Package filter
Class RequestHeadersValidationFilter
java.lang.Object
filter.RequestHeadersValidationFilter
- All Implemented Interfaces:
javax.servlet.Filter
This filter validates Http request headers for security purpose.
Filter checks Origin, Referer, Content type and Ajax headers for preventing attacks.
- Author:
- TAMIL MUGHILAN
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoiddestroy()Cleans up resources when filter is destroyed.voiddoFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) Processes requests to validate HTTP headers.voidinit(javax.servlet.FilterConfig filterConfig) Initializes the filter when application starts.private booleanisAjaxRequest(javax.servlet.http.HttpServletRequest req) Checks if request is an AJAX request.private booleanisOpenPath(String path) Checks if the path is allowed without validation.private booleanisStaticResource(String path) private booleanvalidateAjaxHeaders(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) private booleanvalidateContentType(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) Validates the content type in the headers.private booleanvalidateOrigin(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) Validates Origin and Referer headers with the allowed origins.
-
Field Details
-
ALLOWED_ORIGINS
-
AJAX_HEADER
- See Also:
-
AJAX_HEADER_VALUE
- See Also:
-
-
Constructor Details
-
RequestHeadersValidationFilter
public RequestHeadersValidationFilter()
-
-
Method Details
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException Processes requests to validate HTTP headers. Blocks requests with invalid origins or headers.- Specified by:
doFilterin interfacejavax.servlet.Filter- Parameters:
request- the servlet requestresponse- the servlet responsechain- the filter chain- Throws:
IOException- if an I/O error occursjavax.servlet.ServletException- if a servlet error occurs
-
isOpenPath
Checks if the path is allowed without validation.- Parameters:
path- the request path- Returns:
- true if it's an open path, false otherwise
-
isStaticResource
-
validateOrigin
private boolean validateOrigin(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) throws IOException Validates Origin and Referer headers with the allowed origins.- Parameters:
req- the HTTP requestres- the HTTP response- Returns:
- true if headers are valid, false otherwise
- Throws:
IOException- if response writing fails
-
isAjaxRequest
private boolean isAjaxRequest(javax.servlet.http.HttpServletRequest req) Checks if request is an AJAX request.- Parameters:
req- the HTTP request- Returns:
- true if it's an AJAX request, false otherwise
-
validateAjaxHeaders
private boolean validateAjaxHeaders(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) throws IOException - Throws:
IOException
-
validateContentType
private boolean validateContentType(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) throws IOException Validates the content type in the headers.- Parameters:
req-res-- Returns:
- Throws:
IOException
-
init
public void init(javax.servlet.FilterConfig filterConfig) Initializes the filter when application starts.- Specified by:
initin interfacejavax.servlet.Filter- Parameters:
filterConfig- the filter configuration
-
destroy
public void destroy()Cleans up resources when filter is destroyed.- Specified by:
destroyin interfacejavax.servlet.Filter
-