Add annotations for security headers

billoneil · billoneil · commit f71a541d4c42 · 2018-01-17T21:28:55.000-05:00
diff --git a/stubbornjava-common/src/main/java/com/stubbornjava/common/undertow/handlers/CustomHandlers.java b/stubbornjava-common/src/main/java/com/stubbornjava/common/undertow/handlers/CustomHandlers.java
@@ -152,6 +152,7 @@ public static HttpHandler loadBalancerHttpToHttps(HttpHandler next) {
         };
     }
 
+    // {{start:securityHeaders}}
     public static HttpHandler securityHeaders(HttpHandler next, ReferrerPolicy policy) {
         MiddlewareBuilder security = MiddlewareBuilder
             .begin(XFrameOptionsHandlers::deny)
@@ -166,4 +167,5 @@ public static HttpHandler securityHeaders(HttpHandler next, ReferrerPolicy polic
         }
         return security.complete(next);
     }
+    // {{end:securityHeaders}}
 }
diff --git a/stubbornjava-undertow/src/main/java/com/stubbornjava/undertow/handlers/ContentSecurityPolicyHandler.java b/stubbornjava-undertow/src/main/java/com/stubbornjava/undertow/handlers/ContentSecurityPolicyHandler.java
@@ -8,6 +8,7 @@
 import io.undertow.server.HttpHandler;
 import io.undertow.server.handlers.SetHeaderHandler;
 
+// {{start:handler}}
 public class ContentSecurityPolicyHandler {
     private static final String CSP_HEADER = "Content-Security-Policy";
 
@@ -193,3 +194,4 @@ private String join(String... strings) {
         }
     }
 }
+// {{end:handler}}
diff --git a/stubbornjava-undertow/src/main/java/com/stubbornjava/undertow/handlers/ReferrerPolicyHandlers.java b/stubbornjava-undertow/src/main/java/com/stubbornjava/undertow/handlers/ReferrerPolicyHandlers.java
@@ -3,6 +3,7 @@
 import io.undertow.server.HttpHandler;
 import io.undertow.server.handlers.SetHeaderHandler;
 
+// {{start:handler}}
 public class ReferrerPolicyHandlers {
     private static final String REFERRER_POLICY_STRING = "Referrer-Policy";
 
@@ -30,3 +31,4 @@ public static HttpHandler policy(HttpHandler next, ReferrerPolicy policy) {
         return new SetHeaderHandler(next, REFERRER_POLICY_STRING, policy.getValue());
     }
 }
+// {{end:handler}}
diff --git a/stubbornjava-undertow/src/main/java/com/stubbornjava/undertow/handlers/StrictTransportSecurityHandlers.java b/stubbornjava-undertow/src/main/java/com/stubbornjava/undertow/handlers/StrictTransportSecurityHandlers.java
@@ -4,6 +4,7 @@
 import io.undertow.server.handlers.SetHeaderHandler;
 import io.undertow.util.Headers;
 
+// {{start:handler}}
 public class StrictTransportSecurityHandlers {
 
     public static HttpHandler hsts(HttpHandler next, long maxAge) {
@@ -14,3 +15,4 @@ public static HttpHandler hstsIncludeSubdomains(HttpHandler next, long maxAge) {
         return new SetHeaderHandler(next, Headers.STRICT_TRANSPORT_SECURITY_STRING, "max-age=" + maxAge + "; includeSubDomains");
     }
 }
+// {{end:handler}}
diff --git a/stubbornjava-undertow/src/main/java/com/stubbornjava/undertow/handlers/XContentTypeOptionsHandler.java b/stubbornjava-undertow/src/main/java/com/stubbornjava/undertow/handlers/XContentTypeOptionsHandler.java
@@ -3,10 +3,12 @@
 import io.undertow.server.HttpHandler;
 import io.undertow.server.handlers.SetHeaderHandler;
 
+// {{start:handler}}
 public class XContentTypeOptionsHandler {
     private static final String X_CONTENT_TYPE_OPTIONS_STRING = "X-Content-Type-Options";
 
     public static HttpHandler nosniff(HttpHandler next) {
         return new SetHeaderHandler(next, X_CONTENT_TYPE_OPTIONS_STRING, "nosniff");
     }
 }
+// {{end:handler}}
diff --git a/stubbornjava-undertow/src/main/java/com/stubbornjava/undertow/handlers/XFrameOptionsHandlers.java b/stubbornjava-undertow/src/main/java/com/stubbornjava/undertow/handlers/XFrameOptionsHandlers.java
@@ -7,6 +7,7 @@
 import io.undertow.server.handlers.SetHeaderHandler;
 import io.undertow.util.HttpString;
 
