ESAPIWebApplicationFirewallFilter (ESAPI 2.1.0.1 API)

java.lang.Object
- org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter

All Implemented Interfaces:

javax.servlet.Filter
```
public class ESAPIWebApplicationFirewallFilter
extends Object
implements javax.servlet.Filter
```
This is the main class for the ESAPI Web Application Firewall (WAF). It is a standard J2EE servlet filter that, in different methods, invokes the reading of the configuration file and handles the runtime processing and enforcing of the developer-specified rules. Ideally the filter should be configured to catch all requests (/*) in web.xml. If there are URL segments that need to be extremely fast and don't require any protection, the pattern may be modified with extreme caution.

Author:

Arshan Dabirsiaghi

Constructor Summary

Constructors
Constructor and Description

ESAPIWebApplicationFirewallFilter()

Constructors
Constructor and Description
`ESAPIWebApplicationFirewallFilter()`

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`destroy()`
`void`	`doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain chain)` This is the where the main interception and rule-checking logic of the WAF resides.
`AppGuardianConfiguration`	`getConfiguration()`
`void`	`init(javax.servlet.FilterConfig fc)` This function is invoked at application startup and when the configuration file polling period has elapsed and a change in the configuration file has been detected.
`void`	`setConfiguration(String policyFilePath, String webRootDir)` This function is used in testing to dynamically alter the configuration.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - ESAPIWebApplicationFirewallFilter
```
public ESAPIWebApplicationFirewallFilter()
```
- Method Detail
  - setConfiguration
```
public void setConfiguration(String policyFilePath,
                    String webRootDir)
                      throws FileNotFoundException
```
    This function is used in testing to dynamically alter the configuration.
    
    Parameters:
    policyFilePath - The path to the policy file
    webRootDir - The root directory of the web application.
    
    Throws:
    
    FileNotFoundException - if the policy file cannot be located
  - getConfiguration
```
public AppGuardianConfiguration getConfiguration()
```
  - init
```
public void init(javax.servlet.FilterConfig fc)
          throws javax.servlet.ServletException
```
    This function is invoked at application startup and when the configuration file polling period has elapsed and a change in the configuration file has been detected. It's main purpose is to read the configuration file and establish the configuration object model for use at runtime during the doFilter() method.
    
    Specified by:
    
    init in interface javax.servlet.Filter
    
    Throws:
    
    javax.servlet.ServletException
  - doFilter
```
public void doFilter(javax.servlet.ServletRequest servletRequest,
            javax.servlet.ServletResponse servletResponse,
            javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException
```
    This is the where the main interception and rule-checking logic of the WAF resides.
    
    Specified by:
    
    doFilter in interface javax.servlet.Filter
    
    Throws:
    
    IOException
    
    javax.servlet.ServletException
  - destroy
```
public void destroy()
```
    Specified by:
    
    destroy in interface javax.servlet.Filter

Class ESAPIWebApplicationFirewallFilter

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

ESAPIWebApplicationFirewallFilter

Method Detail

setConfiguration

getConfiguration

init

doFilter

destroy