org.glassfish.jersey.server.filter.CsrfProtectionFilter

All Implemented Interfaces:: ContainerRequestFilter

@Priority(1000) public class CsrfProtectionFilter extends Object implements ContainerRequestFilter

Simple server-side request filter that implements CSRF protection as per the Guidelines for Implementation of REST by NSA (section IV.F) and section 4.3 of this paper. If you add it to the request filters of your application, it will check for X-Requested-By header in each request except for those that don't change state (GET, OPTIONS, HEAD). If the header is not found, it returns Response.Status.BAD_REQUEST response back to the client.

Author:

Martin Matula

See Also:

CsrfProtectionFilter

Field Summary

Fields

Modifier and Type

Field

Description

static final String

HEADER_NAME

Name of the header this filter will attach to the request.
Constructor Summary

Constructors

Constructor

Description

CsrfProtectionFilter()
Method Summary

Modifier and Type

Method

Description

void

filter(ContainerRequestContext rc)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details
- HEADER_NAME
  
  public static final String HEADER_NAME
  
  Name of the header this filter will attach to the request.
  See Also:
  
  Constant Field Values
Constructor Details
- CsrfProtectionFilter
  
  public CsrfProtectionFilter()
Method Details
- filter
  
  public void filter(ContainerRequestContext rc) throws IOException
  
  Specified by:
  
  filter in interface ContainerRequestFilter
  
  Throws:
  
  IOException

Class CsrfProtectionFilter

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Details

HEADER_NAME

Constructor Details

CsrfProtectionFilter

Method Details

filter