public class RestCsrfPreventionFilter
extends java.lang.Object
Modifier and Type | Class and Description |
---|---|
static interface |
RestCsrfPreventionFilter.HttpInteraction
Defines the minimal API requirements for the filter to execute its
filtering logic.
|
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
BROWSER_USER_AGENT_PARAM |
static java.lang.String |
CUSTOM_HEADER_PARAM |
static java.lang.String |
CUSTOM_METHODS_TO_IGNORE_PARAM |
static java.lang.String |
HEADER_DEFAULT |
static java.lang.String |
HEADER_USER_AGENT |
Constructor and Description |
---|
RestCsrfPreventionFilter() |
Modifier and Type | Method and Description |
---|---|
void |
destroy() |
void |
doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain) |
static java.util.Map<java.lang.String,java.lang.String> |
getFilterParams(Configuration conf,
java.lang.String confPrefix)
Constructs a mapping of configuration properties to be used for filter
initialization.
|
void |
handleHttpInteraction(RestCsrfPreventionFilter.HttpInteraction httpInteraction)
Handles an
RestCsrfPreventionFilter.HttpInteraction by applying the filtering logic. |
void |
init(FilterConfig filterConfig) |
protected boolean |
isBrowser(java.lang.String userAgent)
This method interrogates the User-Agent String and returns whether it
refers to a browser.
|
public static final java.lang.String HEADER_USER_AGENT
public static final java.lang.String BROWSER_USER_AGENT_PARAM
public static final java.lang.String CUSTOM_HEADER_PARAM
public static final java.lang.String CUSTOM_METHODS_TO_IGNORE_PARAM
public static final java.lang.String HEADER_DEFAULT
public void init(FilterConfig filterConfig) throws ServletException
ServletException
protected boolean isBrowser(java.lang.String userAgent)
A User-Agent String is considered to be a browser if it matches any of the regex patterns from browser-useragent-regex; the default behavior is to consider everything a browser that matches the following: "^Mozilla.*,^Opera.*". Subclasses can optionally override this method to use different behavior.
userAgent
- The User-Agent String, or null if there isn't onepublic void handleHttpInteraction(RestCsrfPreventionFilter.HttpInteraction httpInteraction) throws java.io.IOException, ServletException
RestCsrfPreventionFilter.HttpInteraction
by applying the filtering logic.httpInteraction
- caller's HTTP interactionjava.io.IOException
- if there is an I/O errorServletException
- if the implementation relies on the servlet API
and a servlet API call has failedpublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws java.io.IOException, ServletException
java.io.IOException
ServletException
public void destroy()
public static java.util.Map<java.lang.String,java.lang.String> getFilterParams(Configuration conf, java.lang.String confPrefix)
conf
- configuration to readconfPrefix
- configuration prefix