From bc307fb31d24344c16fd6477aed7c0963f19dab4 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 30 Oct 2018 12:41:48 +0100 Subject: add CachingHeader interceptor --- .../WebFrontEndSecurityInterceptor.java | 75 ++++++++++++++++++++++ .../src/main/resources/applicationContext.xml | 7 +- 2 files changed, 78 insertions(+), 4 deletions(-) create mode 100644 connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java new file mode 100644 index 00000000..e60b535c --- /dev/null +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/interceptor/WebFrontEndSecurityInterceptor.java @@ -0,0 +1,75 @@ +/******************************************************************************* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.asitplus.eidas.specific.connector.interceptor; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.web.servlet.HandlerInterceptor; +import org.springframework.web.servlet.ModelAndView; + +/** + * @author tlenz + * + */ +public class WebFrontEndSecurityInterceptor implements HandlerInterceptor { + + /* (non-Javadoc) + * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object) + */ + @Override + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) + throws Exception { + + //set security headers + response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT"); + response.setHeader("Pragma", "no-cache"); + response.setHeader("Cache-control", "no-store, no-cache, must-revalidate"); + + return true; + + } + + /* (non-Javadoc) + * @see org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, org.springframework.web.servlet.ModelAndView) + */ + @Override + public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, + ModelAndView modelAndView) throws Exception { + + + + + + } + + /* (non-Javadoc) + * @see org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, java.lang.Exception) + */ + @Override + public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) + throws Exception { + + } + +} diff --git a/connector/src/main/resources/applicationContext.xml b/connector/src/main/resources/applicationContext.xml index 95c3db36..709b699f 100644 --- a/connector/src/main/resources/applicationContext.xml +++ b/connector/src/main/resources/applicationContext.xml @@ -20,10 +20,9 @@ - + + + -- cgit v1.2.3