Package thredds.servlet.filter

Class RequestQueryFilter

  • All Implemented Interfaces:
    javax.servlet.Filter
    public class RequestQueryFilter
extends Object
implements javax.servlet.Filter
    Reject any request with an invalid query string.

    The query string is considered valid if, after decoding, it is a single-line string. For more details, see StringValidateEncodeUtils.validSingleLineString(String) validSingleLineString()}.

    Note: Currently also rejecting strings that contain any less than ("<"), greater than (">"), or backslash ("\") characters. [May loosen this restriction later.]

    Note: HttpServletRequest.getQueryString()) is not decoded by default so we run it through URLDecoder.decode().

    Since:
    3.16.47
    See Also:
    StringValidateEncodeUtils.validSingleLineString(String), URLDecoder

    • Constructor Detail

      • RequestQueryFilter

        public RequestQueryFilter()

    • Method Detail

      • setAllowAngleBrackets

        public void setAllowAngleBrackets​(boolean allowAngleBrackets)
                           throws javax.servlet.ServletException
        Throws:
        javax.servlet.ServletException

      • destroy

        public void destroy()
        Specified by:
        destroy in interface javax.servlet.Filter

      • init

        public void init​(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
        Specified by:
        init in interface javax.servlet.Filter
        Throws:
        javax.servlet.ServletException

      • doFilter

        public void doFilter​(javax.servlet.ServletRequest servletRequest,
                     javax.servlet.ServletResponse servletResponse,
                     javax.servlet.FilterChain filterChain)
              throws IOException,
                     javax.servlet.ServletException
        Specified by:
        doFilter in interface javax.servlet.Filter
        Throws:
        IOException
        javax.servlet.ServletException