java - How to Add Spring Security HTTP Response Headers -

starting spring 3.2 can add security xml:

 <security:headers>     <security:frame-options             policy="sameorigin" /> </security:headers> 

but not supported in spring version 3.1, workaround without having upgrade version?

this documentation version 3.1:

http://docs.spring.io/spring-security/site/docs/3.1.3.release/reference/springsecurity.html

i believe xframeoptionsheaderwriter implements logic behind configuration. introduced in spring 3.2, nothing similar exist prior version.

if want implement yourself, can use simple filter:

public class xframeoptionsheaderfilter extends onceperrequestfilter {      @override     protected void dofilterinternal(httpservletrequest request, httpservletresponse response, filterchain filterchain) throws servletexception, ioexception {         response.setheader("x-frame-options", "sameorigin");         filterchain.dofilter(request, response);     }  } 

you need create bean class in application context:

<bean id="xframeoptionsheaderfilter" class="your.package.xframeoptionsheaderfilter"/> 

and register filter in web.xml:

<filter>       <filter-name>xframeoptionsheaderfilter</filter-name>     <filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class> </filter> <filter-mapping>     <filter-name>xframeoptionsheaderfilter</filter-name>     <url-pattern>/*</url-pattern> </filter-mapping> 

wiki