Package com.microstrategy.web.filter
Class RedirectResponseFilter
- java.lang.Object
-
- com.microstrategy.web.filter.RedirectResponseFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
public class RedirectResponseFilter extends java.lang.Object implements javax.servlet.Filter
Centralized configuration of http response to avoid security issues. Fix: CWE-601 : URL Redirection to Untrusted Site ('Open Redirect') To enable this filter, add (if not already) the following<filter>
declaration toWEB-INF/web.xml
:<web-app ...> ... <filter> <filter-name>redirectResponseFilter</filter-name> <filter-class>com.microstrategy.web.filter.RedirectResponseFilter</filter-class> <init-param> <param-name>allowedProtocols</param-name> <param-value></param-value> </init-param> <init-param> <param-name>domains</param-name> <param-value></param-value> </init-param> </filter> <filter-mapping> <filter-name>redirectResponseFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
RedirectResponseFilter.RedirectResponseWrapper
-
Constructor Summary
Constructors Constructor Description RedirectResponseFilter()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
destroy()
void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
static java.lang.String[]
getDomains()
static boolean
getEnableURLWhiteList()
static java.lang.String[]
getProtocols()
void
init(javax.servlet.FilterConfig filterConfig)
static void
setDomains(java.lang.String[] domains)
static void
setEnableURLWhiteList(boolean isWhiteList)
Configures enableURLWhiteList attribute for Crlf Response tracking.static void
setProtocols(java.lang.String[] protocols)
-
-
-
Method Detail
-
init
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
- Specified by:
init
in interfacejavax.servlet.Filter
- Throws:
javax.servlet.ServletException
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
- Specified by:
doFilter
in interfacejavax.servlet.Filter
- Throws:
java.io.IOException
javax.servlet.ServletException
-
destroy
public void destroy()
- Specified by:
destroy
in interfacejavax.servlet.Filter
-
setEnableURLWhiteList
public static void setEnableURLWhiteList(boolean isWhiteList)
Configures enableURLWhiteList attribute for Crlf Response tracking.- Parameters:
isWhiteList
- whether to firewall CRLF
-
getEnableURLWhiteList
public static boolean getEnableURLWhiteList()
-
getProtocols
public static java.lang.String[] getProtocols()
-
setProtocols
public static void setProtocols(java.lang.String[] protocols)
-
getDomains
public static java.lang.String[] getDomains()
-
setDomains
public static void setDomains(java.lang.String[] domains)
-
-