Clickjacking issue - adding multiple url patterns in a single filter mapping

Report · Sep 24, 2014

This is regarding Clickjacking issue. To prevent the clickjacking issue I have added the below setting in the config file (web.xml).

<filter-mapping>
<filter-name>CFClickJackFilterDeny</filter-name>
<url-pattern>https://abcd.rw.xyz.com/mer/nao/app_v4/*</url-pattern>
</filter-mapping>

I have one doubt here . I need to prevent this clickjacking issue for another application as well ( say , https://abcd.rw.xyz.com/mer/nao/app_v5/*). But I did this by adding one more filter-mapping , apart from the one mentioned above, in the config file . Can I achieve this by adding multiple url-patterns in the same filter-mapping?.If possible which is the best method?. I mean creating a new filter-mapping or adding more than one url patterns in the same filter-mapping?.

Any idea or thoughts well appreciated?

Report · Sep 24, 2014

In this case, you may use one set of <filter-mapping><filter-name> elements with multiple <url-pattern> elements. That design is actually better than one in which you set one url-pattern for each <filter-mapping> element. In the latter design, the underlying Java code will create extra objects to represent the additional filter mappings, unnecessarily.

Report · Sep 24, 2014

Is it like below.

<filter-mapping>

<filter-name>CFClickJackFilterDeny</filter-name>

<url-pattern>/mer/nao/app_v4/*</url-pattern>

<url-pattern>/mer/nao/app_v5/*</url-pattern>

</filter-mapping>

Just to check the rule is correct or not.

Report · Sep 24, 2014

Right.

Report · Sep 25, 2014

It would benefit many to know how you got on with your settings for multiple url-patterns. Would you please share your experience with us?

Report · Sep 29, 2014

Sorry for the delay..... Its working fine using multiple url-patterns as well.... Thanks BK

Report · Sep 30, 2014

@Abdul

Thanks for sharing your experience.

Clickjacking issue - adding multiple url patterns in a single filter mapping

1 Correct answer