org.broadleafcommerce.common.security.service
Class ExploitProtectionServiceImpl

java.lang.Object
  org.broadleafcommerce.common.security.service.ExploitProtectionServiceImpl

All Implemented Interfaces:

ExploitProtectionService

@Service(value="blExploitProtectionService")
public class ExploitProtectionServiceImpl
extends Object
implements ExploitProtectionService

Author:

jfischer

Field Summary

protected String	antiSamyPolicyFileLocation
protected boolean	xsrfProtectionEnabled
protected boolean	xssProtectionEnabled

Constructor Summary

ExploitProtectionServiceImpl()

Method Summary

String	cleanString(String string) Detect and remove possible XSS threats from the passed in string.
void	compareToken(String passedToken) Detect possible XSRF attacks by comparing the csrf token included in the request against the true token for this user from the session.
String	getAntiSamyPolicyFileLocation()
String	getCSRFToken()
String	getCsrfTokenParameter()
boolean	isXsrfProtectionEnabled()
boolean	isXssProtectionEnabled()
void	setAntiSamyPolicyFileLocation(String antiSamyPolicyFileLocation)
void	setXsrfProtectionEnabled(boolean xsrfProtectionEnabled)
void	setXssProtectionEnabled(boolean xssProtectionEnabled)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

antiSamyPolicyFileLocation

protected String antiSamyPolicyFileLocation

xsrfProtectionEnabled

protected boolean xsrfProtectionEnabled

xssProtectionEnabled

protected boolean xssProtectionEnabled

Constructor Detail

ExploitProtectionServiceImpl

public ExploitProtectionServiceImpl()

Method Detail

cleanString

public String cleanString(String string)
                   throws ServiceException

Description copied from interface: ExploitProtectionService

Detect and remove possible XSS threats from the passed in string. This includes <script> tags, and the like.

Specified by:

cleanString in interface ExploitProtectionService

Parameters:

string - The possibly dirty string

Returns:

The cleansed version of the string

Throws:

ServiceException

compareToken

public void compareToken(String passedToken)
                  throws ServiceException

Description copied from interface: ExploitProtectionService

Detect possible XSRF attacks by comparing the csrf token included in the request against the true token for this user from the session. If they are different, then the exception is thrown.

Specified by:

compareToken in interface ExploitProtectionService

Parameters:

passedToken - The csrf token that was passed in the request

Throws:

ServiceException

getCSRFToken

public String getCSRFToken()
                    throws ServiceException

Specified by:

getCSRFToken in interface ExploitProtectionService

Throws:

ServiceException

getAntiSamyPolicyFileLocation

public String getAntiSamyPolicyFileLocation()

Specified by:

getAntiSamyPolicyFileLocation in interface ExploitProtectionService

setAntiSamyPolicyFileLocation

public void setAntiSamyPolicyFileLocation(String antiSamyPolicyFileLocation)

Specified by:

setAntiSamyPolicyFileLocation in interface ExploitProtectionService

isXsrfProtectionEnabled

public boolean isXsrfProtectionEnabled()

setXsrfProtectionEnabled

public void setXsrfProtectionEnabled(boolean xsrfProtectionEnabled)

isXssProtectionEnabled

public boolean isXssProtectionEnabled()

setXssProtectionEnabled

public void setXssProtectionEnabled(boolean xssProtectionEnabled)

getCsrfTokenParameter

public String getCsrfTokenParameter()

Specified by:

getCsrfTokenParameter in interface ExploitProtectionService