tessl/maven-org-springframework-security--spring-security-web

Spring Security Web module provides comprehensive web security features for Spring-based applications, including servlet-based authentication, authorization, CSRF protection, session management, and security filter chain implementation

—

Pending

Overview

Eval results

Files

Request Validation and Firewall

Name: tessl/maven-org-springframework-security--spring-security-web
Author: tessl

Spring Security Web's firewall system provides HTTP request validation, sanitization, and attack prevention through configurable rules that protect against malicious requests.

Core Firewall Components

public interface HttpFirewall {
    FirewalledRequest getFirewalledRequest(HttpServletRequest request) throws RequestRejectedException;
    HttpServletResponse getFirewalledResponse(HttpServletResponse response);
}

public class StrictHttpFirewall implements HttpFirewall {
    public void setAllowUrlEncodedSlash(boolean allowUrlEncodedSlash);
    public void setAllowUrlEncodedPercent(boolean allowUrlEncodedPercent);
    public void setAllowSemicolon(boolean allowSemicolon);
    public void setUnsafeAllowAnyHttpMethod(boolean unsafeAllowAnyHttpMethod);
    public FirewalledRequest getFirewalledRequest(HttpServletRequest request);
    public HttpServletResponse getFirewalledResponse(HttpServletResponse response);
}

public interface RequestRejectedHandler {
    void handle(HttpServletRequest request, HttpServletResponse response, 
                RequestRejectedException requestRejectedException) throws IOException, ServletException;
}

public class HttpStatusRequestRejectedHandler implements RequestRejectedHandler {
    public HttpStatusRequestRejectedHandler(HttpStatus httpStatus);
    public void handle(HttpServletRequest request, HttpServletResponse response, 
                      RequestRejectedException requestRejectedException);
}

Usage Examples

// Configure strict firewall
StrictHttpFirewall firewall = new StrictHttpFirewall();
firewall.setAllowUrlEncodedSlash(false);
firewall.setAllowSemicolon(false);

FilterChainProxy proxy = new FilterChainProxy(chains);
proxy.setFirewall(firewall);
proxy.setRequestRejectedHandler(new HttpStatusRequestRejectedHandler(HttpStatus.BAD_REQUEST));

Install with Tessl CLI

npx tessl i tessl/maven-org-springframework-security--spring-security-web

docs

session-management.md

utilities.md

tile.json

tessl/maven-org-springframework-security--spring-security-web

firewall.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}docs/

Request Validation and Firewall

Core Firewall Components

Usage Examples

firewall.mddocs/