Package filter
Class SecurityHeadersFilter
java.lang.Object
filter.SecurityHeadersFilter
- All Implemented Interfaces:
javax.servlet.Filter
Filter that adds security headers to HTTP responses which is sent to the browser.
Implements Content Security Policy, XSS protection, and other security measures.
- Author:
- TAMIL MUGHILAN
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate voidapplySecurityHeaders(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, String nonce) Applies security headers to the HTTP response.private StringbuildCSPPolicy(String nonce) Builds the Content Security Policy header value.voiddestroy()Cleans up resources when filter is destroyed.voiddoFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) Processes responses to add security headers.private StringGenerates random nonce - number used oncevoidinit(javax.servlet.FilterConfig filterConfig) Initializes the filter when application starts.
-
Constructor Details
-
SecurityHeadersFilter
public SecurityHeadersFilter()
-
-
Method Details
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException Processes responses to add security headers. Generates nonce for CSP and applies various security headers.- Specified by:
doFilterin interfacejavax.servlet.Filter- Parameters:
request- the servlet requestresponse- the servlet responsechain- the filter chain- Throws:
IOException- if an I/O error occursjavax.servlet.ServletException- if a servlet error occurs
-
applySecurityHeaders
private void applySecurityHeaders(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, String nonce) Applies security headers to the HTTP response.- Parameters:
req- the HTTP requestres- the HTTP responsenonce- the generated nonce for CSP
-
generateNonce
Generates random nonce - number used once- Returns:
- nonce
-
buildCSPPolicy
Builds the Content Security Policy header value.- Parameters:
nonce- the nonce to include in script-src- Returns:
- the complete CSP policy string
-
init
public void init(javax.servlet.FilterConfig filterConfig) Initializes the filter when application starts.- Specified by:
initin interfacejavax.servlet.Filter- Parameters:
filterConfig- the filter configuration
-
destroy
public void destroy()Cleans up resources when filter is destroyed.- Specified by:
destroyin interfacejavax.servlet.Filter
-