0

I have a simple static website (a single index.html page and some css files) being served by a Glassfish 4 server. I am required to include the following headers:

 - Cache-control: no-store
 - Pragma: no-cache
 - List item
 - X-XSS-Protection
 - content-security-policy

Googling only seems to provide answers which instruct me to open bla.java and extend catalina whatchamacallit response wrapper or creating a time-space continuum filter or cooking a pot of beans or other some-such. As I said above, I don't have a single java file in the entire website. Just plain old html and css.

Isn't there something I can add to the glassfish-web.xml to tell glassfish to include those headers?

As far as I can see, for other types of server it's just a simple matter of configuring the server:

  • IIS: add the headers and values from IIS panel
  • nginx: modify nginx.conf
  • Apache: modify httpd.conf

Do I really have to write java code to achieve this with glassfish?

This is what the directory tree of the entire project looks like:

├MyProject
├───pom.xml
├───src
│   └───main
│       ├───frontend
│       │   ├───index.html
│       │   ├───index.css
│       │   └───index.js
│       └───webapp
│           └───WEB-INF
│               ├───glassfish-web.xml
│               └───web.xml
└───target
    ├───MyProject.war
    ├───MyProject
    │   ├───index.html
    │   ├───index.css
    │   └───index.js     
    └───maven-archiver
        └───pom.properties

As one can see, no java file in sight. This question is therefore not a duplicate since the answers to similar questions is not aplicable to my question.

For completenes, here are the contents of the various XMLs:

  • pom.xml:
<?xml version="1.0" encoding="UTF-8"?>

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.some.project</groupId>
    <artifactId>com.some.project</artifactId>
    <version>1.0.0</version>
    <packaging>war</packaging>

    <name>MyProject</name>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <maven.compiler.source>1.7</maven.compiler.source>
        <maven.compiler.target>1.7</maven.compiler.target>
    </properties>

    <build>
        <finalName>MyProject</finalName>
        <plugins>
            <plugin>
                <groupId>com.github.eirslett</groupId>
                <artifactId>frontend-maven-plugin</artifactId>
                <version>1.6</version>
                <configuration>
                    <workingDirectory>src/main/frontend</workingDirectory>
                </configuration>
            </plugin>
            
            <plugin>
                <artifactId>maven-war-plugin</artifactId>
                <version>3.2.2</version>
                <configuration>
                    <failOnMissingWebXml>false</failOnMissingWebXml>
                    <!-- Add frontend folder to war package -->
                    <webResources>
                        <resource>
                            <directory>src/main/frontend</directory>
                        </resource>
                    </webResources>
                </configuration>
            </plugin>
        </plugins>
    </build>
</project>
  • glassfish-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="">
    <context-root>/</context-root>
</glassfish-web-app>
  • web.xml:
<!-- <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.4//EN" "http://java.sun.com/dtd/web-app_2_4.dtd"> -->

<web-app>
    <display-name>MyProject</display-name>
</web-app>
user1969903
  • 810
  • 13
  • 26
  • Does this answer your question? [How can I set HTTP headers in Glassfish server](https://stackoverflow.com/questions/4344922/how-can-i-set-http-headers-in-glassfish-server) – Joe May 17 '21 at 10:25
  • First answer: first link dead, second link specifies addind to ```sun-web.xml```. I don't have that file. Second answer requires changes to java code. I don't have any java code to change. It isn't a java project. Third answer recommends extending the DefaultServlet, override something like doGet() and add the headers you need. Again nothing to extend, not a java project. – user1969903 May 17 '21 at 11:59
  • Glassfish doesn't support this directly. You'll need to either write code, or find an existing filter that will set headers for you. You will find better web servers for taking control over static content. – Joe May 20 '21 at 11:00
  • Thanks for pointing that out. Unfortunately, I am not the one deciding what server to use. I guess I have to create a simple Java servlet app for this to work. They won't be happy when I tell them I have to do this just to set a few headers. Maybe next time they'll let me use Apache. – user1969903 May 21 '21 at 09:14

1 Answers1

0

Normally in big companies Glassfish is used together with Apache. So my idea would be to add the header information on the Apache side. But nonetheless found this page about Glassfish Server Tuning that might be useful.

Glassfish admin console

Tuning the GlassFish Server->File Cache Settings

You may find this information useful about Glassfish caching

user13892443
  • 1
  • 1
  • In the ended I created a small java app to serve my Angular app and shoehorned all the headers in each response. I guess that is the Oracle way. Bought a small, nimble car for city driving? Well if you bought the car from Oracle, the only way to use it is to strap it to a big, heavy two stroke diesel truck from the fifties and drive that around. By the way, I also don't have access to the Glassfish admin console on prod. Everything is done by those scripts. – user1969903 Dec 04 '21 at 09:34