Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jakartaee-platform-dev] Jakarta EE Http Firewall

Hi,

Can you add an issue in the issue tracker for this? I'll add the EE12 label to it so we can follow up on the discussion.

https://github.com/jakartaee/platform/issues

Ivar

On Wed, Feb 19, 2025 at 10:04 AM Gurunandan Rao via jakartaee-platform-dev <jakartaee-platform-dev@xxxxxxxxxxx> wrote:
Hi All,
Please provide  valuable suggestion for adding an Http Firewall as part of Jakarta Http Specification. Details of the proposal are explained in the below mail.

regards,
Guru


From: Gurunandan Rao <gurunandan.rao@xxxxxxxxxx>
Sent: 07 February 2025 15:34
To: EE4J Security project <jakarta-security-dev@xxxxxxxxxxx>
Subject: Jakarta EE Http Firewall
 
Hi Team,
Jakarta EE Application should have security against common exploits, various exploits that Jakarta Security can protects against can be grouped as follows:
  • Cross Site Request Forgery (CSRF) attack.
  • Secure HTTP Response Headers.
  • All HTTP-based communication, including static resources, should be protected by using TLS.

Http Firewall is one of the methods by which Jakarta Application can be secured and Whenever possible, the protection should be enabled by default.

Please advice on Http Firewall for Jakarta 12 Applications.

Please note Spring provides Http Firewall with following protection:

As a framework, Spring Security does not handle HTTP connections and thus does not provide support for HTTPS directly. However, it does provide a number of features that help with HTTPS usage.

_______________________________________________
jakartaee-platform-dev mailing list
jakartaee-platform-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jakartaee-platform-dev


--

Ivar Grimstad

Jakarta EE Developer Advocate | Eclipse Foundation Eclipse Foundation - Community. Code. Collaboration. 


Back to the top