Package org.apache.hadoop.security.http

Class XFrameOptionsFilter

java.lang.Object

org.apache.hadoop.security.http.XFrameOptionsFilter

All Implemented Interfaces:

javax.servlet.Filter

@Public
@Evolving
public class XFrameOptionsFilter
extends Object
implements javax.servlet.Filter

This filter protects webapps from clickjacking attacks that are possible through use of Frames to embed the resources in another application and intercept clicks to accomplish nefarious things.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
class	XFrameOptionsFilter.XFrameOptionsResponseWrapper	This wrapper allows the rest of the filter pipeline to see the configured value when interrogating the response.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CUSTOM_HEADER_PARAM
static final String	X_FRAME_OPTIONS

Constructor Summary

Constructors

Constructor	Description
XFrameOptionsFilter()

Method Summary

Modifier and Type	Method	Description
void	destroy()
void	doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain)
static Map<String,String>	getFilterParams(Configuration conf, String confPrefix)	Constructs a mapping of configuration properties to be used for filter initialization.
void	init(javax.servlet.FilterConfig config)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

X_FRAME_OPTIONS

public static final String X_FRAME_OPTIONS

See Also:

• Constant Field Values

CUSTOM_HEADER_PARAM

public static final String CUSTOM_HEADER_PARAM

See Also:

• Constant Field Values

Constructor Details

XFrameOptionsFilter

public XFrameOptionsFilter()

Method Details

destroy

public void destroy()

Specified by:

destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest req,
 javax.servlet.ServletResponse res,
 javax.servlet.FilterChain chain)
              throws IOException,
javax.servlet.ServletException

Specified by:

doFilter in interface javax.servlet.Filter

Throws:

IOException

javax.servlet.ServletException

init

public void init(javax.servlet.FilterConfig config)
          throws javax.servlet.ServletException

Specified by:

init in interface javax.servlet.Filter

Throws:

javax.servlet.ServletException

getFilterParams

public static Map<String,String> getFilterParams(Configuration conf,
 String confPrefix)

Constructs a mapping of configuration properties to be used for filter initialization. The mapping includes all properties that start with the specified configuration prefix. Property names in the mapping are trimmed to remove the configuration prefix.

Parameters:

conf - configuration to read

confPrefix - configuration prefix

Returns:

mapping of configuration properties to be used for filter initialization