Two Laptop Bag*
The moose likes Servlets and the fly likes Making Changes In HttpServletRequest Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Servlets
Bookmark "Making Changes In HttpServletRequest" Watch "Making Changes In HttpServletRequest" New topic
Author

Making Changes In HttpServletRequest

Steve Watson
Ranch Hand

Joined: Apr 08, 2003
Posts: 38
I am charged with fixing security on a large, but not well structured web application. I would like to sanitize all input in the HttpServletRequest before passing it on to the business logic processing. Specifically I want to look at parameters, headers, cookies, and query strings and convert any dangerous characters to HTML equivelents eg. | to | .
My question is - how can I make these changes in the HttpServletRequest - there is no setParameters() method?
I realize a cleaner way to do this would be to extract these values and pass them on to business logic classes that need not have any awareness of the HttpServletRequest - but that would be a massive recoding effort that the client will not pay for.
Ideas?
Craig Jackson
Ranch Hand

Joined: Mar 19, 2002
Posts: 405
It sounds like you may want to do some research on the java.servlet.Filter(filtering) as well as the HttpServletRequestWrapper class. Based on your description above, that sounds like the direction you are heading.
Craig.
Steve Watson
Ranch Hand

Joined: Apr 08, 2003
Posts: 38
Sounds like good advice and will investigate. Unfortunately on this project I am stuck in the stone age with JServe which predates these helpful classes.
I may just have to make the sanitizer a servlet itself and then set everything in the HttpResponse and redirect to the appropriate servlet. Seems like over kill.
 
GeeCON Prague 2014
 
subject: Making Changes In HttpServletRequest