first commit

2013-02-06 22:06:43 +00:00
parent 1a6d3e4c41
commit aef92c311d
84 changed files with 5334 additions and 0 deletions
--- a/jeeutil/src/main/java/de/muehlencord/app/sharedjeeutil/ClickJackFIlter.java
+++ b/jeeutil/src/main/java/de/muehlencord/app/sharedjeeutil/ClickJackFIlter.java
@ -0,0 +1,58 @@
+package de.muehlencord.app.sharedjeeutil;
+
+import java.io.IOException;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Filter to suppress ClickJacking by adding X-FRAME-OPTIONS to header. 
+ * see https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet for details
+ *
+ * @author joern@muehlencord.de
+ */
+public class ClickJackFIlter implements Filter {
+
+    /** mode to use */
+    private String mode = "DENY";
+
+    /**
+     * inits the filter. Checks if a parameter "mode" is available in parameter map tp use instead default "DENY"
+     *
+     * @param filterConfig
+     * @throws ServletException
+     */
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        String configMode = filterConfig.getInitParameter("mode");
+        if (configMode != null) {
+            mode = configMode;
+        }
+    }
+
+    /**
+     * Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who decide to implement) not to display this content in a frame. For details,
+     * please refer to http://blogs.msdn.com/sdl/archive/2009/02/05/clickjacking-defense-in-ie8.aspx.
+     *
+     * @param request
+     * @param response
+     * @param chain
+     * @throws IOException
+     * @throws ServletException
+     */
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        HttpServletResponse res = (HttpServletResponse) response;
+        res.addHeader("X-FRAME-OPTIONS", mode);
+        chain.doFilter(request, response);
+    }
+
+    @Override
+    public void destroy() {
+        // nothing todo here
+    }
+}
--- a/jeeutil/src/main/resources/META-INF/MANIFEST.MF
+++ b/jeeutil/src/main/resources/META-INF/MANIFEST.MF
@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+