System: two business + platform, platform will not be any change code
Found problems: system Security problem, (the "Content ws-security - Policy" head loss or unsafe;" X - the content-type - Options "head loss or unsafe;" X - the content-type - Options "head loss or unsafe)
Details: as the found problems found two solutions:
The first is to increase the filter, the filter on the new HttpServletResponse header, but because the platform code changed not so temporary not consider through the filter solution;
The second way is through the change of configuration files: local tomcat, so I changed the tomcat configuration file, can be add header;
The solution is as follows:
HttpHeaderSecurity Org. Apache. Catalina. Filters. HttpHeaderSecurityFilter
AntiClickJackingOption
SAMEORIGINTrue
HttpHeaderSecurity /* & lt;/url - pattern>
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
But due to formal environment is to use jboss, I think should be the server \ default \ deploy \ jbossweb SAR the configuration web directory. The XML can be resolved,
But I don't know how to configure HttpServletResponse in jboss, found a afternoon online, found a solution: the jboss7 through configuration. Standalone XML this file, but jboss6: no, I also tried to copy the configuration into 6 configuration file but there is no use,
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
I want to ask next jboss how to configure the request header? Or how should I solve the security problem?
CodePudding user response:
Jboss configuration response headers, the effect the following