Class WebSecurityApiOnlyHeaderFilter
- java.lang.Object
-
- org.sdase.commons.server.security.filter.WebSecurityApiOnlyHeaderFilter
-
- All Implemented Interfaces:
javax.ws.rs.container.ContainerResponseFilter
public class WebSecurityApiOnlyHeaderFilter extends java.lang.Object implements javax.ws.rs.container.ContainerResponseFilter
This filter adds headers to the response that enhance the security of web applications. Usually we do not provide web content from services. But we address the risks identified in the security guide as:- "Risiko: Clickjacking"
- "Risiko: Interpretation von Inhalten durch den Browser"
- "Risiko: Cross Site Scripting (XSS)"
- "Risiko: Weitergabe von besuchten URLs an Dritte"
- "Risiko: Nachladen von Inhalten in Flash und PDFs"
-
-
Constructor Summary
Constructors Constructor Description WebSecurityApiOnlyHeaderFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
filter(javax.ws.rs.container.ContainerRequestContext requestContext, javax.ws.rs.container.ContainerResponseContext responseContext)
-
-
-
Method Detail
-
filter
public void filter(javax.ws.rs.container.ContainerRequestContext requestContext, javax.ws.rs.container.ContainerResponseContext responseContext) throws java.io.IOException
- Specified by:
filter
in interfacejavax.ws.rs.container.ContainerResponseFilter
- Throws:
java.io.IOException
-
-