Skip to content

Java Security Interceptor

Latest

Choose a tag to compare

@imdeepakchahar imdeepakchahar released this 20 Nov 10:20
· 1 commit to main since this release

Java Security Interceptor

This project is a Spring MVC-based Java application that implements a security interceptor to validate incoming HTTP requests and prevent common vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and malicious file uploads.

Features

  • SQL Injection Prevention: Detects and blocks SQL injection patterns in request parameters.
  • XSS Protection: Filters out potential cross-site scripting attacks.
  • File Upload Validation: Allows only specific file types to be uploaded.
  • Input Sanitization: Rejects inputs with dangerous characters, invalid UTF-8 encoding, null bytes, or newline characters.

Technologies Used

  • Spring Framework: Core framework for building the application and managing interceptors.
  • Java: Programming language.
  • Regex Patterns: Used for input validation.

Files Overview

1. JavaSecurityInterceptor.java

This is the main interceptor that performs the following tasks:

  • Validates request parameters for SQL Injection, XSS, and other dangerous inputs.
  • Checks uploaded files for allowed extensions.
  • Rejects invalid or malicious requests.

Key Methods:

  • preHandle: Validates incoming requests before they reach the controller.
  • validateFileInput: Ensures uploaded files have valid extensions.
  • containsSQLInjection, containsXSS, etc.: Helper methods to check for specific vulnerabilities.

2. WebConfig.java

This is the Spring configuration class that:

  • Registers the JavaSecurityInterceptor as a Spring Bean.
  • Adds the interceptor to the application's request handling pipeline to validate all incoming requests.

Setup Instructions

Prerequisites

  • Java 8 or higher
  • Maven 3.6+
  • Spring Framework 5+
  • An IDE (e.g., IntelliJ IDEA, Eclipse)

Installation

  1. Clone this repository:

    git clone https://github.com/imdeepakchahar/java-security-interceptor.git
    cd java-security-interceptor
  2. Import the project into your IDE.

  3. Build the project using Maven:

    mvn clean install
  4. Run the Spring Boot application:

    mvn spring-boot:run

Usage

  1. Interceptor Behavior:

    • The interceptor is applied to all request paths (/**).
    • Malicious requests are blocked with a 400 Bad Request response.
  2. File Uploads:

    • Allowed file extensions: jpg, jpeg, png, pdf, docx.
  3. Request Validation:

    • SQL keywords, XSS payloads, dangerous characters, invalid UTF-8, and null bytes are blocked.
  4. Customization:

    • Modify allowed file extensions in ALLOWED_FILE_EXTENSIONS in JavaSecurityInterceptor.java.
    • Update regex patterns to match your security requirements.

Project Structure

src/main/java/app/
├── config/
│   └── WebConfig.java          # Spring configuration
├── interceptor/
│   └── JavaSecurityInterceptor.java # Security interceptor