Class ClickjackFilter

  • All Implemented Interfaces:
    javax.servlet.Filter

    public class ClickjackFilter
    extends java.lang.Object
    implements javax.servlet.Filter
    The ClickjackFilter is discussed at {@link http://www.owasp.org/index.php/ClickjackFilter_for_Java_EE}.
         
                ClickjackFilterDeny
                org.owasp.filters.ClickjackFilter
                
                    mode
                     DENY
                 
             
             
             
                 ClickjackFilterSameOrigin
                 org.owasp.filters.ClickjackFilter
                 
                     mode
                     SAMEORIGIN
                 
             
            
            
             
                ClickjackFilterDeny
                /*
            
             
             
    
    • Constructor Summary

      Constructors 
      Constructor Description
      ClickjackFilter()  
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void destroy()
      void doFilter​(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
      Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who decide to implement) not to display this content in a frame.
      void init​(javax.servlet.FilterConfig filterConfig)
      Initialize "mode" parameter from web.xml.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • ClickjackFilter

        public ClickjackFilter()
    • Method Detail

      • init

        public void init​(javax.servlet.FilterConfig filterConfig)
        Initialize "mode" parameter from web.xml. Valid values are "DENY" and "SAMEORIGIN". If you leave this parameter out, the default is to use the DENY mode.
        Specified by:
        init in interface javax.servlet.Filter
        Parameters:
        filterConfig - A filter configuration object used by a servlet container to pass information to a filter during initialization.
      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                             javax.servlet.ServletResponse response,
                             javax.servlet.FilterChain chain)
                      throws java.io.IOException,
                             javax.servlet.ServletException
        Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who decide to implement) not to display this content in a frame. For details, please refer to {@link http://blogs.msdn.com/sdl/archive/2009/02/05/clickjacking-defense-in-ie8.aspx}.
        Specified by:
        doFilter in interface javax.servlet.Filter
        Parameters:
        request - The request object.
        response - The response object.
        chain - Refers to the FilterChain object to pass control to the next Filter.
        Throws:
        java.io.IOException
        javax.servlet.ServletException
      • destroy

        public void destroy()
        Specified by:
        destroy in interface javax.servlet.Filter