Skip to main content
A
Abdul L Koyappayil
Inspiring
September 24, 2014
Answered

Clickjacking issue - adding multiple url patterns in a single filter mapping

  • September 24, 2014
  • 1 reply
  • 2964 views

This is regarding Clickjacking issue. To prevent the clickjacking issue I have added the below setting in the config file (web.xml).


<filter-mapping>
<filter-name>CFClickJackFilterDeny</filter-name>
<url-pattern>https://abcd.rw.xyz.com/mer/nao/app_v4/*</url-pattern>
</filter-mapping>


I have one doubt here . I need to prevent this clickjacking issue for another application as well ( say , https://abcd.rw.xyz.com/mer/nao/app_v5/*). But I did this by adding one more filter-mapping , apart from the one mentioned above, in the config file . Can I achieve this by adding multiple url-patterns in the same filter-mapping?.If possible which is the best method?. I mean creating a new filter-mapping or adding more than one url patterns in the same filter-mapping?.


Any idea or thoughts well appreciated?

This topic has been closed for replies.
Correct answer BKBK

In this case, you may use one set of <filter-mapping><filter-name> elements with multiple <url-pattern> elements. That design is actually better than one in which you set one url-pattern for each <filter-mapping> element. In the latter design, the underlying Java code will create extra objects to represent the additional filter mappings, unnecessarily.

1 reply

BKBK
Community Expert
BKBKCommunity ExpertCorrect answer
Community Expert
September 24, 2014

In this case, you may use one set of <filter-mapping><filter-name> elements with multiple <url-pattern> elements. That design is actually better than one in which you set one url-pattern for each <filter-mapping> element. In the latter design, the underlying Java code will create extra objects to represent the additional filter mappings, unnecessarily.

A
Abdul L KoyappayilAuthor
Inspiring
September 24, 2014

Is it like below.

<filter-mapping>

  <filter-name>CFClickJackFilterDeny</filter-name>

  <url-pattern>/mer/nao/app_v4/*</url-pattern>

  <url-pattern>/mer/nao/app_v5/*</url-pattern>

</filter-mapping>

Just to check the rule is correct or not.

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
September 24, 2014

Right.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices