Hi Chris, My actual requirement was to implement 7 HTTP headers, out of which 4 are implemented in "HttpHeaderSecurityFilter". The remaining 3 headers (Content-Security-Policy, Public-Key-Pins, X-Robots-Tag) are not addressed in any of the filters available in Tomcat 7, 8 & 9 versions.
Is there any way that we implement these 3 headers in Tomcat? Regards, Mohammad -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 01 June 2017 19:59 To: users@tomcat.apache.org Subject: Re: [External] Re: Security Headers Implementation in Tomcat 6.x version -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mohammad, On 6/1/17 12:43 AM, Shaik, Mohammad N. wrote: > What should be name of the new JAR file that I would create for the > Filter classes? It doesn't matter. > There are multiple JAR files in lib folder. Does the name of these JAR > files have any significance? Not really. > My understanding is that as long as you have your code (.class > files) is present in any of the JAR files under "lib" folder, system > would get it. You don’t need to have a specific-named JAR files having > specific-named .class files. The .class files from all the jar files > under lib folder is considered as one big collection, and based on the > invoked classname its corresponding .class file gets executed from > that big code. Multiple JAR files with different names is setup just > for logical classification of classes. Please correct me if this is > not right. You are correct. There are problems if the same class exists in two separate JAR files, but that should not be a problem in the standard Tomcat installation, plus the JAR file that has a few (unique) classes from Tomcat 7 in there. Remember: Upgrade ASAP. - -chris > -----Original Message----- From: Christopher Schultz > [mailto:ch...@christopherschultz.net] Sent: 31 May 2017 23:52 To: > users@tomcat.apache.org Subject: [External] Re: Security Headers > Implementation in Tomcat 6.x version > > Mohammad, > > On 5/31/17 6:37 AM, Shaik, Mohammad N. wrote: >> Can I simply use the JAR files from Tomcat 7 that contains executable >> code of filter classes (security headers), and put them into >> corresponding location in Tomcat 6? > > Definitely don't do that. But you could probably grab the compiled > .class files from Tomcat 7's binary distribution... just make sure you > have all of them. > > So, basically, create a new JAR file that contains only those Filter > classes (don't forget any inner classes that might be found in > separate .class files). > > -chris > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > ________________________________ > > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If you > have received it in error, please notify the sender immediately and > delete the original. Any other use of the e-mail by you is prohibited. > Where allowed by local law, electronic communications with Accenture > and its affiliates, including e-mail and instant messaging (including > content), may be scanned by our systems for the purposes of > information security and assessment of internal compliance with > Accenture policy. > ______________________________________________________________________ ________________ > > www.accenture.com > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZMCSuAAoJEBzwKT+lPKRYuXoQAMLiiazF90PhBn4NxTu/Zh2u kqFbjTSUBRnk+KgQ7hezeRbQlLj/gt20Fywd8cvxOgXZ9CFGOVrxY5ljQdD/GQqi 3fr437iqlVXrzgIeZo/N7NAOQHa04ktMmGQiW+Hx3o8MyN6UlXUazL4K3ddiDNkx bnTCYXtjic66vTJvTr+I2TVy/gBTLe7V4ooxNVP9zv+NL3xFqFqb3ZrkoHI9xiTn aoM3HL2RMRu0Kt/fRAhzqOHYDj5uFttjXMfCVnm5+nBEE7R5ymihI8rMfVIxlIBo /28+3nRnOK63dhAKHfpnNgBykH3DDwtududKme6KpCzbuD/95seIGhr4aKtBL9ou gJXSaXt0IR7PFy4xiZGwdESr1OdR1/eTnyq8vNzIcmbEW9gv30dRhdytbie85nET 0G5OBIOZ4UGwjfGc5+ItCaNeAY4zsCofwlvvqjPG0xjM5uBJK6Eqy4dp++VYPv5Y qK/1Qpmzu+KALoV7nLXLDrRV3qes319XaWgKB9c8r6BH6vYIg5K+W+pR63TiFDLE /XHDxIpemsy6oq657sg0JI/48J8iiulbiIXsZ5bb1gjOg7bh4xz8XqOtSW2oqSju ngDPVYxotcbA6DWsaOZJu7WYfR0wjs+/gkhvX1GgICd2lixXZUwboTkOk9wNwArS HGUlc2U0LgTmSYLe+vj6 =oY0c -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com
