@InterfaceAudience.Public @InterfaceStability.Evolving public class RestCsrfPreventionFilter extends Object implements javax.servlet.Filter
Modifier and Type | Field and Description |
---|---|
static String |
BROWSER_USER_AGENT_PARAM |
static String |
CUSTOM_HEADER_PARAM |
static String |
CUSTOM_METHODS_TO_IGNORE_PARAM |
static String |
HEADER_DEFAULT |
static String |
HEADER_USER_AGENT |
Constructor and Description |
---|
RestCsrfPreventionFilter() |
Modifier and Type | Method and Description |
---|---|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain) |
static Map<String,String> |
getFilterParams(Configuration conf,
String confPrefix)
Constructs a mapping of configuration properties to be used for filter
initialization.
|
void |
handleHttpInteraction(org.apache.hadoop.security.http.RestCsrfPreventionFilter.HttpInteraction httpInteraction)
Handles an
RestCsrfPreventionFilter.HttpInteraction by applying the filtering logic. |
void |
init(javax.servlet.FilterConfig filterConfig) |
protected boolean |
isBrowser(String userAgent)
This method interrogates the User-Agent String and returns whether it
refers to a browser.
|
public static final String HEADER_USER_AGENT
public static final String BROWSER_USER_AGENT_PARAM
public static final String CUSTOM_HEADER_PARAM
public static final String CUSTOM_METHODS_TO_IGNORE_PARAM
public static final String HEADER_DEFAULT
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
init
in interface javax.servlet.Filter
javax.servlet.ServletException
protected boolean isBrowser(String userAgent)
A User-Agent String is considered to be a browser if it matches any of the regex patterns from browser-useragent-regex; the default behavior is to consider everything a browser that matches the following: "^Mozilla.*,^Opera.*". Subclasses can optionally override this method to use different behavior.
userAgent
- The User-Agent String, or null if there isn't onepublic void handleHttpInteraction(org.apache.hadoop.security.http.RestCsrfPreventionFilter.HttpInteraction httpInteraction) throws IOException, javax.servlet.ServletException
RestCsrfPreventionFilter.HttpInteraction
by applying the filtering logic.httpInteraction
- caller's HTTP interactionIOException
- if there is an I/O errorjavax.servlet.ServletException
- if the implementation relies on the servlet API
and a servlet API call has failedpublic void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
IOException
javax.servlet.ServletException
public void destroy()
destroy
in interface javax.servlet.Filter
public static Map<String,String> getFilterParams(Configuration conf, String confPrefix)
conf
- configuration to readconfPrefix
- configuration prefixCopyright © 2024 Apache Software Foundation. All rights reserved.