org.owasp.esapi.filters
Class ClickjackFilter
java.lang.Object
org.owasp.esapi.filters.ClickjackFilter
- All Implemented Interfaces:
- javax.servlet.Filter
public class ClickjackFilter
- extends java.lang.Object
- implements javax.servlet.Filter
The ClickjackFilter
is discussed at
http://www.owasp.org/index.php/ClickjackFilter_for_Java_EE
.
ClickjackFilterDeny
org.owasp.filters.ClickjackFilter
mode
DENY
ClickjackFilterSameOrigin
org.owasp.filters.ClickjackFilter
mode
SAMEORIGIN
ClickjackFilterDeny
/*
Method Summary |
void |
destroy()
|
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who
decide to implement) not to display this content in a frame. |
void |
init(javax.servlet.FilterConfig filterConfig)
Initialize "mode" parameter from web.xml. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
ClickjackFilter
public ClickjackFilter()
init
public void init(javax.servlet.FilterConfig filterConfig)
- Initialize "mode" parameter from web.xml. Valid values are "DENY" and "SAMEORIGIN".
If you leave this parameter out, the default is to use the DENY mode.
- Specified by:
init
in interface javax.servlet.Filter
- Parameters:
filterConfig
- A filter configuration object used by a servlet container
to pass information to a filter during initialization.
doFilter
public void doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
throws java.io.IOException,
javax.servlet.ServletException
- Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who
decide to implement) not to display this content in a frame. For details, please
refer to
http://blogs.msdn.com/sdl/archive/2009/02/05/clickjacking-defense-in-ie8.aspx
.
- Specified by:
doFilter
in interface javax.servlet.Filter
- Parameters:
request
- The request object.response
- The response object.chain
- Refers to the FilterChain
object to pass control to the
next Filter
.
- Throws:
java.io.IOException
javax.servlet.ServletException
destroy
public void destroy()
-
- Specified by:
destroy
in interface javax.servlet.Filter
Copyright © 2010 The Open Web Application Security Project (OWASP). All Rights Reserved.