Hi
You can write a custom JSON JAX-RS MessageBodyWriter - ex, by extending
CXF JSONProvider or Jackson and overriding writeTo(...) - you'd push
this prefix to the output stream first and then delegate to the
super.writeTo.
Or may be a much simpler option is to register JAX-RS WriterInterceptor
and only write the prefix from it. I might consider adding such a helper
writer to CXF
Or you can register a CXF Out interceptor with any phase which is
earlier than Phase.MARSHALL which is where CXF JAXRSOutInterceptor sits.
Even Phase.MARSHALL will do for your custom interceptor, it will run
first because it is a custom interceptor.
HTH, Sergey
On 14/09/16 14:58, Venkatesh Laguduva wrote:
I am using AngularJS for the UI and CXF for RESTful services; as part of
securing my webapp, I am trying to code for "JSON Vulnerability
Protection"; AngularJS document is asking us to prefix certain characters
to the JSON responses :
extract from AngularJS Document: For example if your server needs to return:
['one','two'] which is vulnerable to attack, your server can return:
)]}', ['one','two'] Angular will strip the prefix, before processing the
JSON.
To do this, I tried unsuccessfully to add ')]}' in an out interceptor but
the content in that cxf message is still object, not yet marshalled into
string - so I am wondering what could be the best place to do this
prefixing.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
