This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Java Interview Guide and have Anthony DePalma on-line!
See this thread for details.
The moose likes Servlets and the fly likes Making Changes In HttpServletRequest Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Making Changes In HttpServletRequest" Watch "Making Changes In HttpServletRequest" New topic

Making Changes In HttpServletRequest

Steve Watson
Ranch Hand

Joined: Apr 08, 2003
Posts: 38
I am charged with fixing security on a large, but not well structured web application. I would like to sanitize all input in the HttpServletRequest before passing it on to the business logic processing. Specifically I want to look at parameters, headers, cookies, and query strings and convert any dangerous characters to HTML equivelents eg. | to | .
My question is - how can I make these changes in the HttpServletRequest - there is no setParameters() method?
I realize a cleaner way to do this would be to extract these values and pass them on to business logic classes that need not have any awareness of the HttpServletRequest - but that would be a massive recoding effort that the client will not pay for.
Craig Jackson
Ranch Hand

Joined: Mar 19, 2002
Posts: 405
It sounds like you may want to do some research on the java.servlet.Filter(filtering) as well as the HttpServletRequestWrapper class. Based on your description above, that sounds like the direction you are heading.
Steve Watson
Ranch Hand

Joined: Apr 08, 2003
Posts: 38
Sounds like good advice and will investigate. Unfortunately on this project I am stuck in the stone age with JServe which predates these helpful classes.
I may just have to make the sanitizer a servlet itself and then set everything in the HttpResponse and redirect to the appropriate servlet. Seems like over kill.
I agree. Here's the link:
subject: Making Changes In HttpServletRequest
It's not a secret anymore!