Category:OWASP J2EE Filters Project/AllowedHeadersOnly

Source Code
import java.io.IOException; import java.util.Enumeration; import java.util.HashMap; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; /** * Servlet filter class. */ public class AllowedHeadersOnlyFilter implements Filter { private HashMap map = new HashMap; /** 	 * Called by the web container to indicate to a filter that it is being * placed into service. The servlet container calls the init method exactly * once after instantiating the filter. The init method must complete * successfully before the filter is asked to do any filtering work. * 	 * @param filterConfig *           configuration object */ 	public void init(FilterConfig filterConfig) { Enumeration e = filterConfig.getInitParameterNames; while (e.hasMoreElements) { String name = (String) e.nextElement; String value = filterConfig.getInitParameter(name); map.put(name, value); } 	} 	/** 	 * The doFilter method of the Filter is called by the container each time a 	 * request/response pair is passed through the chain due to a client request * for a resource at the end of the chain. The FilterChain passed in to this * method allows the Filter to pass on the request and response to the next * entity in the chain. * 	 * @param request *           Request object to be processed * @param response *           Response object * @param chain *           current FilterChain * @exception IOException *               if any occurs * @throws ServletException */ 	public void doFilter(ServletRequest request, ServletResponse response, 			FilterChain chain) throws IOException, ServletException { chain.doFilter(request, response); //FIXME: parse headers here } 	/** 	 * Called by the web container to indicate to a filter that it is being * taken out of service. This method is only called once all threads within * the filter's doFilter method have exited or after a timeout period has * passed. After the web container calls this method, it will not call the * doFilter method again on this instance of the filter. */ 	public void destroy { // finalize } }

Project Sponsor
The OWASP J2EE Filters Project is sponsored by http://www.owasp.org/images/d/d1/Aspect_logo.gif