Class RequestUtil

java.lang.Object
org.apache.tomcat.util.http.RequestUtil
public class RequestUtil extends Object
Utility methods for HTTP request processing.

  • Method Details

    • normalize

      public static String normalize(String path)
      Normalize a relative URI path. This method normalizes "/./", "/../", "//" and "\". If the input path is an attempt to 'escape the root' (e.g. /../input.txt) then null is returned to prevent attempts to 'escape the root'. URI paths containing null bytes will be rejected.
      Parameters:
      path - Relative path to be normalized
      Returns:
      The normalized path or null if the input path attempts to 'escape the root'.

    • normalize

      public static String normalize(String path, boolean replaceBackSlash)
      Normalize a relative URI path. This method normalizes "/./", "/../" and "//". This method optionally normalizes "\". If the input path is an attempt to 'escape the root' (e.g. /../input.txt) then null is returned to prevent attempts to 'escape the root'. URI paths containing null bytes will be rejected.
      Parameters:
      path - Relative path to be normalized
      replaceBackSlash - Should '\\' be normalized to '/'
      Returns:
      The normalized path or null if the input path attempts to 'escape the root'.

    • isSameOrigin

      public static boolean isSameOrigin(HttpServletRequest request, String origin)
      Check if the given origin matches the origin of the request.
      Parameters:
      request - The HTTP servlet request
      origin - The origin to check
      Returns:
      True if the origin matches the request's origin

    • isValidOrigin

      public static boolean isValidOrigin(String origin)
      Checks if a given origin is valid or not. Criteria:
      • If an encoded character is present in origin, it's not valid.
      • If origin is "null", it's valid.
      • Origin should be a valid URI
      Parameters:
      origin - The origin URI
      Returns:
      true if the origin was valid
      See Also: