CookieSanitizerSecurityAdapter (stumps 1.0-SNAPSHOT API)

java.lang.Object
- com.neurosys.cluzo.adapters.CookieSanitizerSecurityAdapter

All Implemented Interfaces:: SecurityAdapter<javax.servlet.http.Cookie>

public class CookieSanitizerSecurityAdapter
extends Object
implements SecurityAdapter<javax.servlet.http.Cookie>

Sanitize Cookies

Author:: Arjun Dhar

Field Summary
- Fields inherited from interface com.neurosys.cluzo.domain.SecurityAdapter
  REGEX_PROP_FILE

Constructor Summary

Constructors
Constructor and Description

CookieSanitizerSecurityAdapter()

Constructors
Constructor and Description
`CookieSanitizerSecurityAdapter()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`Data<javax.servlet.http.Cookie>`	`sanitize(Data<javax.servlet.http.Cookie> data)` Returns the same cookie as the input Note: HTTP Only is controlled at the response header like response.setHeader( "Set-Cookie", "name=value; HttpOnly") or at a server level in Tomcat 6 flag useHttpOnly=True in context.xml to force this behaviour for applications For session cookie, we can set in web.xml:
`void`	`validate(Data<javax.servlet.http.Cookie> input)` Check if the input is safe or not When used in a chained or a `SecurityContext` with other `SecurityAdapter`s then the Adapters throwing a `OperationNotSupportedException` will be ignored.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - CookieSanitizerSecurityAdapter
```
public CookieSanitizerSecurityAdapter()
```
- Method Detail
  - sanitize
```
public Data<javax.servlet.http.Cookie> sanitize(Data<javax.servlet.http.Cookie> data)
                                         throws Exception,
                                                OperationNotSupportedException
```
    Returns the same cookie as the input Note: HTTP Only is controlled at the response header like response.setHeader( "Set-Cookie", "name=value; HttpOnly") or at a server level in Tomcat 6 flag useHttpOnly=True in context.xml to force this behaviour for applications For session cookie, we can set in web.xml:
```
 
		   <session-config>
			 <cookie-config>
			  <http-only>true</http-only>
			 </cookie-config>
		  <session-config>
		
```
    Specified by:
    
    sanitize in interface SecurityAdapter<javax.servlet.http.Cookie>
    
    Returns:
    
    Throws:
    
    Exception
    
    OperationNotSupportedException
  - validate
```
public final void validate(Data<javax.servlet.http.Cookie> input)
                    throws SecurityException,
                           OperationNotSupportedException,
                           IOException
```
    Description copied from interface: SecurityAdapter
    
    Check if the input is safe or not
    When used in a chained or a SecurityContext with other SecurityAdapters then the Adapters throwing a OperationNotSupportedException will be ignored.
    
    Specified by:
    
    validate in interface SecurityAdapter<javax.servlet.http.Cookie>
    
    Parameters:
    
    input - as Data
    
    Throws:
    
    SecurityException - is its is not safe. This is to provide additional details about the failure that te return param cannot.
    
    IOException - for any type of setup, reading, infra related issue with files/configs
    
    OperationNotSupportedException

Class CookieSanitizerSecurityAdapter

Field Summary

Fields inherited from interface com.neurosys.cluzo.domain.SecurityAdapter

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

CookieSanitizerSecurityAdapter

Method Detail

sanitize

validate