Package hudson.security.csrf
Class CrumbFilter
java.lang.Object
hudson.security.csrf.CrumbFilter
- All Implemented Interfaces:
jakarta.servlet.Filter,org.kohsuke.stapler.CompatibleFilter
Checks for and validates crumbs on requests that cause state changes, to
protect against cross site request forgeries.
- Author:
- dty
-
Nested Class Summary
Nested Classes -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoiddestroy()voiddoFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) Because servlet containers generally don't specify the ordering of the initialization (and different implementations indeed do this differently --- See JENKINS-3878), we cannot use Hudson to the CrumbIssuer into CrumbFilter eagerly.voidinit(jakarta.servlet.FilterConfig filterConfig) protected static booleanisMultipart(jakarta.servlet.http.HttpServletRequest request) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.kohsuke.stapler.CompatibleFilter
doFilter, init
-
Constructor Details
-
CrumbFilter
public CrumbFilter()
-
-
Method Details
-
getCrumbIssuer
Because servlet containers generally don't specify the ordering of the initialization (and different implementations indeed do this differently --- See JENKINS-3878), we cannot use Hudson to the CrumbIssuer into CrumbFilter eagerly. -
init
public void init(jakarta.servlet.FilterConfig filterConfig) throws jakarta.servlet.ServletException - Specified by:
initin interfacejakarta.servlet.Filter- Throws:
jakarta.servlet.ServletException
-
doFilter
public void doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException - Specified by:
doFilterin interfacejakarta.servlet.Filter- Throws:
IOExceptionjakarta.servlet.ServletException
-
isMultipart
protected static boolean isMultipart(jakarta.servlet.http.HttpServletRequest request) -
destroy
public void destroy()- Specified by:
destroyin interfacejakarta.servlet.Filter
-