fr.paris.lutece.util.http
Class SecurityUtil

java.lang.Object
  extended by fr.paris.lutece.util.http.SecurityUtil

public final class SecurityUtil
extends Object

Security utils


Method Summary
static boolean containsCleanParameters(javax.servlet.http.HttpServletRequest request)
          Scan request parameters to see if there no malicious code.
static boolean containsCleanParameters(javax.servlet.http.HttpServletRequest request, String strXssCharacters)
          Scan request parameters to see if there no malicious code.
static boolean containsXssCharacters(javax.servlet.http.HttpServletRequest request, String strString)
          Checks if a String contains characters that could be used for a cross-site scripting attack.
static boolean containsXssCharacters(javax.servlet.http.HttpServletRequest request, String strValue, String strXssCharacters)
          Checks if a String contains characters that could be used for a cross-site scripting attack.
static String dumpRequest(javax.servlet.http.HttpServletRequest request)
          Dump all request info
static String getRealIp(javax.servlet.http.HttpServletRequest request)
          Get the IP of the user from a request.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

containsCleanParameters

public static boolean containsCleanParameters(javax.servlet.http.HttpServletRequest request)
Scan request parameters to see if there no malicious code.

Parameters:
request - The HTTP request
Returns:
true if all parameters don't contains any special characters

containsCleanParameters

public static boolean containsCleanParameters(javax.servlet.http.HttpServletRequest request,
                                              String strXssCharacters)
Scan request parameters to see if there no malicious code.

Parameters:
request - The HTTP request
strXssCharacters - a String wich contain a list of Xss characters to check in strValue
Returns:
true if all parameters don't contains any special characters

containsXssCharacters

public static boolean containsXssCharacters(javax.servlet.http.HttpServletRequest request,
                                            String strString)
Checks if a String contains characters that could be used for a cross-site scripting attack.

Parameters:
request - The HTTP request
strString - a character String
Returns:
true if the String contains illegal characters

containsXssCharacters

public static boolean containsXssCharacters(javax.servlet.http.HttpServletRequest request,
                                            String strValue,
                                            String strXssCharacters)
Checks if a String contains characters that could be used for a cross-site scripting attack.

Parameters:
request - The HTTP request
strValue - a character String
strXssCharacters - a String wich contain a list of Xss characters to check in strValue
Returns:
true if the String contains illegal characters

dumpRequest

public static String dumpRequest(javax.servlet.http.HttpServletRequest request)
Dump all request info

Parameters:
request - The HTTP request
Returns:
A report containing all request info

getRealIp

public static String getRealIp(javax.servlet.http.HttpServletRequest request)
Get the IP of the user from a request. If the user is behind an apache server, return the ip of the user instead of the ip of the server.

Parameters:
request - The request
Returns:
The IP of the user that made the request


Copyright © 2014 Mairie de Paris. All Rights Reserved.