org.glassfish.jersey.server.filter
Class CsrfProtectionFilter

java.lang.Object
  org.glassfish.jersey.server.filter.CsrfProtectionFilter

All Implemented Interfaces:

PreMatchRequestFilter

public class CsrfProtectionFilter
extends java.lang.Object
implements PreMatchRequestFilter

Simple server-side request filter that implements CSRF protection as per the Guidelines for Implementation of REST by NSA (section IV.F) and section 4.3 of this paper. If you add it to the request filters of your application, it will check for X-Requested-By header in each request except for those that don't change state (GET, OPTIONS, HEAD). If the header is not found, it returns Response.Status.BAD_REQUEST response back to the client.

Author:

Martin Matula (martin.matula at oracle.com)

See Also:

client.filter.CsrfProtectionFilter

Field Summary

static java.lang.String

HEADER_NAME Name of the header this filter will attach to the request.

Constructor Summary

CsrfProtectionFilter()

Method Summary

void	preMatchFilter(FilterContext fc)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

HEADER_NAME

public static final java.lang.String HEADER_NAME

Name of the header this filter will attach to the request.

See Also:

Constant Field Values

Constructor Detail

CsrfProtectionFilter

public CsrfProtectionFilter()

Method Detail

preMatchFilter

public final void preMatchFilter(FilterContext fc)
                          throws java.io.IOException

Specified by:

preMatchFilter in interface PreMatchRequestFilter

Throws:

java.io.IOException