Package org.owasp.esapi.waf.internal

Class InterceptingServletOutputStream

java.lang.Object

java.io.OutputStream

javax.servlet.ServletOutputStream

org.owasp.esapi.waf.internal.InterceptingServletOutputStream

All Implemented Interfaces:

java.io.Closeable, java.io.Flushable, java.lang.AutoCloseable

public class InterceptingServletOutputStream
extends javax.servlet.ServletOutputStream

This class was inspired by ModSecurity for Java by Ivan Ristic. We hook the response stream and queue up all outbound data so that we can apply egress rules. For efficiency, we decide off the bat if we need to buffer responses to accomplish any of the rules in the policy file. If not, we just forward everything through, otherwise we write data to our byte stream that we will eventually forward en totale to the user agent.

Author:

Arshan Dabirsiaghi

Constructor Summary

Constructors

Constructor	Description
InterceptingServletOutputStream(javax.servlet.ServletOutputStream os, boolean buffered)

Method Summary

Modifier and Type	Method	Description
void	close()
void	commit()
void	flush()
byte[]	getResponseBytes()
boolean	isReady()
void	reset()
void	setResponseBytes(byte[] responseBytes)
void	setWriteListener(javax.servlet.WriteListener listener)
void	write(byte[] b)
void	write(byte[] b, int off, int len)
void	write(int i)

Methods inherited from class javax.servlet.ServletOutputStream

print, print, print, print, print, print, print, println, println, println, println, println, println, println, println

Methods inherited from class java.io.OutputStream

nullOutputStream

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

InterceptingServletOutputStream

public InterceptingServletOutputStream(javax.servlet.ServletOutputStream os,
                                       boolean buffered)
                                throws java.io.FileNotFoundException,
                                       java.io.IOException

Throws:

java.io.FileNotFoundException

java.io.IOException

Method Detail

reset

public void reset()
           throws java.io.IOException

Throws:

java.io.IOException

getResponseBytes

public byte[] getResponseBytes()
                        throws java.io.IOException

Throws:

java.io.IOException

setResponseBytes

public void setResponseBytes(byte[] responseBytes)
                      throws java.io.IOException

Throws:

java.io.IOException

write

public void write(int i)
           throws java.io.IOException

Specified by:

write in class java.io.OutputStream

Throws:

java.io.IOException

write

public void write(byte[] b)
           throws java.io.IOException

Overrides:

write in class java.io.OutputStream

Throws:

java.io.IOException

write

public void write(byte[] b,
                  int off,
                  int len)
           throws java.io.IOException

Overrides:

write in class java.io.OutputStream

Throws:

java.io.IOException

flush

public void flush()
           throws java.io.IOException

Specified by:

flush in interface java.io.Flushable

Overrides:

flush in class java.io.OutputStream

Throws:

java.io.IOException

commit

public void commit()
            throws java.io.IOException

Throws:

java.io.IOException

close

public void close()
           throws java.io.IOException

Specified by:

close in interface java.lang.AutoCloseable

Specified by:

close in interface java.io.Closeable

Overrides:

close in class java.io.OutputStream

Throws:

java.io.IOException

isReady

public boolean isReady()

Specified by:

isReady in class javax.servlet.ServletOutputStream

setWriteListener

public void setWriteListener(javax.servlet.WriteListener listener)

Specified by:

setWriteListener in class javax.servlet.ServletOutputStream