0

I'm running Jira 8.3.1. on the Tomcat 8 that comes with Jira.

I need to be sure where my JAR file should go with this configuration.

I wrote a servlet filter and packaged it into a jar. I added my filter to {jira-install}/conf/web.xml and I also added it to {{jira-install}/atlassian-jira/WEB-INF/web.xml since I'm not really sure which one it should go in.

I put my JAR in {jira-install}/lib and also in {jira-install}/atlassian-jira/WEB-INF/lib since I'm not really sure which one it should go it.

I even added a println stmt to watch it in catalina.out. I don't see it, which means my filter may never get invoked or initialized:

=================================

public class mySetHeader implements Filter {
    private String headerName;
    private String headerValue;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.headerName = filterConfig.getInitParameter("header-name");
        this.headerValue = filterConfig.getInitParameter("header-value");
    }

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest request = new EnsureHeaderPresent((HttpServletRequest) req, headerName, headerValue);
        chain.doFilter(request, res);
        System.out.println("=============> My Filter <=============");
    }

    public void destroy() {
        this.headerName = null;
        this.headerValue = null;
    }

    private class EnsureHeaderPresent extends HttpServletRequestWrapper {
        private String headerName;
        private String headerValue;

        public EnsureHeaderPresent(HttpServletRequest request, String name, String value) {
            super(request);
            this.headerName = name;
            this.headerValue = value;
        }

        @Override
        public String getHeader(String name) {
            if (this.headerName != null && this.headerName.equals(name)) {
                return this.headerValue;
            }

            return super.getParameter(name);
        }

        @Override
        public Enumeration<String> getHeaderNames() {
            Enumeration<String> headerNames = super.getHeaderNames();
            ArrayList<String> all;
            if (headerNames == null) {
                all = new ArrayList<String>();
            } else {
                all = Collections.list(headerNames);
            }

            all.add(this.headerName);
            return Collections.enumeration(all);
        }

    }
}

================= web.xml =================

  <filter>
     <filter-name>RequestHeaderFilter</filter-name>
     <filter-class>org.nwea.setheader.NweaSetHeader</filter-class>
     <init-param>
        <param-name>header-name</param-name>
        <param-value>Referrer-Policy</param-value>
     </init-param>
     <init-param>
        <param-name>header-value</param-name>
        <param-value>no-referrer</param-value>
     </init-param>
  </filter>

Expecting to run my website through https://securityheaders.com/ and have my filter add the "Referrer-Policy" header on each request.

Buford T Justice
  • 19
  • 1
  • 3

1 Answers1

0

I was able to resolve this question. (1) First, I was missing the servlet for this particular filter. I added that to {jira-install}/conf/web.xml and my filter began getting invoked. (2) Therefore, I no longer needed my servlet filter entry in {{jira-install}/atlassian-jira/WEB-INF/web.xml, as it was redundant, so I removed it. (3) I learned that Jira found my JAR in {jira-install}/lib, so I removed it from {jira-install}/atlassian-jira/WEB-INF/lib. Now I see my filter being called, but the Referrer-Policy is not being set. The original issue is resolved.

Buford T Justice
  • 19
  • 1
  • 3