org.broadleafcommerce.common.security.service

Interface ExploitProtectionService

All Known Implementing Classes:

ExploitProtectionServiceImpl

public interface ExploitProtectionService

Author:

jfischer

Method Summary

Methods

Modifier and Type	Method and Description
String	cleanString(String string) Detect and remove possible XSS threats from the passed in string.
void	compareToken(String passedToken) Detect possible XSRF attacks by comparing the csrf token included in the request against the true token for this user from the session.
String	getAntiSamyPolicyFileLocation()
String	getCSRFToken()
String	getCsrfTokenParameter()
void	setAntiSamyPolicyFileLocation(String antiSamyPolicyFileLocation)

Method Detail

cleanString

String cleanString(String string)
                   throws ServiceException

Detect and remove possible XSS threats from the passed in string. This includes <script> tags, and the like.

Parameters:

string - The possibly dirty string

Returns:

The cleansed version of the string

Throws:

ServiceException

getAntiSamyPolicyFileLocation

String getAntiSamyPolicyFileLocation()

setAntiSamyPolicyFileLocation

void setAntiSamyPolicyFileLocation(String antiSamyPolicyFileLocation)

compareToken

void compareToken(String passedToken)
                  throws ServiceException

Detect possible XSRF attacks by comparing the csrf token included in the request against the true token for this user from the session. If they are different, then the exception is thrown.

Parameters:

passedToken - The csrf token that was passed in the request

Throws:

ServiceException

getCSRFToken

String getCSRFToken()
                    throws ServiceException

Throws:

ServiceException

getCsrfTokenParameter

String getCsrfTokenParameter()