Spring Security Anotation @EnableWebSecurity does not works in Spring MVC project
I have to enable X-Frame-Options: SAMEORIGIN in my spring MVC project, to return this param in to http response header.
Project is deployed on Apache Tomcat 9.
here is my web security configuration
@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers().frameOptions().sameOrigin();
}
}
This is how I initialize dispatcher servlet
public class DispatcherServletInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[]{AppConfig.class, WebSecurityConfig.class};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[]{WebConfig.class};
}
@Override
protected String[] getServletMappings() {
return new String[]{"/"};
}
}
In spring security documentation (https://docs.spring.io/spring-security/site/docs/5.3.1.RELEASE/reference/html5/#headers) it's mentioned that
Spring Security provides a default set of security related HTTP response headers to provide secure defaults.
But, I can't see any security header in Response Header, it seems that spring security is not enabled in my project.
If I add header option manually in to @Controller class method it works
@Controller
public class WController {
@GetMapping("/hello")
public String sayHello(HttpServletResponse response, Model model) {
response.setHeader("X-Frame-Options", "SAMEORIGIN");
return "htmlPageTemplate";
}
}
Please check, What I made wrong. How to fix and enable web security properly?
I missed filter, just added new class to extend AbstractSecurityWebApplicationInitializer, and it fixed the problem.
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
}
- Keep numbers which appear in both columns, in J lang
- Differentiation in J
- How to reshape an array with an arbitrary size in one dimension?
- Why is Insert (fold) right associative
- Write 4 : 'x&{.&.;: y' tacitly
- Alignment issue when printing formatted prime numbers in J language
- How can I define a verb in J that applies a different verb alternately to each atom in a list?
- How to get user input in the J programming language
- How to unbox a list of boxed lists of differing lengths in J?
- How can I fix 'noun result was required' error in J?
- In j, how can I define a verb locally in one scope and pass it to a defined adverb?
- Convert boxed array to normal array?
- Read column of CSV file as array
- Replace atom in array of strings
- What does the dyad `=` do to boxed strings?
- Index of minimum element using J
- How can I take the outer product of string vectors in J?
- Building an array of verbs in J
- Reading in multidigit command line parameter
- Amend with bond to new data shows unexpected behaviour
- How to turn a table or matrix into a (flat) list in J
- How to run dissect in J?
- How to define selection using index function in J
- How to exit the J console?
- Find 4-neighbors using J
- Writing custom verbs in J
- How do I negate a selector in J lang?
- How to use arbitrary selector in interchange in J lang?
- different result once square root is added inside tacit
- Sum of arrays with repeated indices