From 300bd1b44f521a2b33c259be1f8d21eba58c1a31 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 8 Mar 2022 13:41:31 +0100 Subject: refactor(core): split 'ms-connector' WebApp into 'core' and 'ms-connector' to reuse some code for 'ms-proxy' WebApp --- .../WebFrontEndSecurityInterceptor.java | 90 ++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/interceptor/WebFrontEndSecurityInterceptor.java (limited to 'core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/interceptor/WebFrontEndSecurityInterceptor.java') diff --git a/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/interceptor/WebFrontEndSecurityInterceptor.java b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/interceptor/WebFrontEndSecurityInterceptor.java new file mode 100644 index 00000000..f665be51 --- /dev/null +++ b/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/interceptor/WebFrontEndSecurityInterceptor.java @@ -0,0 +1,90 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.core.interceptor; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.web.servlet.HandlerInterceptor; +import org.springframework.web.servlet.ModelAndView; + +/** + * Spring interceptor to inject securtiy headers into http response. + * + * @author tlenz + * + */ +public class WebFrontEndSecurityInterceptor implements HandlerInterceptor { + + /* + * (non-Javadoc) + * + * @see + * org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet. + * http.HttpServletRequest, javax.servlet.http.HttpServletResponse, + * java.lang.Object) + */ + @Override + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) + throws Exception { + + // set security headers + response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT"); + response.setHeader("Pragma", "no-cache"); + response.setHeader("Cache-control", "no-store, no-cache, must-revalidate"); + + return true; + + } + + /* + * (non-Javadoc) + * + * @see + * org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet. + * http.HttpServletRequest, javax.servlet.http.HttpServletResponse, + * java.lang.Object, org.springframework.web.servlet.ModelAndView) + */ + @Override + public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, + ModelAndView modelAndView) throws Exception { + + } + + /* + * (non-Javadoc) + * + * @see + * org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax. + * servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, + * java.lang.Object, java.lang.Exception) + */ + @Override + public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, + Exception ex) + throws Exception { + + } + +} -- cgit v1.2.3