Package org.owasp.esapi.waf.internal

Class InterceptingHTTPServletResponse

  • All Implemented Interfaces:
    javax.servlet.http.HttpServletResponse, javax.servlet.ServletResponse
    public class InterceptingHTTPServletResponse
extends javax.servlet.http.HttpServletResponseWrapper
    The wrapper for the HttpServletResponse object which will be passed to the application being protected by the WAF. It contains logic for the response building API in order to allow the WAF rules regarding responses to work. Much of the work is delegated to other classes, especially InterceptingServletOutputStream
    Author:
    Arshan Dabirsiaghi

    • Field Summary

      • Fields inherited from interface javax.servlet.http.HttpServletResponse

        SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_FOUND, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY

    • Constructor Summary

      Constructors 
      Constructor Description
      InterceptingHTTPServletResponse​(javax.servlet.http.HttpServletResponse response, boolean buffering, java.util.List<Rule> cookieRules)  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addCookie​(javax.servlet.http.Cookie cookie)  
      void addCookie​(javax.servlet.http.Cookie cookie, boolean isSession)  
      void commit()  
      void flush()  
      java.lang.String getContentType()  
      InterceptingServletOutputStream getInterceptingServletOutputStream()  
      javax.servlet.ServletOutputStream getOutputStream()  
      java.io.PrintWriter getWriter()  
      boolean isUsingWriter()  
      void setContentType​(java.lang.String s)  

      • Methods inherited from class javax.servlet.http.HttpServletResponseWrapper

        addDateHeader, addHeader, addIntHeader, containsHeader, encodeRedirectUrl, encodeRedirectURL, encodeUrl, encodeURL, getHeader, getHeaderNames, getHeaders, getStatus, getTrailerFields, sendError, sendError, sendRedirect, setDateHeader, setHeader, setIntHeader, setStatus, setStatus, setTrailerFields

      • Methods inherited from class javax.servlet.ServletResponseWrapper

        flushBuffer, getBufferSize, getCharacterEncoding, getLocale, getResponse, isCommitted, isWrapperFor, isWrapperFor, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentLengthLong, setLocale, setResponse

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

      • Methods inherited from interface javax.servlet.ServletResponse

        flushBuffer, getBufferSize, getCharacterEncoding, getLocale, isCommitted, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentLengthLong, setLocale

    • Constructor Detail

      • InterceptingHTTPServletResponse

        public InterceptingHTTPServletResponse​(javax.servlet.http.HttpServletResponse response,
                                       boolean buffering,
                                       java.util.List<Rule> cookieRules)
                                throws java.io.IOException
        Throws:
        java.io.IOException

    • Method Detail

      • isUsingWriter

        public boolean isUsingWriter()

      • getOutputStream

        public javax.servlet.ServletOutputStream getOutputStream()
                                                  throws java.lang.IllegalStateException,
                                                         java.io.IOException
        Specified by:
        getOutputStream in interface javax.servlet.ServletResponse
        Overrides:
        getOutputStream in class javax.servlet.ServletResponseWrapper
        Throws:
        java.lang.IllegalStateException
        java.io.IOException

      • getWriter

        public java.io.PrintWriter getWriter()
                              throws java.io.IOException
        Specified by:
        getWriter in interface javax.servlet.ServletResponse
        Overrides:
        getWriter in class javax.servlet.ServletResponseWrapper
        Throws:
        java.io.IOException

      • getContentType

        public java.lang.String getContentType()
        Specified by:
        getContentType in interface javax.servlet.ServletResponse
        Overrides:
        getContentType in class javax.servlet.ServletResponseWrapper

      • setContentType

        public void setContentType​(java.lang.String s)
        Specified by:
        setContentType in interface javax.servlet.ServletResponse
        Overrides:
        setContentType in class javax.servlet.ServletResponseWrapper

      • flush

        public void flush()

      • commit

        public void commit()
            throws java.io.IOException
        Throws:
        java.io.IOException

      • addCookie

        public void addCookie​(javax.servlet.http.Cookie cookie)
        Specified by:
        addCookie in interface javax.servlet.http.HttpServletResponse
        Overrides:
        addCookie in class javax.servlet.http.HttpServletResponseWrapper

      • addCookie

        public void addCookie​(javax.servlet.http.Cookie cookie,
                      boolean isSession)