org.springframework.security.web.firewall
Interface HttpFirewall

All Known Implementing Classes:
DefaultHttpFirewall

public interface HttpFirewall

Interface which can be used to reject potentially dangerous requests and/or wrap them to control their behaviour.

The implementation is injected into the FilterChainProxy and will be invoked before sending any request through the filter chain. It can also provide a response wrapper if the response behaviour should also be restricted.


Method Summary
 FirewalledRequest getFirewalledRequest(javax.servlet.http.HttpServletRequest request)
          Provides the request object which will be passed through the filter chain.
 javax.servlet.http.HttpServletResponse getFirewalledResponse(javax.servlet.http.HttpServletResponse response)
          Provides the response which will be passed through the filter chain.
 

Method Detail

getFirewalledRequest

FirewalledRequest getFirewalledRequest(javax.servlet.http.HttpServletRequest request)
                                       throws RequestRejectedException
Provides the request object which will be passed through the filter chain.

Throws:
RequestRejectedException - if the request should be rejected immediately

getFirewalledResponse

javax.servlet.http.HttpServletResponse getFirewalledResponse(javax.servlet.http.HttpServletResponse response)
Provides the response which will be passed through the filter chain.

Parameters:
response - the original response
Returns:
either the original response or a replacement/wrapper.