org.broadleafcommerce.common.security.service
Class ExploitProtectionServiceImpl
java.lang.Object
org.broadleafcommerce.common.security.service.ExploitProtectionServiceImpl
- All Implemented Interfaces:
- ExploitProtectionService
@Service(value="blExploitProtectionService")
public class ExploitProtectionServiceImpl
- extends Object
- implements ExploitProtectionService
- Author:
- jfischer
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
antiSamyPolicyFileLocation
protected String antiSamyPolicyFileLocation
xsrfProtectionEnabled
protected boolean xsrfProtectionEnabled
xssProtectionEnabled
protected boolean xssProtectionEnabled
ExploitProtectionServiceImpl
public ExploitProtectionServiceImpl()
cleanString
public String cleanString(String string)
throws ServiceException
- Description copied from interface:
ExploitProtectionService
- Detect and remove possible XSS threats from the passed in string. This
includes
<script> tags, and the like.
- Specified by:
cleanString in interface ExploitProtectionService
- Parameters:
string - The possibly dirty string
- Returns:
- The cleansed version of the string
- Throws:
ServiceException
cleanStringWithResults
public String cleanStringWithResults(String string)
throws ServiceException
- Description copied from interface:
ExploitProtectionService
- Detect and remove possible XSS threats from the passed in string. This
includes
<script> tags, and the like. If an html, validation, or
security problem is detected, an exception is thrown. This method also emits
well formed xml, which is important if using Thymeleaf to display the results.
- Specified by:
cleanStringWithResults in interface ExploitProtectionService
- Parameters:
string - The possibly dirty string
- Returns:
- The cleansed version of the string
- Throws:
ServiceException
compareToken
public void compareToken(String passedToken)
throws ServiceException
- Description copied from interface:
ExploitProtectionService
- Detect possible XSRF attacks by comparing the csrf token included
in the request against the true token for this user from the session. If they are
different, then the exception is thrown.
- Specified by:
compareToken in interface ExploitProtectionService
- Parameters:
passedToken - The csrf token that was passed in the request
- Throws:
ServiceException
getCSRFToken
public String getCSRFToken()
throws ServiceException
- Specified by:
getCSRFToken in interface ExploitProtectionService
- Throws:
ServiceException
getAntiSamyPolicyFileLocation
public String getAntiSamyPolicyFileLocation()
- Specified by:
getAntiSamyPolicyFileLocation in interface ExploitProtectionService
setAntiSamyPolicyFileLocation
public void setAntiSamyPolicyFileLocation(String antiSamyPolicyFileLocation)
- Specified by:
setAntiSamyPolicyFileLocation in interface ExploitProtectionService
isXsrfProtectionEnabled
public boolean isXsrfProtectionEnabled()
setXsrfProtectionEnabled
public void setXsrfProtectionEnabled(boolean xsrfProtectionEnabled)
isXssProtectionEnabled
public boolean isXssProtectionEnabled()
setXssProtectionEnabled
public void setXssProtectionEnabled(boolean xssProtectionEnabled)
getCsrfTokenParameter
public String getCsrfTokenParameter()
- Specified by:
getCsrfTokenParameter in interface ExploitProtectionService
Copyright © 2013. All Rights Reserved.