I have a IBM WebSphere Application Server 8.5 and want to set a X-Content-Type-Options nosniff. Thanks a lot!
In your application (including possibly in a servlet filter) you can use HTTPServletResponse.setHeader() to add any header you desire.
https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletResponse.html#setHeader(java.lang.String,%20java.lang.String)
If you run your application on WebSphere Liberty, you can additionally add/modify headers via the configuration file: https://openliberty.io/blog/2021/10/05/configurable-response-headers-21.0.0.11-beta.html
If you have a HTTP proxy server in front of WebSphere, you can usually manipulate headers via the configuration file.
Related
I am working on WebSphere migration. I have an application which is deployed on the WebSphere application server
as it Seems. The application needs some of the class files.
These classes are loaded using com.ibm.websphere.runtime.CustomService
As I do not have access to the WebSphere Admin Console. is there any configuration file in which CustomService config settings are stored?
I tried creating one as documented here https://www.ibm.com/support/knowledgecenter/SS7JFU_8.5.5/com.ibm.websphere.express.iseries.doc/ae/trun_customservice.html and the configuration seems to be stored in server.xml of the server where the custom service is defined.
I am new in web application, I'm facing issue of clickjacking in my web app which can be deployed on Oracle Weblogic and IBM WebSphere and not using any HHTP server.
To prevent from clickjacking I got to know about X-Frame-Options to set on response header.
I get some information from X-Frame-Options
how to set on HTTP server, but there were nothing specific to application server setting related to same.
I have following question -
1- Do we need a Web server to configure X-Frame-Options?
2- How to configure X-Frame-Options on Oracle Weblogic and IBM WebSphere
You can set these response headers in any servlet, jsp, servlet filter, etc, with HTTPServletResponse.setHeader(). Most HTTP proxy servers can manipluate response headers too, but it's not necessary.
WebSphere doesn't give you a configuration-only way to customize headers.
Does WebSphere liberty profile 8.5.5 have RMI or SOAP port?
If so how to config with server.xml and connect via java client remotely.
Liberty supports RMI over IIOP as of version 8.5.5.6. Information on how to configure it is available here: https://www.ibm.com/support/knowledgecenter/SSEQTP_8.5.5/com.ibm.websphere.wlp.doc/ae/rwlp_config_iiopEndpoint.html
SOAP is available over HTTP/HTTPS ports and are configured using httpEndpoints. There is a useful tutorial for configuring SOAP/HTTP and developing a client/server application that uses it here:
https://developer.ibm.com/wasdev/docs/sample_ejbwebservicessample/
Hope this helps, Andy
I am tying to call MDM RMI service with Spring Boot(1.4.2) and Liberty profile beta.When I make a call to RMI service getting javax.naming.NameNotFoundException: Intermediate context does not exist.But same application is working fine in Websphere application server 8.5.
Liberty profile won't support RMI call or am I missing any configuration.I have ebanbled below features in my server.xml.
webProfile-7.0
localConnector-1.0
I can able to make remote EJB RMI call with Liberty 16.0.0.3.
Basically we need certain EJB features enabled in Liberty in order to make Remote EJB call.
Download Liberty Full platform from below link.
https://developer.ibm.com/wasdev/downloads/#asset/runtimes-wlp-javaee7
Add below features in server.xml.By default this will be part of Full platform Liberty.
<feature>javaee-7.0</feature>
<feature>ejbRemote-3.2</feature>
<feature>ejbHome-3.2</feature>
<feature>ejb-3.2</feature>
We are using a Jetty server along with Spring security framework. The server should accept requests from only from a known client (Which is also a server). We want to configure client certificates so that Jetty accepts only the requests with the known client certificate.
How can we configure the server?
All we need to do is set NeedClientAuth in jetty-ssl-config.xml to true. No change is needed in Spring config.