jomu/shared
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases 7 Activity

enhanced filter, renamed to due enhanced features

Browse Source
This commit is contained in:
jomu
2013-02-06 23:29:49 +00:00
parent aef92c311d
commit bf34546e93
1 changed files with 0 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
jeeutil/src/main/java/de/muehlencord/app/sharedjeeutil/ClickJackFIlter.java
View File

@ -1,58 +0,0 @@
package de.muehlencord.app.sharedjeeutil;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
/**
* Filter to suppress ClickJacking by adding X-FRAME-OPTIONS to header.
* see https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet for details
*
* @author joern@muehlencord.de
*/
public class ClickJackFIlter implements Filter {
/** mode to use */
private String mode = "DENY";
/**
* inits the filter. Checks if a parameter "mode" is available in parameter map tp use instead default "DENY"
*
* @param filterConfig
* @throws ServletException
*/
@Override
public void init(FilterConfig filterConfig) throws ServletException {
String configMode = filterConfig.getInitParameter("mode");
if (configMode != null) {
mode = configMode;
}
}
/**
* Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who decide to implement) not to display this content in a frame. For details,
* please refer to http://blogs.msdn.com/sdl/archive/2009/02/05/clickjacking-defense-in-ie8.aspx.
*
* @param request
* @param response
* @param chain
* @throws IOException
* @throws ServletException
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletResponse res = (HttpServletResponse) response;
res.addHeader("X-FRAME-OPTIONS", mode);
chain.doFilter(request, response);
}
@Override
public void destroy() {
// nothing todo here
}
}