Utils (Java API Reference for Oracle WebLogic Server)

java.lang.Object
- weblogic.servlet.security.Utils

```
public class Utils
extends Object
```

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static String`	`encodeXSS(String text)` This helper method can be used to help prevent Cross Site Scripting vulnerabilities.
`static String`	`getConfiguredAuthMethod(HttpServletRequest request)` Returns the auth-method as configured in web.xml for the webapp
`static String`	`getConfiguredAuthMethod(ServletContext servletContext)` Returns the auth-method as configured in web.xml for the webapp
`static boolean`	`isSSLRequired(HttpServletRequest request)` Checks whether SSL is required for the current request as per the security-constraints defined in the deployment descriptors.
`static boolean`	`isSSLRequired(ServletContext servletContext, String relativeURI, String method)` Checks whether SSL is required for the given URI and method as per the security-constraints defined in the deployment descriptors.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Method Detail
  - encodeXSS
```
public static String encodeXSS(String text)
```
    This helper method can be used to help prevent Cross Site Scripting vulnerabilities. Any Servlet or JSP which sends user input (eg. query parameters in HTTP requests) to be rendered into a user's browser needs to use this method to encode the user input. This ensures that any HTML in their input (either malicious or otherwise) is not executed by the browser. This is achieved by converting characters to their HTML escaped form. For example, '&' is converted to '&'.
    A full description of Cross Site Scripting (XSS) vulnerabilities can be found at http://www.cert.org/tech_tips/malicious_code_mitigation.html.
    
    Parameters:
    
    text - This is the dynamic text which is going to be sent as html (eg. URL)
    
    Returns:
    
    encoded text
  - getConfiguredAuthMethod
```
public static String getConfiguredAuthMethod(ServletContext servletContext)
```
    Returns the auth-method as configured in web.xml for the webapp
    
    Parameters:
    
    servletContext - javax.servlet.ServletContext
    
    Returns:
    
    the auth-method as configured in web.xml
  - getConfiguredAuthMethod
```
public static String getConfiguredAuthMethod(HttpServletRequest request)
```
    Returns the auth-method as configured in web.xml for the webapp
    
    Parameters:
    
    request - HttpServletRequest
    
    Returns:
    
    the auth-method as configured in web.xml
  - isSSLRequired
```
public static boolean isSSLRequired(ServletContext servletContext,
                                    String relativeURI,
                                    String method)
```
    Checks whether SSL is required for the given URI and method as per the security-constraints defined in the deployment descriptors. This method will be useful for creating url references.
    
    Parameters:
    
    servletContext - javax.servlet.ServletContext
    
    relativeURI - : should not include the context path
    
    method - : GET/POST/PUT etc for which the check is desired
    
    Returns:
    
    boolean
  - isSSLRequired
```
public static boolean isSSLRequired(HttpServletRequest request)
```
    Checks whether SSL is required for the current request as per the security-constraints defined in the deployment descriptors.
    
    Parameters:
    
    request -
    
    Returns:
    
    boolean

Class Utils

Method Summary

Methods inherited from class java.lang.Object

Method Detail

encodeXSS

getConfiguredAuthMethod

getConfiguredAuthMethod

isSSLRequired

isSSLRequired