Trust all well.
Actually, I want to do a security enhancement on my mixed spring roo and spring mvc web application on tomcat 7.
After I changed and put a piece of code as per below at web.xml tomcat:
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
Then, my output of pdf report became not working as a snapshot below:
From my research, I must put /report/** path in exception list by configure at security config xml file. but I did not have any idea on xml config. For me, Java config is more ease to configure.
Is it correct idea? Any clues and solution in how to solve it?
Define HttpServletResponse response at your controller method parameter.
and then just add this code as per below, set parameter value to application/pdf because my output is pdf file type:
response.setContentType("application/pdf");