org.sdase.commons.server.security.filter.WebSecurityApiOnlyHeaderFilter

All Implemented Interfaces:: jakarta.ws.rs.container.ContainerResponseFilter

public class WebSecurityApiOnlyHeaderFilter extends Object implements jakarta.ws.rs.container.ContainerResponseFilter

This filter adds headers to the response that enhance the security of web applications. Usually we do not provide web content from services. But we address the risks identified in the security guide as:

"Risiko: Clickjacking"
"Risiko: Interpretation von Inhalten durch den Browser"
"Risiko: Cross Site Scripting (XSS)"
"Risiko: Weitergabe von besuchten URLs an Dritte"
"Risiko: Nachladen von Inhalten in Flash und PDFs"

Constructor Summary

Constructors

Constructor

Description

WebSecurityApiOnlyHeaderFilter()
Method Summary

Modifier and Type

Method

Description

void

filter(jakarta.ws.rs.container.ContainerRequestContext requestContext, jakarta.ws.rs.container.ContainerResponseContext responseContext)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- WebSecurityApiOnlyHeaderFilter
  
  public WebSecurityApiOnlyHeaderFilter()
Method Details
- filter
  
  public void filter(jakarta.ws.rs.container.ContainerRequestContext requestContext, jakarta.ws.rs.container.ContainerResponseContext responseContext) throws IOException
  
  Specified by:
  
  filter in interface jakarta.ws.rs.container.ContainerResponseFilter
  
  Throws:
  
  IOException

Class WebSecurityApiOnlyHeaderFilter

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

WebSecurityApiOnlyHeaderFilter

Method Details

filter