Class CsrfProtectionFilter
java.lang.Object
org.glassfish.jersey.server.filter.CsrfProtectionFilter
- All Implemented Interfaces:
ContainerRequestFilter
Simple server-side request filter that implements CSRF protection as per the
Guidelines for Implementation of REST
by NSA (section IV.F) and
section 4.3 of this paper.
If you add it to the request filters of your application, it will check for X-Requested-By header in each
request except for those that don't change state (GET, OPTIONS, HEAD). If the header is not found,
it returns
Response.Status.BAD_REQUEST
response back to the client.- Author:
- Martin Matula
- See Also:
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
Name of the header this filter will attach to the request. -
Constructor Summary
-
Method Summary
-
Field Details
-
HEADER_NAME
Name of the header this filter will attach to the request.- See Also:
-
-
Constructor Details
-
CsrfProtectionFilter
public CsrfProtectionFilter()
-
-
Method Details
-
filter
- Specified by:
filter
in interfaceContainerRequestFilter
- Throws:
IOException
-