Package org.apache.catalina.filters
Class HttpHeaderSecurityFilter
- java.lang.Object
- 
- org.apache.catalina.filters.FilterBase
- 
- org.apache.catalina.filters.HttpHeaderSecurityFilter
 
 
- 
- All Implemented Interfaces:
- Filter
 
 public class HttpHeaderSecurityFilter extends FilterBase Provides a single configuration point for security measures that required the addition of one or more HTTP headers to the response.
- 
- 
Field Summary- 
Fields inherited from class org.apache.catalina.filters.FilterBasesm
 
- 
 - 
Constructor SummaryConstructors Constructor Description HttpHeaderSecurityFilter()
 - 
Method SummaryAll Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description voiddoFilter(ServletRequest request, ServletResponse response, FilterChain chain)ThedoFiltermethod of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain.StringgetAntiClickJackingOption()StringgetAntiClickJackingUri()intgetHstsMaxAgeSeconds()protected LoggetLogger()voidinit(FilterConfig filterConfig)Iterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.booleanisAntiClickJackingEnabled()booleanisBlockContentTypeSniffingEnabled()protected booleanisConfigProblemFatal()Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.booleanisHstsEnabled()booleanisHstsIncludeSubDomains()booleanisHstsPreload()booleanisXssProtectionEnabled()Deprecated.voidsetAntiClickJackingEnabled(boolean antiClickJackingEnabled)voidsetAntiClickJackingOption(String antiClickJackingOption)voidsetAntiClickJackingUri(String antiClickJackingUri)voidsetBlockContentTypeSniffingEnabled(boolean blockContentTypeSniffingEnabled)voidsetHstsEnabled(boolean hstsEnabled)voidsetHstsIncludeSubDomains(boolean hstsIncludeSubDomains)voidsetHstsMaxAgeSeconds(int hstsMaxAgeSeconds)voidsetHstsPreload(boolean hstsPreload)voidsetXssProtectionEnabled(boolean xssProtectionEnabled)Deprecated.
 
- 
- 
- 
Method Detail- 
initpublic void init(FilterConfig filterConfig) throws ServletException Description copied from class:FilterBaseIterates over the configuration parameters and either logs a warning, or throws an exception for any parameter that does not have a matching setter in this filter.- Specified by:
- initin interface- Filter
- Overrides:
- initin class- FilterBase
- Parameters:
- filterConfig- The configuration information associated with the filter instance being initialised
- Throws:
- ServletException- if- FilterBase.isConfigProblemFatal()returns- trueand a configured parameter does not have a matching setter
 
 - 
doFilterpublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException Description copied from interface:jakarta.servlet.FilterThedoFiltermethod of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.A typical implementation of this method would follow the following pattern:- 
 1. Examine the request
 2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
 3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
 4. a) Either invoke the next entity in the chain using the FilterChain object (chain.doFilter()),
 4. b) or not pass on the request/response pair to the next entity in the filter chain to block the request processing
 5. Directly set headers on the response after invocation of the next entity in the filter chain.- Parameters:
- request- The request to process
- response- The response associated with the request
- chain- Provides access to the next filter in the chain for this filter to pass the request and response to for further processing
- Throws:
- IOException- if an I/O error occurs during this filter's processing of the request
- ServletException- if the processing fails for any other reason
 
 - 
getLoggerprotected Log getLogger() - Specified by:
- getLoggerin class- FilterBase
 
 - 
isConfigProblemFatalprotected boolean isConfigProblemFatal() Description copied from class:FilterBaseDetermines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.- Overrides:
- isConfigProblemFatalin class- FilterBase
- Returns:
- trueif a problem should trigger the failure of this filter, else- false
 
 - 
isHstsEnabledpublic boolean isHstsEnabled() 
 - 
setHstsEnabledpublic void setHstsEnabled(boolean hstsEnabled) 
 - 
getHstsMaxAgeSecondspublic int getHstsMaxAgeSeconds() 
 - 
setHstsMaxAgeSecondspublic void setHstsMaxAgeSeconds(int hstsMaxAgeSeconds) 
 - 
isHstsIncludeSubDomainspublic boolean isHstsIncludeSubDomains() 
 - 
setHstsIncludeSubDomainspublic void setHstsIncludeSubDomains(boolean hstsIncludeSubDomains) 
 - 
isHstsPreloadpublic boolean isHstsPreload() 
 - 
setHstsPreloadpublic void setHstsPreload(boolean hstsPreload) 
 - 
isAntiClickJackingEnabledpublic boolean isAntiClickJackingEnabled() 
 - 
setAntiClickJackingEnabledpublic void setAntiClickJackingEnabled(boolean antiClickJackingEnabled) 
 - 
getAntiClickJackingOptionpublic String getAntiClickJackingOption() 
 - 
setAntiClickJackingOptionpublic void setAntiClickJackingOption(String antiClickJackingOption) 
 - 
getAntiClickJackingUripublic String getAntiClickJackingUri() 
 - 
isBlockContentTypeSniffingEnabledpublic boolean isBlockContentTypeSniffingEnabled() 
 - 
setBlockContentTypeSniffingEnabledpublic void setBlockContentTypeSniffingEnabled(boolean blockContentTypeSniffingEnabled) 
 - 
setAntiClickJackingUripublic void setAntiClickJackingUri(String antiClickJackingUri) 
 - 
isXssProtectionEnabled@Deprecated public boolean isXssProtectionEnabled() Deprecated.
 - 
setXssProtectionEnabled@Deprecated public void setXssProtectionEnabled(boolean xssProtectionEnabled) Deprecated.
 
- 
 
-