How to configure JBOSS 5 to include an X-Frame-options header?

nam picture nam · Jul 21, 2014 · Viewed 8.4k times · Source

I have been using jBoss 5.1 for deploying my applications. While testing clickjacking issue is raised. After searching many sites and blogs, I am not able to find the answer. In one of the sites I found that clickjacking is disabled if the site doesn't appear within the iframe :
<iframe src="http://localhost:port"/>
Jboss home page is now being displayed in the iframe. Please let me know how to disable this using X-frame-options to avoid click-jacking.

Thanks.

Answer

Jayanth Powlay picture Jayanth Powlay · Jul 21, 2014

Please follow the steps below : 1 : Download the clickjackfilter file from the below link. 2 : Add the class folder present in clickjackfilter -> web-inf folder into your jboss -> deploy/root.war/web-inf folder. 3 : Add the filter code from the below link into the web.xml file of the root.war file 4 : restart the server.

Now you can overcome the clickjacking issue for your server. Please find the link below : https://www.owasp.org/index.php/Clickjacking_Protection_for_Java_EE

Hope it helps you.