CsrfProtectionFilter (Jersey 3.0.0-RC2 API)

java.lang.Object
- org.glassfish.jersey.server.filter.CsrfProtectionFilter

All Implemented Interfaces:

ContainerRequestFilter
```
@Priority(value=1000)
public class CsrfProtectionFilter
extends Object
implements ContainerRequestFilter
```
Simple server-side request filter that implements CSRF protection as per the Guidelines for Implementation of REST by NSA (section IV.F) and section 4.3 of this paper. If you add it to the request filters of your application, it will check for X-Requested-By header in each request except for those that don't change state (GET, OPTIONS, HEAD). If the header is not found, it returns Response.Status.BAD_REQUEST response back to the client.

Author:

Martin Matula

See Also:

CsrfProtectionFilter

Field Summary

Fields
Modifier and Type Field and Description

static String HEADER_NAME
Name of the header this filter will attach to the request.

Fields
Modifier and Type	Field and Description
`static String`	`HEADER_NAME` Name of the header this filter will attach to the request.

Constructor Summary

Constructors
Constructor and Description

CsrfProtectionFilter()

Constructors
Constructor and Description
`CsrfProtectionFilter()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`filter(ContainerRequestContext rc)` Filter method called before a request has been dispatched to a resource.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - HEADER_NAME
```
public static final String HEADER_NAME
```
    Name of the header this filter will attach to the request.
    
    See Also:
    
    Constant Field Values
- Constructor Detail
  - CsrfProtectionFilter
```
public CsrfProtectionFilter()
```
- Method Detail
  - filter
```
public void filter(ContainerRequestContext rc)
            throws IOException
```
    Description copied from interface: ContainerRequestFilter
    
    Filter method called before a request has been dispatched to a resource.
    Filters in the filter chain are ordered according to their jakarta.annotation.Priority class-level annotation value. If a request filter produces a response by calling ContainerRequestContext.abortWith(jakarta.ws.rs.core.Response) method, the execution of the (either pre-match or post-match) request filter chain is stopped and the response is passed to the corresponding response filter chain (either pre-match or post-match). For example, a pre-match caching filter may produce a response in this way, which would effectively skip any post-match request filters as well as post-match response filters. Note however that a responses produced in this manner would still be processed by the pre-match response filter chain.
    
    Specified by:
    
    filter in interface ContainerRequestFilter
    
    Parameters:
    
    rc - request context.
    
    Throws:
    
    IOException - if an I/O exception occurs.
    
    See Also:
    
    PreMatching

Class CsrfProtectionFilter

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

HEADER_NAME

Constructor Detail

CsrfProtectionFilter

Method Detail

filter