| java.lang.Object
 com.jcorporate.expresso.core.security.filters.FilterManager
| FilterManager | | public class FilterManager (Code) | | The primary purpose of this class is to filer out particular
characters from a HTTP respone. The reason for this is that codes can be in-
serted into a string that gets returned to a web browser, and these codes can
cause the web browser to act on them in a way that is not as the site author
inteded, and may be a breach of security. For more on these see:
Understanding Malicious Content Mitigation for Web Developers
The Filtermanager implements filtering based upon a particular characterset.
It maintains a list of all filters that have been used since the initialization
of the class. When a particular filter is requested, the manager checks to see
if that particular filter has been loaded. If not, it loads it and stores a
reference to it in filterList. Since the number of different charactersets are
actually probably fairly small for most applications, this list is never cleaned
out until the class is gc'ed. If this becomes a problem, we can implement a
caching system that clears out the least frequently used characterset filters.
author:
Michael Rimov
since:
Expresso 3 |
| RAW_FILTER | | final public static String RAW_FILTER(Code) | | Don't do anything
|
| STANDARD_FILTER | | final public static String STANDARD_FILTER(Code) | | Replace control characters with appropriate values, protect against XSS attacks
|
| STRIP_FILTER | | final public static String STRIP_FILTER(Code) | | Strip out any unwanted characters, but do not replace them with anything
|
| FilterManager | | public FilterManager()(Code) | | Manager for filters. Filters are named for their character sets,
generally speaking. Note that "standardFilter" is not a filter, but
rather a command to a filter (called a "filterType").
A common filter is ISO_8859_1.
See Also: Filter |
| filterString | | public String filterString(String data, Class filterClass, String filterMethod) throws IllegalArgumentException, Exception(Code) | | The method that does the actual string filtering.
Parameters:
data - The string to filter.
Parameters:
filterClass - the class implementing Filter; class name will be used to hash an instance of this filter within FilterManager; use NULL to get default filtering
Parameters:
filterMethod - one of three filter methods, supported by all filters:
(1) "standardFilter" - Replace control characters withappropriate values.(2) "rawFilter" - Don't strip out any control characters(3) "stripFilter" - Strip out all control characters(these strings are defined as static final constants on this object) The string after it has been filtered
throws:
IllegalArgumentException - if there is a problem with the Method'sparameters
throws:
Exception - for any other exception related to loading the specificfilter class |
| getInstance | | public static synchronized FilterManager getInstance()(Code) | | The singleton implementation. Use getInstance to get an instance of
the one and only FilterManager instance. If one does not yet exist, then
it is automatically instantiated.
A handle to the one and only FilterManager instance. |
|
|