Show TOC

Implementing Clickjacking Framing Protection in Java Server PagesLocate this document in the navigation structure

Clickjacking framing protection helps protect framing and framed Java server pages (JSP) from UI redressing attack.

Context

We offer variant procedures to integrate the protection, depending on whether you use the designtime repository (DTR) or another repository, such as japro or Perforce. The protection is only effective on systems where the system administrator has activated the clickjacking framing protection service and maintained the associated whitelist. We also provide sample applications to test your implementation.

Remember

Implement clickjacking framing protection in both framing and framed JSPs.

Procedure

  1. Add clickjacking framing protection to your JSPs.
    1. Define reference from the application that you want to protect to the application, which provides the ClickJacking Protection Custom tag.
    2. Integrate the tag library descriptor for the custom tag preventClickJacking.tld in the WEB-INF directory of the application.
  2. Add the ClickJacking Protection Custom tag to the framed JSP as well as the framing JSP.

Next Steps

Once your applications are deployed, a system administrator must configure the whitelist on the host systems. Then you can test your implementation.

Related Information