CsrfProtectionFilter (Jersey 2.0.1 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.glassfish.jersey.server.filter
Class CsrfProtectionFilter

java.lang.Object
  org.glassfish.jersey.server.filter.CsrfProtectionFilter

All Implemented Interfaces:: ContainerRequestFilter

@Priority(value=1000) public class CsrfProtectionFilter
extends Object
implements ContainerRequestFilter
extends Object
implements ContainerRequestFilter

Simple server-side request filter that implements CSRF protection as per the Guidelines for Implementation of REST by NSA (section IV.F) and section 4.3 of this paper. If you add it to the request filters of your application, it will check for X-Requested-By header in each request except for those that don't change state (GET, OPTIONS, HEAD). If the header is not found, it returns Response.Status.BAD_REQUEST response back to the client.

Author:: Martin Matula (martin.matula at oracle.com)
See Also:: CsrfProtectionFilter

Field Summary
`static String`	`HEADER_NAME` Name of the header this filter will attach to the request.

Constructor Summary
`CsrfProtectionFilter()`

Method Summary
`void`	`filter(ContainerRequestContext rc)` Filter method called before a request has been dispatched to a resource.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

HEADER_NAME

public static final String HEADER_NAME

Name of the header this filter will attach to the request.

See Also:: Constant Field Values

Constructor Detail

CsrfProtectionFilter

public CsrfProtectionFilter()

Method Detail

filter

public void filter(ContainerRequestContext rc)
            throws IOException

Description copied from interface: ContainerRequestFilter

Filter method called before a request has been dispatched to a resource.

Filters in the filter chain are ordered according to their javax.annotation.Priority class-level annotation value. If a request filter produces a response by calling ContainerRequestContext.abortWith(javax.ws.rs.core.Response) method, the execution of the (either pre-match or post-match) request filter chain is stopped and the response is passed to the corresponding response filter chain (either pre-match or post-match). For example, a pre-match caching filter may produce a response in this way, which would effectively skip any post-match request filters as well as post-match response filters. Note however that a responses produced in this manner would still be processed by the pre-match response filter chain.

Specified by:: filter in interface ContainerRequestFilter

Parameters:: rc - request context.
Throws:: IOException - if an I/O exception occurs.
See Also:: PreMatching