Return-Path: 
 <commits-return-36651-apmail-activemq-commits-archive=activemq.apache.org@activemq.apache.org>
X-Original-To: apmail-activemq-commits-archive@www.apache.org
Delivered-To: apmail-activemq-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 98815186D0
	for <apmail-activemq-commits-archive@www.apache.org>;
 Fri, 29 Jan 2016 21:06:57 +0000 (UTC)
Received: (qmail 95698 invoked by uid 500); 29 Jan 2016 21:06:57 -0000
Delivered-To: apmail-activemq-commits-archive@activemq.apache.org
Received: (qmail 95657 invoked by uid 500); 29 Jan 2016 21:06:57 -0000
Mailing-List: contact commits-help@activemq.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@activemq.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@activemq.apache.org>
List-Post: <mailto:commits@activemq.apache.org>
List-Id: <commits.activemq.apache.org>
Reply-To: dev@activemq.apache.org
Delivered-To: mailing list commits@activemq.apache.org
Received: (qmail 95647 invoked by uid 99); 29 Jan 2016 21:06:57 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Jan 2016 21:06:57 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id 650C4DFFF4; Fri, 29 Jan 2016 21:06:57 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: cshannon@apache.org
To: commits@activemq.apache.org
Message-Id: <0f04e70f4537471ca95a511f4a4b7585@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: activemq git commit: https://issues.apache.org/jira/browse/AMQ-6113
Date: Fri, 29 Jan 2016 21:06:57 +0000 (UTC)

Repository: activemq
Updated Branches:
  refs/heads/master 7eb25ec50 -> 186b5d0f3


https://issues.apache.org/jira/browse/AMQ-6113

Properly set the X-FRAME-OPTIONS header on web responses.


Project: http://git-wip-us.apache.org/repos/asf/activemq/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/186b5d0f
Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/186b5d0f
Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/186b5d0f

Branch: refs/heads/master
Commit: 186b5d0f305ed63b23a1db712a933aa4896006cf
Parents: 7eb25ec
Author: Christopher L. Shannon (cshannon) <christopher.l.shannon@gmail.com>
Authored: Fri Jan 29 21:05:35 2016 +0000
Committer: Christopher L. Shannon (cshannon) <christopher.l.shannon@gmail.com>
Committed: Fri Jan 29 21:05:35 2016 +0000

----------------------------------------------------------------------
 .../src/main/webapp/WEB-INF/web.xml             | 10 ++++
 .../src/main/webapp/WEB-INF/web.xml             |  9 ++++
 .../activemq/web/XFrameOptionsFilter.java       | 53 ++++++++++++++++++++
 3 files changed, 72 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq/blob/186b5d0f/activemq-web-console/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/activemq-web-console/src/main/webapp/WEB-INF/web.xml b/activemq-web-console/src/main/webapp/WEB-INF/web.xml
index 962713e..28a873c 100755
--- a/activemq-web-console/src/main/webapp/WEB-INF/web.xml
+++ b/activemq-web-console/src/main/webapp/WEB-INF/web.xml
@@ -25,6 +25,16 @@
     Apache ActiveMQ Web Console
   </description>
   <display-name>ActiveMQ Console</display-name>
+  
+  <filter>
+    <filter-name>XFrameOptions</filter-name>
+    <filter-class>org.apache.activemq.web.XFrameOptionsFilter</filter-class>
+  </filter>
+
+  <filter-mapping>
+    <filter-name>XFrameOptions</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
 
   <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
   <!--              Expose Spring POJOs to JSP                   .                                                             -->

http://git-wip-us.apache.org/repos/asf/activemq/blob/186b5d0f/activemq-web-demo/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/activemq-web-demo/src/main/webapp/WEB-INF/web.xml b/activemq-web-demo/src/main/webapp/WEB-INF/web.xml
index cd39366..39240d6 100755
--- a/activemq-web-demo/src/main/webapp/WEB-INF/web.xml
+++ b/activemq-web-demo/src/main/webapp/WEB-INF/web.xml
@@ -30,6 +30,15 @@
     </context-param>
 
 	<!-- filters -->
+    <filter>
+      <filter-name>XFrameOptions</filter-name>
+      <filter-class>org.apache.activemq.web.XFrameOptionsFilter</filter-class>
+    </filter>
+  
+    <filter-mapping>
+      <filter-name>XFrameOptions</filter-name>
+      <url-pattern>/*</url-pattern>
+    </filter-mapping>
 	<filter>
 		<filter-name>session</filter-name>
 		<filter-class>org.apache.activemq.web.SessionFilter</filter-class>

http://git-wip-us.apache.org/repos/asf/activemq/blob/186b5d0f/activemq-web/src/main/java/org/apache/activemq/web/XFrameOptionsFilter.java
----------------------------------------------------------------------
diff --git a/activemq-web/src/main/java/org/apache/activemq/web/XFrameOptionsFilter.java b/activemq-web/src/main/java/org/apache/activemq/web/XFrameOptionsFilter.java
new file mode 100644
index 0000000..e78c79f
--- /dev/null
+++ b/activemq-web/src/main/java/org/apache/activemq/web/XFrameOptionsFilter.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.web;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Filter to set the header X-FRAME-OPTIONS on web responses
+ *
+ */
+public class XFrameOptionsFilter implements Filter {
+
+    private static String SAMEORIGIN = "SAMEORIGIN";
+
+    @Override
+    public void init(FilterConfig config) throws ServletException {
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        HttpServletResponse servletResponse = (HttpServletResponse)response;
+        //Set all responses to SAMEORIGIN, can be switched to be configurable later if
+        //we need to conditionally set this
+        servletResponse.addHeader("X-FRAME-OPTIONS", SAMEORIGIN);
+        chain.doFilter(request, response);
+    }
+
+    @Override
+    public void destroy() {
+    }
+}