Example 1 with RequestParameterPolicyEnforcementFilter
use of org.apereo.cas.security.RequestParameterPolicyEnforcementFilter in project cas by apereo.
the class CasFiltersConfiguration method requestParameterSecurityFilter.
@RefreshScope
@Bean
public FilterRegistrationBean requestParameterSecurityFilter() {
final Map<String, String> initParams = new HashMap<>();
initParams.put(RequestParameterPolicyEnforcementFilter.PARAMETERS_TO_CHECK, casProperties.getHttpWebRequest().getParamsToCheck());
initParams.put(RequestParameterPolicyEnforcementFilter.CHARACTERS_TO_FORBID, "none");
initParams.put(RequestParameterPolicyEnforcementFilter.ALLOW_MULTI_VALUED_PARAMETERS, BooleanUtils.toStringTrueFalse(casProperties.getHttpWebRequest().isAllowMultiValueParameters()));
initParams.put(RequestParameterPolicyEnforcementFilter.ONLY_POST_PARAMETERS, casProperties.getHttpWebRequest().getOnlyPostParams());
final FilterRegistrationBean bean = new FilterRegistrationBean();
bean.setFilter(new RequestParameterPolicyEnforcementFilter());
bean.setUrlPatterns(Collections.singleton("/*"));
bean.setName("requestParameterSecurityFilter");
bean.setInitParameters(initParams);
bean.setAsyncSupported(true);
return bean;
}
Also used :
HashMap(java.util.HashMap)
RequestParameterPolicyEnforcementFilter(org.apereo.cas.security.RequestParameterPolicyEnforcementFilter)
FilterRegistrationBean(org.springframework.boot.web.servlet.FilterRegistrationBean)
RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope)
FilterRegistrationBean(org.springframework.boot.web.servlet.FilterRegistrationBean)
Bean(org.springframework.context.annotation.Bean)
Aggregations
HashMap (java.util.HashMap)1
RequestParameterPolicyEnforcementFilter (org.apereo.cas.security.RequestParameterPolicyEnforcementFilter)1
FilterRegistrationBean (org.springframework.boot.web.servlet.FilterRegistrationBean)1
RefreshScope (org.springframework.cloud.context.config.annotation.RefreshScope)1
Bean (org.springframework.context.annotation.Bean)1
