How to enable HSTS (HTTP Strict Transport Security) in Tomcat + JIRA -


it helpful if suggest me enable hsts(http strict transport security) header in tomcat

my jira application running on tomcat , there no apache or nginx @ front.

i set hsts response header jira application, kindly please suggest how can implement in tomcat.

thanks in advance.

i think you're looking for. took https://bz.apache.org/bugzilla/attachment.cgi?id=30003&action=edit

<filter>     <filter-name>hstsfilter</filter-name>     <filter-class>org.apache.catalina.filters.hstsfilter</filter-class>     <init-param>        <param-name>maxageseconds</param-name>        <param-value>31536000</param-value>     </init-param>     <init-param>        <param-name>includesubdomains</param-name>        <param-value>true</param-value>     </init-param> </filter> <filter-mapping>     <filter-name>hstsfilter</filter-name>     <url-pattern>/*</url-pattern> </filter-mapping>  package org.apache.catalina.filters;  import java.io.ioexception;  import javax.servlet.filterchain; import javax.servlet.filterconfig; import javax.servlet.servletexception; import javax.servlet.servletrequest; import javax.servlet.servletresponse; import javax.servlet.http.httpservletresponse;  import org.apache.juli.logging.log; import org.apache.juli.logging.logfactory;  public class hstsfilter extends filterbase {     private static final string header_name = "strict-transport-security";     private static final string max_age_directive = "max-age=%s";     private static final string include_sub_domains_directive = "includesubdomains";      private static final log log = logfactory.getlog(hstsfilter.class);      // default "0" recommended in section 11.2 of rfc 6797     private int maxageseconds = 0;     private boolean includesubdomains = false;      private string directives;      public void setmaxageseconds(int maxageseconds) {         this.maxageseconds = maxageseconds;     }      public void setincludesubdomains(boolean includesubdomains) {         this.includesubdomains = includesubdomains;     }      @override     public void dofilter(servletrequest request, servletresponse response,             filterchain chain) throws ioexception, servletexception {         chain.dofilter(request, response);          // note hsts header must not included in http responses         // conveyed on non-secure transport         if (request.issecure() && response instanceof httpservletresponse) {             httpservletresponse res = (httpservletresponse) response;             res.addheader(header_name, this.directives);         }     }      @suppresswarnings("boxing")     @override     public void init(filterconfig filterconfig) throws servletexception {         super.init(filterconfig);         if (this.maxageseconds < 0) {             throw new servletexception(sm.getstring(                     "hsts.invalidparametervalue", this.maxageseconds,                     "maxageseconds"));         }         this.directives = string.format(max_age_directive, this.maxageseconds);         if (this.includesubdomains) {             this.directives += (" ; " + include_sub_domains_directive);         }     }      @override     protected log getlogger() {         return log;     } }

check code on link i've attached.


Comments

Post a Comment

Popular posts from this blog

powershell Start-Process exit code -1073741502 when used with Credential from a windows service environment -

i'm running strange behavior powershell start-process call. here call: $process = start-process ` "c:\somepath\mybinary.exe" ` -passthru ` -credential $defaultcredential ` -wait ` -workingdirectory "c:\somepath" ` -loaduserprofile if ($process.exitcode -ne 0) { #do } this call return exit code - 1073741502 . after quick search, exit code seems related generic error when program not load required dll (aka. status_dll_init_failed ). when run without -credential $credential program runs correctly. in order isolate problem, manually launched some.exe in prompt target credential , runs smoothly. so problem seems come way start-process cmdlet launch process. i found potential solutions problem tried apply no luck : link , link . would have idea of what's going on here ? edit 1: run proc mon monitoring program activities when launched directly or via powershell script. problem seems occur when loading kernelbase
Read more

twig - Using Twigbridge in a Laravel 5.1 Package -

i'm trying create laravel 5.1 package uses twigbridge instead of .php views. can normal .php views display fine, when try make use of .twig templates i'm met error. possible use twigbridge templates when creating views laravel package or pretty stuck blade , php ? edit 1: loading twig template without extending works. it's when start using {% extends 'file' %} error comes out. i error error loading /virtual/laravel/packages/username/mypackage/src/views/sample.twig: template "templates.master" not defined () in "/virtual/laravel/packages/username/mypackage/src/views/sample.twig" @ line 1. my folders username |_ mypackage |_ src |_ controllers - samplecontroller.php |_ views |_ templates - master.twig - sample.twig twig template sample.twig {% extends 'templates.master' %} {% block content %} {{ parent()
Read more

c# - LINQ join Entities from HashSet's, Join vs Dictionary vs HashSet performance -

i have hashset's each stores t, have written test application compares different relation algorithms can think of, i'm not pleased results getting. does there exist more efficient ways of achieving object relations, once testing? using system; using system.collections.generic; using system.linq; using system.text; using system.threading.tasks; using system.diagnostics; namespace linqtests { class program { static void main(string[] args) { hashset<user> usertable = new hashset<user>(); hashset<userproperty> userpropertytable = new hashset<userproperty>(); #region lets create dummy data. console.writeline("please wait while creating dummy data, can take while..."); console.writeline(""); int rows = 1000000; for(int x = 0; x < rows; x++) { random rnd = new random(); // ad
Read more