As per some security requirement have to set the X-Powered-By header to an empty String. I have been trying to set the header in a filter but when I look at the headers in Firebug I see that the custom header value set by my filter is appended by JSF/ 1.2.
The Filter is the first one in the request chain and implicitly the last one in the response chain. Below is the sample code that i have written in the doFilter method.
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
ServletException {
// App specific logic...
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("X-Powered-By","");
chain.doFilter(request, response);
}
Am using Tomcat 6. As my filter is the last one in the response chain, is tomcat setting this header again after the control goes back to the tomcat connector ?
How do I override this value to my custom value ?
You are setting the response header before the rest of the application has had time to process the response. You should set it after the doFilter call
HttpServletResponse httpResponse = (HttpServletResponse) response;
// before filters and servlets
chain.doFilter(request, response);
// after filters and servlets
httpResponse.setHeader("X-Powered-By","");
Also, make sure the response isn't committed before setting the header. You might have to change what your other servlets are doing or wrap the HttpServletResponse.
If the header is being added by the Jasper JSP engine, you can check to see if it's configured that way. Your Jasper servlet in $CATALINA_BASE/conf/web.xml might have the init-param xpoweredBy set to true.