Class WebSecurityApiOnlyHeaderFilter
java.lang.Object
org.sdase.commons.server.security.filter.WebSecurityApiOnlyHeaderFilter
- All Implemented Interfaces:
jakarta.ws.rs.container.ContainerResponseFilter
public class WebSecurityApiOnlyHeaderFilter
extends Object
implements jakarta.ws.rs.container.ContainerResponseFilter
This filter adds headers to the response that enhance the security of web applications. Usually
we do not provide web content from services. But we address the risks identified in the security
guide as:
- "Risiko: Clickjacking"
- "Risiko: Interpretation von Inhalten durch den Browser"
- "Risiko: Cross Site Scripting (XSS)"
- "Risiko: Weitergabe von besuchten URLs an Dritte"
- "Risiko: Nachladen von Inhalten in Flash und PDFs"
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoid
filter
(jakarta.ws.rs.container.ContainerRequestContext requestContext, jakarta.ws.rs.container.ContainerResponseContext responseContext)
-
Constructor Details
-
WebSecurityApiOnlyHeaderFilter
public WebSecurityApiOnlyHeaderFilter()
-
-
Method Details
-
filter
public void filter(jakarta.ws.rs.container.ContainerRequestContext requestContext, jakarta.ws.rs.container.ContainerResponseContext responseContext) throws IOException - Specified by:
filter
in interfacejakarta.ws.rs.container.ContainerResponseFilter
- Throws:
IOException
-