aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2018-10-30 12:41:48 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2018-10-30 12:41:48 +0100
commitbc307fb31d24344c16fd6477aed7c0963f19dab4 (patch)
treeaf614acc70506678880cd42518fc7ee8f258742e
parentc28dd1f871e4c6901f7a7fb12061f415816b4342 (diff)
downloadNational_eIDAS_Gateway-bc307fb31d24344c16fd6477aed7c0963f19dab4.tar.gz
National_eIDAS_Gateway-bc307fb31d24344c16fd6477aed7c0963f19dab4.tar.bz2
National_eIDAS_Gateway-bc307fb31d24344c16fd6477aed7c0963f19dab4.zip
add CachingHeader interceptor
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java75
-rw-r--r--connector/src/main/resources/applicationContext.xml7
2 files changed, 78 insertions, 4 deletions
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java
new file mode 100644
index 00000000..e60b535c
--- /dev/null
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java
@@ -0,0 +1,75 @@
+/*******************************************************************************
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.asitplus.eidas.specific.connector.interceptor;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+/**
+ * @author tlenz
+ *
+ */
+public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
+
+ /* (non-Javadoc)
+ * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
+ */
+ @Override
+ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+ throws Exception {
+
+ //set security headers
+ response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT");
+ response.setHeader("Pragma", "no-cache");
+ response.setHeader("Cache-control", "no-store, no-cache, must-revalidate");
+
+ return true;
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, org.springframework.web.servlet.ModelAndView)
+ */
+ @Override
+ public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
+ ModelAndView modelAndView) throws Exception {
+
+
+
+
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, java.lang.Exception)
+ */
+ @Override
+ public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
+ throws Exception {
+
+ }
+
+}
diff --git a/connector/src/main/resources/applicationContext.xml b/connector/src/main/resources/applicationContext.xml
index 95c3db36..709b699f 100644
--- a/connector/src/main/resources/applicationContext.xml
+++ b/connector/src/main/resources/applicationContext.xml
@@ -20,10 +20,9 @@
<mvc:default-servlet-handler/>
-<!-- <mvc:interceptors>
- <bean class="at.gv.egovernment.moa.id.auth.servlet.interceptor.WebFrontEndSecurityInterceptor" />
- <bean class="at.gv.egovernment.moa.id.auth.servlet.interceptor.UniqueSessionIdentifierInterceptor" />
- </mvc:interceptors> -->
+ <mvc:interceptors>
+ <bean class="at.asitplus.eidas.specific.connector.interceptor.WebFrontEndSecurityInterceptor" />
+ </mvc:interceptors>
<context:property-placeholder location="${eidas.ms.configuration}"/>