Skip to content

This provides Valve implementations to add response security headers to container managed security on Apache Tomcat

License

Notifications You must be signed in to change notification settings

bluelotussoftware/tomcat-security-valves

Repository files navigation

tomcat-security-valves Javadocs

This provides Valve implementations to add response security headers to container managed security on Apache Tomcat. The valves may be implemented by adding them to the conf/context.xml file for all deployements on Apache Tomcat, or to the project context.xml as shown below:

    <!-- These can be replaced with the org.apache.catalina.filters.HttpHeaderSecurityFilter. -->
    <!-- However it does not secure container-managed-security. You must use a Valve to handle that case. -->

    <Valve className="com.bluelotussoftware.tomcat.security.valves.ReferrerPolicyValve" />
    <Valve className="com.bluelotussoftware.tomcat.security.valves.StrictTransportSecurityValve" />
    <Valve className="com.bluelotussoftware.tomcat.security.valves.XContentTypeOptionsValve" />
    <Valve className="com.bluelotussoftware.tomcat.security.valves.XFrameOptionsValve" />
    <Valve className="com.bluelotussoftware.tomcat.security.valves.XSSProtectionValve" />
    <Valve className="com.bluelotussoftware.tomcat.security.valves.JSecurityCheckNoCacheValve" />

The binaries are deployed to Maven Central at the following coordinates:

<dependency>
  <groupId>com.bluelotussoftware</groupId>
  <artifactId>tomcat-security-valves</artifactId>
  <version>2.2.5</version>
</dependency>

NOTE: The file should be installed in the Apache Tomcat /lib/ directory to be available for all applications. This applies even if you are using an individual context.xml per project to enable it.

Javadocs

About

This provides Valve implementations to add response security headers to container managed security on Apache Tomcat

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages