Class CsrfProtectionFilter

  • All Implemented Interfaces:
    javax.ws.rs.container.ContainerRequestFilter

    @Priority(1000)
    public class CsrfProtectionFilter
    extends java.lang.Object
    implements javax.ws.rs.container.ContainerRequestFilter
    Simple server-side request filter that implements CSRF protection as per the Guidelines for Implementation of REST by NSA (section IV.F) and section 4.3 of this paper. If you add it to the request filters of your application, it will check for X-Requested-By header in each request except for those that don't change state (GET, OPTIONS, HEAD). If the header is not found, it returns Response.Status.BAD_REQUEST response back to the client.
    See Also:
    CsrfProtectionFilter
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String HEADER_NAME
      Name of the header this filter will attach to the request.
      private static java.util.Set<java.lang.String> METHODS_TO_IGNORE  
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void filter​(javax.ws.rs.container.ContainerRequestContext rc)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • HEADER_NAME

        public static final java.lang.String HEADER_NAME
        Name of the header this filter will attach to the request.
        See Also:
        Constant Field Values
      • METHODS_TO_IGNORE

        private static final java.util.Set<java.lang.String> METHODS_TO_IGNORE
    • Constructor Detail

      • CsrfProtectionFilter

        public CsrfProtectionFilter()
    • Method Detail

      • filter

        public void filter​(javax.ws.rs.container.ContainerRequestContext rc)
                    throws java.io.IOException
        Specified by:
        filter in interface javax.ws.rs.container.ContainerRequestFilter
        Throws:
        java.io.IOException