ExploitProtectionServiceImpl (BroadleafCommerce 6.2.2-SNAPSHOT API)

java.lang.Object
- org.broadleafcommerce.common.security.service.ExploitProtectionServiceImpl

All Implemented Interfaces:: ExploitProtectionService

@Service(value="blExploitProtectionService")
public class ExploitProtectionServiceImpl
extends Object
implements ExploitProtectionService

Author:: jfischer

Field Summary

Fields
Modifier and Type Field and Description

protected String antiSamyPolicyFileLocation

protected boolean xsrfProtectionEnabled

protected boolean xssProtectionEnabled

Fields
Modifier and Type	Field and Description
`protected String`	`antiSamyPolicyFileLocation`
`protected boolean`	`xsrfProtectionEnabled`
`protected boolean`	`xssProtectionEnabled`

Constructor Summary

Constructors
Constructor and Description

ExploitProtectionServiceImpl()

Constructors
Constructor and Description
`ExploitProtectionServiceImpl()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`String`	`cleanString(String string)` Detect and remove possible XSS threats from the passed in string.
`String`	`cleanStringWithResults(String string)` Detect and remove possible XSS threats from the passed in string.
`void`	`compareToken(String passedToken)` Detect possible XSRF attacks by comparing the csrf token included in the request against the true token for this user from the session.
`String`	`getAntiSamyPolicyFileLocation()`
`String`	`getCSRFToken()`
`String`	`getCsrfTokenParameter()`
`protected boolean`	`hasHTMLTags(String text)`
`String`	`htmlDecode(String value)`
`void`	`setAntiSamyPolicyFileLocation(String antiSamyPolicyFileLocation)`
`void`	`setXssProtectionEnabled(boolean xssProtectionEnabled)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - antiSamyPolicyFileLocation
```
protected String antiSamyPolicyFileLocation
```
  - xsrfProtectionEnabled
```
@Value(value="${exploitProtection.xsrfEnabled:true}")
protected boolean xsrfProtectionEnabled
```
  - xssProtectionEnabled
```
@Value(value="${exploitProtection.xssEnabled:true}")
protected boolean xssProtectionEnabled
```
- Constructor Detail
  - ExploitProtectionServiceImpl
```
public ExploitProtectionServiceImpl()
```
- Method Detail
  - cleanString
```
public String cleanString(String string)
                   throws ServiceException
```
    Description copied from interface: ExploitProtectionService
    
    Detect and remove possible XSS threats from the passed in string. This includes <script> tags, and the like.
    
    Specified by:
    
    cleanString in interface ExploitProtectionService
    
    Parameters:
    
    string - The possibly dirty string
    
    Returns:
    
    The cleansed version of the string
    
    Throws:
    
    ServiceException
  - cleanStringWithResults
```
public String cleanStringWithResults(String string)
                              throws ServiceException
```
    Description copied from interface: ExploitProtectionService
    
    Detect and remove possible XSS threats from the passed in string. This includes <script> tags, and the like. If an html, validation, or security problem is detected, an exception is thrown. This method also emits well formed xml, which is important if using Thymeleaf to display the results.
    
    Specified by:
    
    cleanStringWithResults in interface ExploitProtectionService
    
    Parameters:
    
    string - The possibly dirty string
    
    Returns:
    
    The cleansed version of the string
    
    Throws:
    
    ServiceException
  - hasHTMLTags
```
protected boolean hasHTMLTags(String text)
```
  - compareToken
```
public void compareToken(String passedToken)
                  throws ServiceException
```
    Description copied from interface: ExploitProtectionService
    
    Detect possible XSRF attacks by comparing the csrf token included in the request against the true token for this user from the session. If they are different, then the exception is thrown.
    
    Specified by:
    
    compareToken in interface ExploitProtectionService
    
    Parameters:
    
    passedToken - The csrf token that was passed in the request
    
    Throws:
    
    ServiceException
  - getCSRFToken
```
public String getCSRFToken()
                    throws ServiceException
```
    Specified by:
    
    getCSRFToken in interface ExploitProtectionService
    
    Throws:
    
    ServiceException
  - getAntiSamyPolicyFileLocation
```
public String getAntiSamyPolicyFileLocation()
```
    Specified by:
    
    getAntiSamyPolicyFileLocation in interface ExploitProtectionService
  - setAntiSamyPolicyFileLocation
```
public void setAntiSamyPolicyFileLocation(String antiSamyPolicyFileLocation)
```
    Specified by:
    
    setAntiSamyPolicyFileLocation in interface ExploitProtectionService
  - getCsrfTokenParameter
```
public String getCsrfTokenParameter()
```
    Specified by:
    
    getCsrfTokenParameter in interface ExploitProtectionService
  - htmlDecode
```
public String htmlDecode(String value)
```
    Specified by:
    
    htmlDecode in interface ExploitProtectionService
  - setXssProtectionEnabled
```
public void setXssProtectionEnabled(boolean xssProtectionEnabled)
```

Class ExploitProtectionServiceImpl

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

antiSamyPolicyFileLocation

xsrfProtectionEnabled

xssProtectionEnabled

Constructor Detail

ExploitProtectionServiceImpl

Method Detail

cleanString

cleanStringWithResults

hasHTMLTags

compareToken

getCSRFToken

getAntiSamyPolicyFileLocation

setAntiSamyPolicyFileLocation

getCsrfTokenParameter

htmlDecode

setXssProtectionEnabled