enhanced filter, renamed to due enhanced features

2013-02-06 23:29:49 +00:00
parent aef92c311d
commit bf34546e93
1 changed files with 0 additions and 58 deletions
--- a/jeeutil/src/main/java/de/muehlencord/app/sharedjeeutil/ClickJackFIlter.java
+++ b/jeeutil/src/main/java/de/muehlencord/app/sharedjeeutil/ClickJackFIlter.java
@ -1,58 +0,0 @@
 package de.muehlencord.app.sharedjeeutil;
 import java.io.IOException;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletResponse;
 /**
 * Filter to suppress ClickJacking by adding X-FRAME-OPTIONS to header. 
 * see https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet for details
 *
 * @author joern@muehlencord.de
 */
 public class ClickJackFIlter implements Filter {
    /** mode to use */
    private String mode = "DENY";
    /**
     * inits the filter. Checks if a parameter "mode" is available in parameter map tp use instead default "DENY"
     *
     * @param filterConfig
     * @throws ServletException
     */
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        String configMode = filterConfig.getInitParameter("mode");
        if (configMode != null) {
            mode = configMode;
        }
    }
    /**
     * Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who decide to implement) not to display this content in a frame. For details,
     * please refer to http://blogs.msdn.com/sdl/archive/2009/02/05/clickjacking-defense-in-ie8.aspx.
     *
     * @param request
     * @param response
     * @param chain
     * @throws IOException
     * @throws ServletException
     */
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse res = (HttpServletResponse) response;
        res.addHeader("X-FRAME-OPTIONS", mode);
        chain.doFilter(request, response);
    }
    @Override
    public void destroy() {
        // nothing todo here
    }
 }