This provides Valve implementations to add response security headers to container managed security on Apache Tomcat
This provides Valve implementations to add response security headers to container managed security on Apache Tomcat. The valves may be implemented by adding them to the conf/context.xml file for all deployements on Apache Tomcat, or to the project context.xml as shown below:
<!-- These can be replaced with the org.apache.catalina.filters.HttpHeaderSecurityFilter. --><!-- However it does not secure container-managed-security. You must use a Valve to handle that case. --><Valve className="com.bluelotussoftware.tomcat.security.valves.ReferrerPolicyValve" ></Valve><Valve className="com.bluelotussoftware.tomcat.security.valves.StrictTransportSecurityValve" ></Valve><Valve className="com.bluelotussoftware.tomcat.security.valves.XContentTypeOptionsValve" ></Valve><Valve className="com.bluelotussoftware.tomcat.security.valves.XFrameOptionsValve" ></Valve><Valve className="com.bluelotussoftware.tomcat.security.valves.XSSProtectionValve" ></Valve><Valve className="com.bluelotussoftware.tomcat.security.valves.JSecurityCheckNoCacheValve" ></Valve>
The binaries are deployed to Maven Central at the following coordinates:
<dependency><groupId>com.bluelotussoftware</groupId><artifactId>tomcat-security-valves</artifactId><version>2.2.5</version></dependency>
NOTE: The file should be installed in the Apache Tomcat /lib/ directory to be available for all applications. This applies even if you are using an individual context.xml per project to enable it.