Package org.springframework.security.web.firewall

Interface HttpFirewall

All Known Implementing Classes:

DefaultHttpFirewall, StrictHttpFirewall

public interface HttpFirewall

Interface which can be used to reject potentially dangerous requests and/or wrap them to control their behaviour.

The implementation is injected into the FilterChainProxy and will be invoked before sending any request through the filter chain. It can also provide a response wrapper if the response behaviour should also be restricted.

Method Summary

Modifier and Type	Method	Description
FirewalledRequest	getFirewalledRequest(jakarta.servlet.http.HttpServletRequest request)	Provides the request object which will be passed through the filter chain.
jakarta.servlet.http.HttpServletResponse	getFirewalledResponse(jakarta.servlet.http.HttpServletResponse response)	Provides the response which will be passed through the filter chain.

Method Details

getFirewalledRequest

FirewalledRequest getFirewalledRequest(jakarta.servlet.http.HttpServletRequest request)
                                throws RequestRejectedException

Provides the request object which will be passed through the filter chain.

Throws:

RequestRejectedException - if the request should be rejected immediately

getFirewalledResponse

jakarta.servlet.http.HttpServletResponse getFirewalledResponse(jakarta.servlet.http.HttpServletResponse response)

Provides the response which will be passed through the filter chain.

Parameters:

response - the original response

Returns:

either the original response or a replacement/wrapper.