Package org.sdase.commons.server.security.filter

Class WebSecurityApiOnlyHeaderFilter

  • All Implemented Interfaces:
    javax.ws.rs.container.ContainerResponseFilter
    public class WebSecurityApiOnlyHeaderFilter
extends java.lang.Object
implements javax.ws.rs.container.ContainerResponseFilter
    This filter adds headers to the response that enhance the security of web applications. Usually we do not provide web content from services. But we address the risks identified in the security guide as:
    • "Risiko: Clickjacking"
    • "Risiko: Interpretation von Inhalten durch den Browser"
    • "Risiko: Cross Site Scripting (XSS)"
    • "Risiko: Weitergabe von besuchten URLs an Dritte"
    • "Risiko: Nachladen von Inhalten in Flash und PDFs"

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void filter​(javax.ws.rs.container.ContainerRequestContext requestContext, javax.ws.rs.container.ContainerResponseContext responseContext)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • WebSecurityApiOnlyHeaderFilter

        public WebSecurityApiOnlyHeaderFilter()

    • Method Detail

      • filter

        public void filter​(javax.ws.rs.container.ContainerRequestContext requestContext,
                   javax.ws.rs.container.ContainerResponseContext responseContext)
            throws java.io.IOException
        Specified by:
        filter in interface javax.ws.rs.container.ContainerResponseFilter
        Throws:
        java.io.IOException