aboutsummaryrefslogtreecommitdiff
path: root/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java
diff options
context:
space:
mode:
Diffstat (limited to 'connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java')
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java83
1 files changed, 49 insertions, 34 deletions
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java
index e60b535c..d90cd22b 100644
--- a/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java
@@ -1,6 +1,6 @@
-/*******************************************************************************
+/*
* Copyright 2018 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
* A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
@@ -19,7 +19,8 @@
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
+*/
+
package at.asitplus.eidas.specific.connector.interceptor;
import javax.servlet.http.HttpServletRequest;
@@ -29,47 +30,61 @@ import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
/**
+ * Spring interceptor to inject securtiy headers into http response.
+ *
* @author tlenz
*
*/
public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
-
- /* (non-Javadoc)
- * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
- */
- @Override
- public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
- throws Exception {
- //set security headers
- response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT");
- response.setHeader("Pragma", "no-cache");
- response.setHeader("Cache-control", "no-store, no-cache, must-revalidate");
-
- return true;
-
- }
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.
+ * http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
+ * java.lang.Object)
+ */
+ @Override
+ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+ throws Exception {
+
+ // set security headers
+ response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT");
+ response.setHeader("Pragma", "no-cache");
+ response.setHeader("Cache-control", "no-store, no-cache, must-revalidate");
- /* (non-Javadoc)
- * @see org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, org.springframework.web.servlet.ModelAndView)
- */
- @Override
- public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
- ModelAndView modelAndView) throws Exception {
+ return true;
-
-
+ }
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet.
+ * http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
+ * java.lang.Object, org.springframework.web.servlet.ModelAndView)
+ */
+ @Override
+ public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
+ ModelAndView modelAndView) throws Exception {
- }
+ }
- /* (non-Javadoc)
- * @see org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, java.lang.Exception)
- */
- @Override
- public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
- throws Exception {
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax.
+ * servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
+ * java.lang.Object, java.lang.Exception)
+ */
+ @Override
+ public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
+ Exception ex)
+ throws Exception {
- }
+ }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-01 08:51:57 +0000