Hi all,
I am currently trying to add a general XSS Filter in my application and I am
facing some really weird behavior.
Basically the Filter operate 1 time out of 5...
Here is my approach :
In AppModule.java
public static void bind(ServiceBinder binder) {
binder.bind(HttpServletRequestFilter.class,
XSSFilterImpl.class).withId("XssFilter");
}
/*
* XSS Filtering
*/
@Contribute(HttpServletRequestHandler.class)
public static void httpServletRequestHandler(OrderedConfiguration
configuration,
@InjectService("XssFilter")
HttpServletRequestFilter
xssFilter) {
configuration.add("XssFilter", xssFilter, "after:IgnoredPaths",
"before:GZIP");
}
In XSSFilterImpl.java
public class XSSFilterImpl implements HttpServletRequestFilter {
private static final Logger logger =
LoggerFactory.getLogger(XSSFilterImpl.class);
@Override
public boolean service(HttpServletRequest request, HttpServletResponse
response, HttpServletRequestHandler handler) throws IOException {
if(logger.isDebugEnabled()){
logger.debug("Wrapping Request in XSSRequestWrapper");
}
return handler.service(new XSSRequestWrapper(request),
response);
}
}
I see the Debug Message on each request, but sometimes I have to restart
Tomcat several time for the XSSRequestWrapper to operate properly ( I am
testing on a Form submission )...
I am wondering :
- Why do I get different behavior for each restart of Tomcat
- Is there something I miss in my approach ?
Thanks for the help :-)
Martin
--
View this message in context:
http://tapestry.1045711.n5.nabble.com/XSS-Filter-and-Erratic-Behaviour-of-Tapestry-5-3-4-tp5715492.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
