Reputation: 55
How to configure JBOSS 5 to include an X-Frame-options header?
I have been using jBoss 5.1 for deploying my applications. While testing clickjacking issue is raised. After searching many sites and blogs, I am not able to find the answer. In one of the sites I found that clickjacking is disabled if the site doesn't appear within the iframe :
<iframe src="http://localhost:port"/>
Jboss home page is now being displayed in the iframe. Please let me know how to disable this using X-frame-options to avoid click-jacking.
Thanks.
Upvotes: 0
Views: 8918
Answers (2)
Reputation: 321
Another way of doing it is to modify the /deploy/jbossweb.deployer/web.xml file, and overwrite the org.jboss.web.tomcat.filters.ReplyHeaderFilter init-param X-Powered-By with the X-Frame-Options header, and the appropriate value that you want to set. Or you can create another entry of the filter (I haven't tested this)
Upvotes: 1
Reputation: 46
Please follow the steps below : 1 : Download the clickjackfilter file from the below link. 2 : Add the class folder present in clickjackfilter -> web-inf folder into your jboss -> deploy/root.war/web-inf folder. 3 : Add the filter code from the below link into the web.xml file of the root.war file 4 : restart the server.
Now you can overcome the clickjacking issue for your server. Please find the link below : https://www.owasp.org/index.php/Clickjacking_Protection_for_Java_EE
Hope it helps you.
Upvotes: 3
Related Questions
- X-Frame-Options on Apache
- enable X-Frame-Options header in spring-boot application (without spring security)
- tomcat X-Frame-Options or antiClickJackingEnabled
- X-Frame-Options Header Not Set in Apache Tomcat 8.5.9
- How to add "X-Frame-Options" header in .htaccess file to protect against 'ClickJacking' attacks
- How to set http headers in JBoss EAP 6.1
- Prevent clickjacking in jboss 5.1 not works for root url
- Respect X-Frame-Options with HTTP redirect
- X-Frames-Options in the meta tag
- how to set custom http header in jBoss