Package alpine.server.filters

Class WhitelistUrlFilter

java.lang.Object
alpine.server.filters.WhitelistUrlFilter
All Implemented Interfaces:
javax.servlet.Filter
public final class WhitelistUrlFilter extends Object implements javax.servlet.Filter
WhitelistUrlFilter is a configurable Servlet Filter that can prevent access to specific URLs. The filter will ignore access to all URLs that are not specifically whitelisted. Ignored URLs result in a HTTP 404 response. The filter may be used when specific files or directories should not be accessible. In the case of executable WARs, use of this filter is highly recommended since executable WARs must meet the requirements of both JAR and WAR files, thus placing compiled classes and their package structure inside the document webroot. Sample usage: 
 <filter>
   <filter-name>WhitelistUrlFilter</filter-name>
   <filter-class>alpine.filters.WhitelistUrlFilter</filter-class>
   <init-param>
     <param-name>allowUrls</param-name>
     <param-value>/images,/css</param-value>
   </init-param>
 </filter>

 <filter-mapping>
   <filter-name>WhitelistUrlFilter</filter-name>
   <url-pattern>/*</url-pattern>
 </filter-mapping>
Optionally, the forwardTo parameter can be specified to instruct the WhitelistUrlFilter to forward the request to a URL of another Servlet, JSP, or HTML file should the originally requested URL not be whitelisted. This may be necessary in some Single Page Applications (SPA).
Since:
1.0.0
Author:
Steve Springett

  • Constructor Summary

    Constructors
    Constructor
    Description
    WhitelistUrlFilter()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    destroy()
    void
    doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
    Check for allowed URLs being requested.
    void
    init(javax.servlet.FilterConfig filterConfig)
    Initialize "allowUrls" parameter from web.xml.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • WhitelistUrlFilter

      public WhitelistUrlFilter()

  • Method Details

    • init

      public void init(javax.servlet.FilterConfig filterConfig)
      Initialize "allowUrls" parameter from web.xml.
      Specified by:
      init in interface javax.servlet.Filter
      Parameters:
      filterConfig - A filter configuration object used by a servlet container to pass information to a filter during initialization.

    • doFilter

      public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
      Check for allowed URLs being requested.
      Specified by:
      doFilter in interface javax.servlet.Filter
      Parameters:
      request - The request object.
      response - The response object.
      chain - Refers to the FilterChain object to pass control to the next Filter.
      Throws:
      IOException - a IOException
      javax.servlet.ServletException - a ServletException

    • destroy

      public void destroy()
      Specified by:
      destroy in interface javax.servlet.Filter