Highlighted

Clickjacking issue - adding multiple url patterns in a single filter mapping

Explorer ,
Sep 24, 2014

Copy link to clipboard

Copied

This is regarding Clickjacking issue. To prevent the clickjacking issue I have added the below setting in the config file (web.xml).


<filter-mapping>
<filter-name>CFClickJackFilterDeny</filter-name>
<url-pattern>https://abcd.rw.xyz.com/mer/nao/app_v4/*</url-pattern>
</filter-mapping>


I have one doubt here . I need to prevent this clickjacking issue for another application as well ( say , https://abcd.rw.xyz.com/mer/nao/app_v5/*). But I did this by adding one more filter-mapping , apart from the one mentioned above, in the config file . Can I achieve this by adding multiple url-patterns in the same filter-mapping?.If possible which is the best method?. I mean creating a new filter-mapping or adding more than one url patterns in the same filter-mapping?.


Any idea or thoughts well appreciated?

Adobe Community Professional
Correct answer by BKBK | Adobe Community Professional

In this case, you may use one set of <filter-mapping><filter-name> elements with multiple <url-pattern> elements. That design is actually better than one in which you set one url-pattern for each <filter-mapping> element. In the latter design, the underlying Java code will create extra objects to represent the additional filter mappings, unnecessarily.

Views

2.1K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Clickjacking issue - adding multiple url patterns in a single filter mapping

Explorer ,
Sep 24, 2014

Copy link to clipboard

Copied

This is regarding Clickjacking issue. To prevent the clickjacking issue I have added the below setting in the config file (web.xml).


<filter-mapping>
<filter-name>CFClickJackFilterDeny</filter-name>
<url-pattern>https://abcd.rw.xyz.com/mer/nao/app_v4/*</url-pattern>
</filter-mapping>


I have one doubt here . I need to prevent this clickjacking issue for another application as well ( say , https://abcd.rw.xyz.com/mer/nao/app_v5/*). But I did this by adding one more filter-mapping , apart from the one mentioned above, in the config file . Can I achieve this by adding multiple url-patterns in the same filter-mapping?.If possible which is the best method?. I mean creating a new filter-mapping or adding more than one url patterns in the same filter-mapping?.


Any idea or thoughts well appreciated?

Adobe Community Professional
Correct answer by BKBK | Adobe Community Professional

In this case, you may use one set of <filter-mapping><filter-name> elements with multiple <url-pattern> elements. That design is actually better than one in which you set one url-pattern for each <filter-mapping> element. In the latter design, the underlying Java code will create extra objects to represent the additional filter mappings, unnecessarily.

Views

2.1K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Sep 24, 2014 0
Adobe Community Professional ,
Sep 24, 2014

Copy link to clipboard

Copied

In this case, you may use one set of <filter-mapping><filter-name> elements with multiple <url-pattern> elements. That design is actually better than one in which you set one url-pattern for each <filter-mapping> element. In the latter design, the underlying Java code will create extra objects to represent the additional filter mappings, unnecessarily.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 24, 2014 0
Explorer ,
Sep 24, 2014

Copy link to clipboard

Copied

Is it like below.

<filter-mapping>

  <filter-name>CFClickJackFilterDeny</filter-name>

  <url-pattern>/mer/nao/app_v4/*</url-pattern>

  <url-pattern>/mer/nao/app_v5/*</url-pattern>

</filter-mapping>

Just to check the rule is correct or not.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 24, 2014 0
Adobe Community Professional ,
Sep 24, 2014

Copy link to clipboard

Copied

Right.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 24, 2014 0
Adobe Community Professional ,
Sep 25, 2014

Copy link to clipboard

Copied

It would benefit many to know how you got on with your settings for multiple url-patterns. Would you please share your experience with us?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 25, 2014 0
Explorer ,
Sep 29, 2014

Copy link to clipboard

Copied

Sorry for the delay..... Its working fine using multiple url-patterns as well.... Thanks BK

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 29, 2014 0
BKBK LATEST
Adobe Community Professional ,
Sep 30, 2014

Copy link to clipboard

Copied

@Abdul

Thanks for sharing your experience.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 30, 2014 0