+// {{start:handler}}
 public class XFrameOptionsHandlers {
     private static final String X_FRAME_OPTIONS_STRING = "X-Frame-Options";
     private static final HttpString X_FRAME_OPTIONS = new HttpString(X_FRAME_OPTIONS_STRING);
@@ -32,3 +33,4 @@ public static HttpHandler allowFromDynamicOrigin(HttpHandler next,
         };
     }
 }
+// {{end:handler}}
diff --git a/stubbornjava-undertow/src/main/java/com/stubbornjava/undertow/handlers/XXssProtectionHandlers.java b/stubbornjava-undertow/src/main/java/com/stubbornjava/undertow/handlers/XXssProtectionHandlers.java
@@ -3,6 +3,7 @@
 import io.undertow.server.HttpHandler;
 import io.undertow.server.handlers.SetHeaderHandler;
 
+// {{start:handler}}
 public class XXssProtectionHandlers {
     private static final String X_XSS_PROTECTION_STRING = "X-Xss-Protection";
 
@@ -18,3 +19,4 @@ public static HttpHandler enableAndBlock(HttpHandler next) {
         return new SetHeaderHandler(next, X_XSS_PROTECTION_STRING, "1; mode=block");
     }
 }
+// {{end:handler}}
diff --git a/stubbornjava-webapp/src/main/java/com/stubbornjava/webapp/StubbornJavaWebApp.java b/stubbornjava-webapp/src/main/java/com/stubbornjava/webapp/StubbornJavaWebApp.java
@@ -33,6 +33,7 @@ private static HttpHandler exceptionHandler(HttpHandler next) {
            .addExceptionHandler(Throwable.class, PageRoutes::error);
     }
 
+    // {{start:csp}}
     private static HttpHandler contentSecurityPolicy(HttpHandler delegate) {
         return new ContentSecurityPolicyHandler.Builder()
                 .defaultSrc(ContentSecurityPolicy.SELF)
@@ -44,6 +45,7 @@ private static HttpHandler contentSecurityPolicy(HttpHandler delegate) {
                 .styleSrc(ContentSecurityPolicy.SELF.getValue(), ContentSecurityPolicy.UNSAFE_INLINE.getValue())
                 .build(delegate);
     }
+    // {{end:csp}}
 
     private static HttpHandler wrapWithMiddleware(HttpHandler next) {
         return MiddlewareBuilder.begin(PageRoutes::redirector)
diff --git a/stubbornjava-webapp/src/main/java/com/stubbornjava/webapp/post/Tags.java b/stubbornjava-webapp/src/main/java/com/stubbornjava/webapp/post/Tags.java
@@ -30,6 +30,7 @@ public class Tags {
     public static final Tag Elasticsearch = addTag(new Tag(922794262770139008L, "Elasticsearch"));
     public static final Tag Ansible = addTag(new Tag(922794262770139008L, "Ansible"));
     public static final Tag Supervisord = addTag(new Tag(922794262770139008L, "Supervisord"));
+    public static final Tag Security = addTag(new Tag(953801444178362856L, "Security"));
 
     private static Tag addTag(Tag tag) {
         TAGS.add(tag);

