Adding Clickjacking Framing Protection to JSPs in DTR

To protect your JSPs from clickjacking attack, enable clickjacking framing protection in the designtime repository (DTR). Clickjacking framing protection protects JSPs whether they are framing or framed by other applications.

Procedure

Add a dependency to sap.com/tc~lm~itsam~service~clickjacking development component (DC).

DTR automatically generates the respective entry in the application-j2ee-engine.xml of the resulting EAR.
Integrate the tag library descriptor for the custom tag, preventClickJacking.tld in the WEB-INF directory of the application.
1. Download the file postbuild_7.1+.vm from SAP Note 2290783 .
2. Rename postbuild_7.1+.vm to postbuild.vm.
3. Place postbuild.vm in the cfg folder of the application.
4. Add dependency to the public part of sap.com/tc~lm~itsam~clickjacking~protection~web development component named tld.
5. Open the .dcdef file of the application in a text editor, find the <dependency> entry for the tld public part made from the previous step and add qualifier="copy_files" to the <at-build-time /> tag.
  Sample Code
```
…
<dependency>
	<dc-ref>
		<name>tc/lm/itsam/clickjacking/protection/web</name>
		<vendor>sap.com</vendor>
	</dc-ref>
	<pp-ref>tld</pp-ref>
	<at-build-time qualifier="copy_files="/>
</dependency>
…
```
6. Submit the modified .dcdef file in the DTR.

Next Steps

To complete your development, add the ClickJacking Protection custom tag.