public class ClickjackFilter extends Object implements javax.servlet.Filter
ClickjackFilter
is discussed at
http://www.owasp.org/index.php/ClickjackFilter_for_Java_EE
.
ClickjackFilterDeny org.owasp.filters.ClickjackFilter mode DENY ClickjackFilterSameOrigin org.owasp.filters.ClickjackFilter mode SAMEORIGIN ClickjackFilterDeny /*
Constructor and Description |
---|
ClickjackFilter() |
Modifier and Type | Method and Description |
---|---|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who
decide to implement) not to display this content in a frame.
|
void |
init(javax.servlet.FilterConfig filterConfig)
Initialize "mode" parameter from web.xml.
|
public void init(javax.servlet.FilterConfig filterConfig)
init
in interface javax.servlet.Filter
filterConfig
- A filter configuration object used by a servlet container
to pass information to a filter during initialization.public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
http://blogs.msdn.com/sdl/archive/2009/02/05/clickjacking-defense-in-ie8.aspx
.doFilter
in interface javax.servlet.Filter
request
- The request object.response
- The response object.chain
- Refers to the FilterChain
object to pass control to the
next Filter
.IOException
javax.servlet.ServletException
public void destroy()
destroy
in interface javax.servlet.Filter
Copyright © 2016 The Open Web Application Security Project (OWASP). All rights reserved.