migrated OwaspStandardFilter to security-filter project

2017-04-17 16:52:39 +00:00
parent 665db06d5b
commit 613b047aa9
1 changed files with 0 additions and 74 deletions
--- a/jeeutil/src/main/java/de/muehlencord/shared/jeeutil/OwaspStandardFilter.java
+++ b/jeeutil/src/main/java/de/muehlencord/shared/jeeutil/OwaspStandardFilter.java
@ -1,74 +0,0 @@
-package de.muehlencord.shared.jeeutil;
-
-import java.io.IOException;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * Filter to suppress ClickJacking and Mime Sniffing by adding header fields
- *
- * @author joern@muehlencord.de
- */
-public class OwaspStandardFilter implements Filter {
-
-    /** mode to use */
-    private String mode = "DENY";
-
-    /**
-     * inits the filter. Checks if a parameter "mode" is available in parameter map tp use instead default "DENY"
-     *
-     * @param filterConfig
-     * @throws ServletException
-     */
-    @Override
-    public void init(FilterConfig filterConfig) throws ServletException {
-        String configMode = filterConfig.getInitParameter("mode");
-        if (configMode != null) {
-            mode = configMode;
-        }
-    }
-
-    /**
-     *
-     * @param request
-     * @param response
-     * @param chain
-     * @throws IOException
-     * @throws ServletException
-     */
-    @Override
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-        HttpServletResponse res = (HttpServletResponse) response;
-        // X-FRAME-OPTIONS: Clickjacking protection: "deny" - no rendering within a frame, "sameorigin" - no rendering if origin mismatch
-        res.addHeader("X-FRAME-OPTIONS", mode);
-        
-        // Ensure that the web browser's XSS filter is enabled, by setting the X-XSS-Protection HTTP response header to '1'.
-        res.addHeader("X-XSS-Protection", "1");
-
-        // X-Content-Type-Options the only defined value, "nosniff", 
-        // The only defined value, "nosniff", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. 
-        // This also applies to Google Chrome, when downloading extensions.
-        res.addHeader("X-Content-Type-Options", "nosniff");
-        
-        // disableing caching by Pragma setting
-        res.addHeader("Pragma", "no-cache");
-        
-        // disabling caching by Cache-control settings
-        res.addHeader("Cache-control", "no-cache, no-store, must-revalidate, private"); 
-        
-        chain.doFilter(request, response);
-    }
-
-    /**
-     * destroys the filter
-     */
-    @Override
-    public void destroy() {
-        // nothing todo here
-    }
-}