org.glassfish.jersey.server.filter
Class CsrfProtectionFilter
java.lang.Object
org.glassfish.jersey.server.filter.CsrfProtectionFilter
- All Implemented Interfaces:
- javax.ws.rs.container.ContainerRequestFilter
@Priority(value=1000)
public class CsrfProtectionFilter
- extends Object
- implements javax.ws.rs.container.ContainerRequestFilter
Simple server-side request filter that implements CSRF protection as per the
Guidelines for Implementation of REST
by NSA (section IV.F) and
section 4.3 of this paper.
If you add it to the request filters of your application, it will check for X-Requested-By header in each
request except for those that don't change state (GET, OPTIONS, HEAD). If the header is not found,
it returns Response.Status.BAD_REQUEST response back to the client.
- Author:
- Martin Matula (martin.matula at oracle.com)
- See Also:
CsrfProtectionFilter
|
Field Summary |
static String |
HEADER_NAME
Name of the header this filter will attach to the request. |
|
Method Summary |
void |
filter(javax.ws.rs.container.ContainerRequestContext rc)
|
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
HEADER_NAME
public static final String HEADER_NAME
- Name of the header this filter will attach to the request.
- See Also:
- Constant Field Values
CsrfProtectionFilter
public CsrfProtectionFilter()
filter
public void filter(javax.ws.rs.container.ContainerRequestContext rc)
throws IOException
- Specified by:
filter in interface javax.ws.rs.container.ContainerRequestFilter
- Throws:
IOException
Copyright © 2007-2013, Oracle and/or its affiliates. All Rights Reserved. Use is subject to license terms.