Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to use spring security to prevent xss and xframe attack

I look spring web site and want to prevent my website form xss and xframe attack

But My english is not well enough to figure out what to set

Please guide me what else should I setting??

I just add a WebSecurityConfig.java under src/com/test/web/security

Here is my code :

package com.test.web.security;

import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
@Configuration
@ComponentScan
public class WebSecurityConfig extends
WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
 http
   // ...
   .headers();
}
}
like image 753
user2492364 Avatar asked Nov 10 '22 09:11

user2492364


1 Answers

If you just specify the same code that you have above, Spring Security should automatically add all of the relevant security headers. Per the docs:

If you are using Spring Security’s Java configuration, all of the default security headers are added by default.

Also:

As soon as you specify any headers that should be included, then only those headers will be include

See details and code samples in this section:

http://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/reference/htmlsingle/#default-security-headers

like image 109
cliff.meyers Avatar answered Dec 21 '22 15:12

cliff.meyers