diff options
| -rw-r--r-- | connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java | 75 | ||||
| -rw-r--r-- | connector/src/main/resources/applicationContext.xml | 7 | 
2 files changed, 78 insertions, 4 deletions
| diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java new file mode 100644 index 00000000..e60b535c --- /dev/null +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java @@ -0,0 +1,75 @@ +/******************************************************************************* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,  + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.asitplus.eidas.specific.connector.interceptor; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.web.servlet.HandlerInterceptor; +import org.springframework.web.servlet.ModelAndView; + +/** + * @author tlenz + * + */ +public class WebFrontEndSecurityInterceptor implements HandlerInterceptor { +	 +	/* (non-Javadoc) +	 * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object) +	 */ +	@Override +	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) +			throws Exception { + +		//set security headers +		response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT"); +		response.setHeader("Pragma", "no-cache"); +		response.setHeader("Cache-control", "no-store, no-cache, must-revalidate"); +		 +		return true; +			 +	} + +	/* (non-Javadoc) +	 * @see org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, org.springframework.web.servlet.ModelAndView) +	 */ +	@Override +	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, +			ModelAndView modelAndView) throws Exception { + +		 +		 + + +	} + +	/* (non-Javadoc) +	 * @see org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, java.lang.Exception) +	 */ +	@Override +	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) +			throws Exception { + +	} + +} diff --git a/connector/src/main/resources/applicationContext.xml b/connector/src/main/resources/applicationContext.xml index 95c3db36..709b699f 100644 --- a/connector/src/main/resources/applicationContext.xml +++ b/connector/src/main/resources/applicationContext.xml @@ -20,10 +20,9 @@  	<mvc:default-servlet-handler/>  -<!--   <mvc:interceptors> -  	<bean class="at.gv.egovernment.moa.id.auth.servlet.interceptor.WebFrontEndSecurityInterceptor" /> -  	<bean class="at.gv.egovernment.moa.id.auth.servlet.interceptor.UniqueSessionIdentifierInterceptor" /> -  </mvc:interceptors> -->  +	<mvc:interceptors> +  		<bean class="at.asitplus.eidas.specific.connector.interceptor.WebFrontEndSecurityInterceptor" /> +  	</mvc:interceptors>   	<context:property-placeholder location="${eidas.ms.configuration}"/> | 
