Ah Pradhan,
Note that I have already a number of HTTP headers securing in RequestHandler .
But I'd not be against using stuff we have now in Tomcat 8.5
https://tomcat.apache.org/tomcat-8.5-doc/config/filter.html#HTTP_Header_Security_Filter/Initialisation_parameters
And of course also CORS Filter, CSRF Prevention Filter, etc.
Please refer to
https://issues.apache.org/jira/browse/OFBIZ-6766
https://issues.apache.org/jira/browse/OFBIZ-6759
https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers
for a better communication :)
Thanks
Jacques
Le 26/09/2017 à 15:47, Jacques Le Roux a écrit :
Hi Yash,
It's not what I wanted to put there :)
But anyway, since I can't remember, after a quick look I have no real ideas on how you will use @ServletSecurity (I guess with @HttpConstraint
and@HttpMethodConstrain).
So please feel free to provide patches in Jiras to continue your ideas
Thanks
Jacques
Le 26/09/2017 à 13:42, Yash Sharma a écrit :
Thank you, Jacques.
We can even take it further with @*WebInitParam *annotation to
initialize values once it for all for all webapps and @*ServletSecurity *for
basic servlet security.
On Tue, Sep 26, 2017 at 2:23 PM Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
Le 24/09/2017 à 10:27, Jacques Le Roux a écrit :
and certainly more things using @WebInitParam and @WebInitParam
Not sure what I wanted to add there :D
Jacques
--
Thanks,
*Pradhan Yash Sharma*
