Servlet filter not applying to container managed l

2019-07-01 22:59发布

站内问答 / 移动开发
1069 1 5

I'm using a Filter to insert anti-clickjacking headers in all my pages - this works correctly, except on the JBoss EAP 6.3 container managed login page, which is one of the more important pages to have it.

The filter is not called at all with the login page, which is served off of http://localhost/Application/. Filter mappings I've tried include

<filter>
    <filter-name>InsertXFrameOptions</filter-name>
    <filter-class>com.filter.InsertXFrameOptionsFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>InsertXFrameOptions</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>    
<filter-mapping>
    <filter-name>InsertXFrameOptions</filter-name>
    <url-pattern>*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>InsertXFrameOptions</filter-name>
    <url-pattern>/</url-pattern>
</filter-mapping>

No luck at all though - how do you map a filter so it applies to the container managed login page?

1条回答
别忘想泡老子
2楼-- · 2019-07-01 23:36

Filters don't kick in on j_security_check requests. They are handled internally by the container before the web application's filters are hit. So you need to head to a container-specific solution to hook on the request/response.

JBoss 6.x/7.x (and all other Tomcat based containers) offer Valves for this. Basically, replace your Filter by a Valve which looks like below:

import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;

public class InsertXFrameOptionsValve extends ValveBase {

    @Override
    public void invoke(Request request, Response response) throws IOException, ServletException {
        response.addHeader("X-Frame-Options", "SAMEORIGIN");
        getNext().invoke(request, response);
    }

}

In order to get it to run, register it in jboss-web.xml like below:

<valve>
    <class-name>com.example.InsertXFrameOptionsValve</class-name>
</valve>
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)