Original file line number	Diff line number	Diff line change
`@@ -152,6 +152,7 @@ public static HttpHandler loadBalancerHttpToHttps(HttpHandler next) {`
`152`	`152`	`};`
`153`	`153`	`}`
`154`	`154`
	`155`	`+ // {{start:securityHeaders}}`
`155`	`156`	`public static HttpHandler securityHeaders(HttpHandler next, ReferrerPolicy policy) {`
`156`	`157`	`MiddlewareBuilder security = MiddlewareBuilder`
`157`	`158`	`.begin(XFrameOptionsHandlers::deny)`
`@@ -166,4 +167,5 @@ public static HttpHandler securityHeaders(HttpHandler next, ReferrerPolicy polic`
`166`	`167`	`}`
`167`	`168`	`return security.complete(next);`
`168`	`169`	`}`
	`170`	`+ // {{end:securityHeaders}}`
`169`	`171`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@`
`8`	`8`	`import io.undertow.server.HttpHandler;`
`9`	`9`	`import io.undertow.server.handlers.SetHeaderHandler;`
`10`	`10`
	`11`	`+// {{start:handler}}`
`11`	`12`	`public class ContentSecurityPolicyHandler {`
`12`	`13`	`private static final String CSP_HEADER = "Content-Security-Policy";`
`13`	`14`
`@@ -193,3 +194,4 @@ private String join(String... strings) {`
`193`	`194`	`}`
`194`	`195`	`}`
`195`	`196`	`}`
	`197`	`+// {{end:handler}}`
Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@`
`3`	`3`	`import io.undertow.server.HttpHandler;`
`4`	`4`	`import io.undertow.server.handlers.SetHeaderHandler;`
`5`	`5`
	`6`	`+// {{start:handler}}`
`6`	`7`	`public class ReferrerPolicyHandlers {`
`7`	`8`	`private static final String REFERRER_POLICY_STRING = "Referrer-Policy";`
`8`	`9`
`@@ -30,3 +31,4 @@ public static HttpHandler policy(HttpHandler next, ReferrerPolicy policy) {`
`30`	`31`	`return new SetHeaderHandler(next, REFERRER_POLICY_STRING, policy.getValue());`
`31`	`32`	`}`
`32`	`33`	`}`
	`34`	`+// {{end:handler}}`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`	`import io.undertow.server.handlers.SetHeaderHandler;`
`5`	`5`	`import io.undertow.util.Headers;`
`6`	`6`
	`7`	`+// {{start:handler}}`
`7`	`8`	`public class StrictTransportSecurityHandlers {`
`8`	`9`
`9`	`10`	`public static HttpHandler hsts(HttpHandler next, long maxAge) {`
`@@ -14,3 +15,4 @@ public static HttpHandler hstsIncludeSubdomains(HttpHandler next, long maxAge) {`
`14`	`15`	`return new SetHeaderHandler(next, Headers.STRICT_TRANSPORT_SECURITY_STRING, "max-age=" + maxAge + "; includeSubDomains");`
`15`	`16`	`}`
`16`	`17`	`}`
	`18`	`+// {{end:handler}}`
Original file line number	Diff line number	Diff line change
`@@ -3,10 +3,12 @@`
`3`	`3`	`import io.undertow.server.HttpHandler;`
`4`	`4`	`import io.undertow.server.handlers.SetHeaderHandler;`
`5`	`5`
	`6`	`+// {{start:handler}}`
`6`	`7`	`public class XContentTypeOptionsHandler {`
`7`	`8`	`private static final String X_CONTENT_TYPE_OPTIONS_STRING = "X-Content-Type-Options";`
`8`	`9`
`9`	`10`	`public static HttpHandler nosniff(HttpHandler next) {`
`10`	`11`	`return new SetHeaderHandler(next, X_CONTENT_TYPE_OPTIONS_STRING, "nosniff");`
`11`	`12`	`}`
`12`	`13`	`}`
	`14`	`+// {{end:handler}}`
Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@`
`7`	`7`	`import io.undertow.server.handlers.SetHeaderHandler;`
`8`	`8`	`import io.undertow.util.HttpString;`
`9`	`9`
	`10`	`+// {{start:handler}}`
`10`	`11`	`public class XFrameOptionsHandlers {`
`11`	`12`	`private static final String X_FRAME_OPTIONS_STRING = "X-Frame-Options";`
`12`	`13`	`private static final HttpString X_FRAME_OPTIONS = new HttpString(X_FRAME_OPTIONS_STRING);`
`@@ -32,3 +33,4 @@ public static HttpHandler allowFromDynamicOrigin(HttpHandler next,`
`32`	`33`	`};`
`33`	`34`	`}`
`34`	`35`	`}`
	`36`	`+// {{end:handler}}`
Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,7 @@ private static HttpHandler exceptionHandler(HttpHandler next) {`
`33`	`33`	`.addExceptionHandler(Throwable.class, PageRoutes::error);`
`34`	`34`	`}`
`35`	`35`
	`36`	`+ // {{start:csp}}`
`36`	`37`	`private static HttpHandler contentSecurityPolicy(HttpHandler delegate) {`
`37`	`38`	`return new ContentSecurityPolicyHandler.Builder()`
`38`	`39`	`.defaultSrc(ContentSecurityPolicy.SELF)`
`@@ -44,6 +45,7 @@ private static HttpHandler contentSecurityPolicy(HttpHandler delegate) {`
`44`	`45`	`.styleSrc(ContentSecurityPolicy.SELF.getValue(), ContentSecurityPolicy.UNSAFE_INLINE.getValue())`
`45`	`46`	`.build(delegate);`
`46`	`47`	`}`
	`48`	`+ // {{end:csp}}`
`47`	`49`
`48`	`50`	`private static HttpHandler wrapWithMiddleware(HttpHandler next) {`
`49`	`51`	`return MiddlewareBuilder.begin(PageRoutes::redirector)`