Class CsrfProtectionFilter
- java.lang.Object
-
- org.glassfish.jersey.server.filter.CsrfProtectionFilter
-
- All Implemented Interfaces:
ContainerRequestFilter
@Priority(1000) public class CsrfProtectionFilter extends Object implements ContainerRequestFilter
Simple server-side request filter that implements CSRF protection as per the Guidelines for Implementation of REST by NSA (section IV.F) and section 4.3 of this paper. If you add it to the request filters of your application, it will check for X-Requested-By header in each request except for those that don't change state (GET, OPTIONS, HEAD). If the header is not found, it returnsResponse.Status.BAD_REQUEST
response back to the client.- Author:
- Martin Matula
- See Also:
CsrfProtectionFilter
-
-
Field Summary
Fields Modifier and Type Field Description static String
HEADER_NAME
Name of the header this filter will attach to the request.
-
Constructor Summary
Constructors Constructor Description CsrfProtectionFilter()
-
-
-
Field Detail
-
HEADER_NAME
public static final String HEADER_NAME
Name of the header this filter will attach to the request.- See Also:
- Constant Field Values
-
-
Method Detail
-
filter
public void filter(ContainerRequestContext rc) throws IOException
- Specified by:
filter
in interfaceContainerRequestFilter
- Throws:
IOException
-
-