org.glassfish.jersey.server.filter
Class CsrfProtectionFilter
java.lang.Object
org.glassfish.jersey.server.filter.CsrfProtectionFilter
- All Implemented Interfaces:
- ContainerRequestFilter
public class CsrfProtectionFilter
- extends Object
- implements ContainerRequestFilter
Simple server-side request filter that implements CSRF protection as per the
Guidelines for Implementation of REST
by NSA (section IV.F) and
section 4.3 of this paper.
If you add it to the request filters of your application, it will check for X-Requested-By header in each
request except for those that don't change state (GET, OPTIONS, HEAD). If the header is not found,
it returns Response.Status.BAD_REQUEST response back to the client.
- Author:
- Martin Matula (martin.matula at oracle.com)
- See Also:
CsrfProtectionFilter
|
Field Summary |
static String |
HEADER_NAME
Name of the header this filter will attach to the request. |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
HEADER_NAME
public static final String HEADER_NAME
- Name of the header this filter will attach to the request.
- See Also:
- Constant Field Values
CsrfProtectionFilter
public CsrfProtectionFilter()
filter
public void filter(ContainerRequestContext rc)
throws IOException
- Specified by:
filter in interface ContainerRequestFilter
- Throws:
IOException
Copyright © 2007-2012 Oracle Corporation. All Rights Reserved. Use is subject to license terms.