Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.sun.jersey.api.container.filter
Class CsrfProtectionFilter

java.lang.Object
  extended by com.sun.jersey.api.container.filter.CsrfProtectionFilter
All Implemented Interfaces:
ContainerRequestFilter
public class CsrfProtectionFilter
extends java.lang.Object
implements ContainerRequestFilter

Simple server-side request filter that implements CSRF protection as per the Guidelines for Implementation of REST by NSA (section IV.F) and section 4.3 of this paper. If you add it to the request filters of your application, it will check for X-Requested-By header in each request except for those that don't change state (GET, OPTIONS, HEAD). If the header is not found, it returns Response.Status.BAD_REQUEST response back to the client.

Author:
Martin Matula

Constructor Summary
CsrfProtectionFilter()
           
 
Method Summary
 ContainerRequest filter(ContainerRequest request)
          Filter the request.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CsrfProtectionFilter

public CsrfProtectionFilter()
Method Detail

filter

public ContainerRequest filter(ContainerRequest request)
Description copied from interface: ContainerRequestFilter
Filter the request.

An implementation may modify the state of the request or create a new instance.

Specified by:
filter in interface ContainerRequestFilter
Parameters:
request - the request.
Returns:
the request.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2011 Oracle Corporation. All Rights Reserved.