Package org.apache.tomcat.util.http

Class RequestUtil

  • public class RequestUtil
extends java.lang.Object

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static boolean isSameOrigin​(HttpServletRequest request, java.lang.String origin)  
      static boolean isValidOrigin​(java.lang.String origin)
      Checks if a given origin is valid or not.
      static java.lang.String normalize​(java.lang.String path)
      Normalize a relative URI path that may have relative values ("/./", "/../", and so on ) it it.
      static java.lang.String normalize​(java.lang.String path, boolean replaceBackSlash)
      Normalize a relative URI path that may have relative values ("/./", "/../", and so on ) it it.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • normalize

        public static java.lang.String normalize​(java.lang.String path)
        Normalize a relative URI path that may have relative values ("/./", "/../", and so on ) it it. WARNING - This method is useful only for normalizing application-generated paths. It does not try to perform security checks for malicious input.
        Parameters:
        path - Relative path to be normalized
        Returns:
        The normalized path or null if the path cannot be normalized

      • normalize

        public static java.lang.String normalize​(java.lang.String path,
                                         boolean replaceBackSlash)
        Normalize a relative URI path that may have relative values ("/./", "/../", and so on ) it it. WARNING - This method is useful only for normalizing application-generated paths. It does not try to perform security checks for malicious input.
        Parameters:
        path - Relative path to be normalized
        replaceBackSlash - Should '\\' be replaced with '/'
        Returns:
        The normalized path or null if the path cannot be normalized

      • isSameOrigin

        public static boolean isSameOrigin​(HttpServletRequest request,
                                   java.lang.String origin)

      • isValidOrigin

        public static boolean isValidOrigin​(java.lang.String origin)
        Checks if a given origin is valid or not. Criteria:
        • If an encoded character is present in origin, it's not valid.
        • If origin is "null", it's valid.
        • Origin should be a valid URI
        Parameters:
        origin - The origin URI
        Returns:
        true if the origin was valid
        See Also:
        RFC952