springtomcat7web.xmlhsts
JasperReport PDF displayed unrecognized binary after hardening Tomcat 7 web.xml
Trust all well.
Actually, I want to do a security enhancement on my mixed spring roo and spring mvc web application on tomcat 7.
After I changed and put a piece of code as per below at web.xml tomcat:
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
Then, my output of pdf report became not working as a snapshot below:
From my research, I must put /report/** path in exception list by configure at security config xml file. but I did not have any idea on xml config. For me, Java config is more ease to configure.
Is it correct idea? Any clues and solution in how to solve it?
Solution
Define HttpServletResponse response at your controller method parameter.
and then just add this code as per below, set parameter value to application/pdf because my output is pdf file type:
response.setContentType("application/pdf");
- WARNING: Exception encountered during context initialization - cancelling refresh attempt
- How to increase the maximum length of SpEL expressions in spring boot 3.3.0?
- Start a spring batch job when already within a transaction
- How to persist data in H2 database
- is using DTOs in every case always a good practice?
- How to add custom ApplicationContextInitializer to a spring boot application?
- How do I make the update query executed by JdbcPollingChannelAdapter transactional?
- How to configure a TransactionInterceptor equivalent to the @Transactional annotation for use with PollerMetadata advice
- Spring Webflux - WebClient over TLSv1.2
- Spring 5 WebClient using ssl
- Application version does not show up in Spring Boot banner.txt
- package org.springframework.boot does not exist
- How to specify prefix for all controllers in Spring Boot?
- After upgrading spring framework 6.0.14 to 6.1.6 getting error in this spell expression
- Why my tomcat do not open when i run spring boot project?
- Spring Data JDBC Firebird dialect not recognized
- Why do I get a "io.jsonwebtoken.ExpiredJwtException"?
- Null exception @Service in a spring @RestController using constructor injection
- Spring MVC: RESTful web services + BlazeDS integration possible in the same web application?
- How to set SameSite and Secure attribute to JSESSIONID cookie
- Avoid Jackson serialization on non fetched lazy objects
- Jackson triggering JPA Lazy Fetching on serialization
- Spring Boot - no log file written (logging.file is not respected)
- Choosing fields to return with Places API (new) client library
- Springfox Type javax.servlet.http.HttpServletRequest not present
- Invalid value type for attribute 'factoryBeanObjectType': java.lang.String in Spring v6.1
- Spring boot embedded tomcat application session does not invalidate
- Spring Boot Fails to Start after First Boot
- logging.file.max-history is not working in Spring Boot
- Cucumber configuration error in IntelliJ: Please annotate a glue class with some context configuration