Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Oracle Fusion Middleware
Oracle WebLogic Server API Reference
11g Release 1 (10.3.6)

Part Number E13941-06
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

weblogic.servlet.security
Class Utils

java.lang.Object
  extended by weblogic.servlet.security.Utils

public class Utils
extends Object

Constructor Summary
Utils()
           
 
Method Summary
static String encodeXSS(String text)
          This helper method can be used to help prevent Cross Site Scripting vulnerabilities.
static String getConfiguredAuthMethod(HttpServletRequest request)
          Returns the auth-method as configured in web.xml for the webapp
static String getConfiguredAuthMethod(ServletContext servletContext)
          Returns the auth-method as configured in web.xml for the webapp
static boolean isSSLRequired(HttpServletRequest request)
          Checks whether SSL is required for the current request as per the security-constraints defined in the deployment descriptors.
static boolean isSSLRequired(ServletContext servletContext, String relativeURI, String method)
          Checks whether SSL is required for the given URI and method as per the security-constraints defined in the deployment descriptors.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

Utils

public Utils()
Method Detail

encodeXSS

public static String encodeXSS(String text)
This helper method can be used to help prevent Cross Site Scripting vulnerabilities. Any Servlet or JSP which sends user input (eg. query parameters in HTTP requests) to be rendered into a user's browser needs to use this method to encode the user input. This ensures that any HTML in their input (either malicious or otherwise) is not executed by the browser. This is achieved by converting characters to their HTML escaped form. For example, '&' is converted to '&'.

A full description of Cross Site Scripting (XSS) vulnerabilities can be found at http://www.cert.org/tech_tips/malicious_code_mitigation.html.

Parameters:
text - This is the dynamic text which is going to be sent as html (eg. URL)
Returns:
encoded text

getConfiguredAuthMethod

public static String getConfiguredAuthMethod(ServletContext servletContext)
Returns the auth-method as configured in web.xml for the webapp

Parameters:
servletContext - javax.servlet.ServletContext
Returns:
the auth-method as configured in web.xml

getConfiguredAuthMethod

public static String getConfiguredAuthMethod(HttpServletRequest request)
Returns the auth-method as configured in web.xml for the webapp

Parameters:
request - HttpServletRequest
Returns:
the auth-method as configured in web.xml

isSSLRequired

public static boolean isSSLRequired(ServletContext servletContext,
                                    String relativeURI,
                                    String method)
Checks whether SSL is required for the given URI and method as per the security-constraints defined in the deployment descriptors. This method will be useful for creating url references.

Parameters:
servletContext - javax.servlet.ServletContext
relativeURI - : should not include the context path
method - : GET/POST/PUT etc for which the check is desired
Returns:
boolean

isSSLRequired

public static boolean isSSLRequired(HttpServletRequest request)
Checks whether SSL is required for the current request as per the security-constraints defined in the deployment descriptors.

Parameters:
request -
Returns:
boolean
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Copyright 1996, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Oracle Fusion Middleware
Oracle WebLogic Server API Reference
11g Release 1 (10.3.6)

Part Number E13941-06
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD