Implement SameSite=Lax to prevent csrf attack using interceptor for all request under nms/**

Author: jangidrakesh

NMSReportingSuite/src/main/java/com/beehyv/nmsreporting/business/impl/CookiesInterceptor.java

@@ -0,0 +1,28 @@
+package com.beehyv.nmsreporting.business.impl;
+
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class CookiesInterceptor extends HandlerInterceptorAdapter {
+
+    @Override
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
+    }
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+            Cookie cookie = new Cookie("SameSite", "Lax");
+            response.addCookie(cookie);
+
+        return true;
+    }
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception exception) throws Exception {}
+
+    @Override
+    public void afterConcurrentHandlingStarted(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+    }
+}

NMSReportingSuite/src/main/webapp/WEB-INF/applicationContext.xml

@@ -135,6 +135,13 @@
         </property>
     </bean>
 
+<mvc:interceptors>
+    <mvc:interceptor>
+        <mvc:mapping path="/nms/**"/>
+        <bean class="com.beehyv.nmsreporting.business.impl.CookiesInterceptor">
+        </bean>
+    </mvc:interceptor>
+</mvc:interceptors>
     <bean id="autoReportMail" class="com.beehyv.nmsreporting.job.AutoReportEmailGeneration"/>
     <task:scheduled-tasks>
         <task:scheduled ref="autoReportMail" method="executeInternal" cron="0 0 9 1 * ?"/>