ExploitProtectionService (BroadleafCommerce Common Libraries 3.0.1-GA API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.broadleafcommerce.common.security.service
Interface ExploitProtectionService

All Known Implementing Classes:: ExploitProtectionServiceImpl

public interface ExploitProtectionService

Author:: jfischer

Method Summary
`String`	`cleanString(String string)` Detect and remove possible XSS threats from the passed in string.
`String`	`cleanStringWithResults(String string)` Detect and remove possible XSS threats from the passed in string.
`void`	`compareToken(String passedToken)` Detect possible XSRF attacks by comparing the csrf token included in the request against the true token for this user from the session.
`String`	`getAntiSamyPolicyFileLocation()`
`String`	`getCSRFToken()`
`String`	`getCsrfTokenParameter()`
`void`	`setAntiSamyPolicyFileLocation(String antiSamyPolicyFileLocation)`

Method Detail

cleanString

String cleanString(String string)
                   throws ServiceException

Detect and remove possible XSS threats from the passed in string. This includes <script> tags, and the like.

Parameters:: string - The possibly dirty string
Returns:: The cleansed version of the string
Throws:: ServiceException

cleanStringWithResults

String cleanStringWithResults(String string)
                              throws ServiceException

Detect and remove possible XSS threats from the passed in string. This includes <script> tags, and the like. If an html, validation, or security problem is detected, an exception is thrown. This method also emits well formed xml, which is important if using Thymeleaf to display the results.

Parameters:: string - The possibly dirty string
Returns:: The cleansed version of the string
Throws:: ServiceException, - CleanStringException; ServiceException

getAntiSamyPolicyFileLocation

String getAntiSamyPolicyFileLocation()

setAntiSamyPolicyFileLocation

void setAntiSamyPolicyFileLocation(String antiSamyPolicyFileLocation)

compareToken

void compareToken(String passedToken)
                  throws ServiceException

Detect possible XSRF attacks by comparing the csrf token included in the request against the true token for this user from the session. If they are different, then the exception is thrown.

Parameters:: passedToken - The csrf token that was passed in the request
Throws:: ServiceException

getCSRFToken

String getCSRFToken()
                    throws ServiceException

Throws:: ServiceException

getCsrfTokenParameter

String getCsrfTokenParameter()