <param-name>domains</param-name> <param-value></param-value> </init-param> </filter> <filter-mapping> <filter-name>redirectResponseFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classRedirectResponseFilter.RedirectResponseWrapper
-
Constructor Summary
Constructors Constructor Description RedirectResponseFilter()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description voiddestroy()voiddoFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)static java.lang.String[]getDomains()static booleangetEnableURLWhiteList()static java.lang.String[]getProtocols()voidinit(javax.servlet.FilterConfig filterConfig)static voidsetDomains(java.lang.String[] domains)static voidsetEnableURLWhiteList(boolean isWhiteList)Configures enableURLWhiteList attribute for Crlf Response tracking.static voidsetProtocols(java.lang.String[] protocols)
-
-
-
Method Detail
-
init
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException- Specified by:
initin interfacejavax.servlet.Filter- Throws:
javax.servlet.ServletException
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException- Specified by:
doFilterin interfacejavax.servlet.Filter- Throws:
java.io.IOExceptionjavax.servlet.ServletException
-
destroy
public void destroy()
- Specified by:
destroyin interfacejavax.servlet.Filter
-
setEnableURLWhiteList
public static void setEnableURLWhiteList(boolean isWhiteList)
Configures enableURLWhiteList attribute for Crlf Response tracking.- Parameters:
isWhiteList- whether to firewall CRLF
-
getEnableURLWhiteList
public static boolean getEnableURLWhiteList()
-
getProtocols
public static java.lang.String[] getProtocols()
-
setProtocols
public static void setProtocols(java.lang.String[] protocols)
-
getDomains
public static java.lang.String[] getDomains()
-
setDomains
public static void setDomains(java.lang.String[] domains)
-
-