Class CsrfProtectionFilter
- java.lang.Object
-
- org.glassfish.jersey.server.filter.CsrfProtectionFilter
-
- All Implemented Interfaces:
javax.ws.rs.container.ContainerRequestFilter
@Priority(1000) public class CsrfProtectionFilter extends java.lang.Object implements javax.ws.rs.container.ContainerRequestFilter
Simple server-side request filter that implements CSRF protection as per the Guidelines for Implementation of REST by NSA (section IV.F) and section 4.3 of this paper. If you add it to the request filters of your application, it will check for X-Requested-By header in each request except for those that don't change state (GET, OPTIONS, HEAD). If the header is not found, it returnsResponse.Status.BAD_REQUEST
response back to the client.- See Also:
CsrfProtectionFilter
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
HEADER_NAME
Name of the header this filter will attach to the request.private static java.util.Set<java.lang.String>
METHODS_TO_IGNORE
-
Constructor Summary
Constructors Constructor Description CsrfProtectionFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
filter(javax.ws.rs.container.ContainerRequestContext rc)
-
-
-
Field Detail
-
HEADER_NAME
public static final java.lang.String HEADER_NAME
Name of the header this filter will attach to the request.- See Also:
- Constant Field Values
-
METHODS_TO_IGNORE
private static final java.util.Set<java.lang.String> METHODS_TO_IGNORE
-
-