Java DefDescriptor Examples

Programming Language: Java

Namespace/Package Name: java.util

Class/Type: DefDescriptor

Examples at hotexamples.com: 2

Java DefDescriptor - 2 examples found. These are the top rated real world Java examples of java.util.DefDescriptor extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

getDescriptorName(1)

getQualifiedName(1)

Example #1

Show file

File: ServletUtilAdapterImpl.java Project: madmax983/aura

  /**
   * Check if CSP Header setting is already inherited from one.app (top level context) See
   * https://www.w3.org/TR/CSP2/#which-policy-applies
   *
   * @param defDesc
   * @param req
   * @return true if CSP header setting can be skipped
   */
  private boolean canSkipCSPHeader(final DefDescriptor<?> defDesc, final HttpServletRequest req) {
    if (defDesc == null | req == null) {
      return false;
    }

    // CSP inheritance is supported starting from CSP2
    if (!isCSP2Supported(req)) {
      return false;
    }

    final String descriptorName = defDesc.getDescriptorName();
    if (!descriptorName.equals("one:one")) { // only skip while loading one.app
      return false;
    }

    final String auraFormat = req.getParameter("aura.format");
    if (auraFormat != null && auraFormat.equals("HTML")) {
      return false;
    }

    // Skip one.app requests for non HTML content with already established aura context
    final String auraContext = req.getParameter("aura.context");
    if (auraContext != null) {
      return true;
    }

    return false;
  }

Example #2

Show file

File: ServletUtilAdapterImpl.java Project: madmax983/aura

  /** Sets mandatory headers, notably for anti-clickjacking. */
  @Override
  public void setCSPHeaders(DefDescriptor<?> top, HttpServletRequest req, HttpServletResponse rsp) {

    if (canSkipCSPHeader(top, req)) {
      return;
    }

    ContentSecurityPolicy csp =
        configAdapter.getContentSecurityPolicy(top == null ? null : top.getQualifiedName(), req);

    if (csp != null) {
      rsp.setHeader(CSP.Header.SECURE, csp.getCspHeaderValue());
      Collection<String> terms = csp.getFrameAncestors();
      if (terms != null) {
        // not open to the world; figure whether we can express an X-FRAME-OPTIONS header:
        if (terms.size() == 0) {
          // closed to any framing at all
          rsp.setHeader(HDR_FRAME_OPTIONS, HDR_FRAME_DENY);
        } else if (terms.size() == 1) {
          // With one ancestor term, we're either SAMEORIGIN or ALLOWFROM
          for (String site : terms) {
            if (site == null) {
              // Add same-origin headers and policy terms
              rsp.addHeader(HDR_FRAME_OPTIONS, HDR_FRAME_SAMEORIGIN);
            } else if (!site.contains("*") && !site.matches("^[a-z]+:$")) {
              // XFO can't express wildcards or protocol-only, so set only for a specific site:
              rsp.addHeader(HDR_FRAME_OPTIONS, HDR_FRAME_ALLOWFROM + site);
            } else {
              // When XFO can't express it, still set an ALLOWALL so filters don't jump in
              rsp.addHeader(HDR_FRAME_OPTIONS, HDR_FRAME_ALLOWALL);
            }
          }
        }
      }
    }
  }