How to use spring security to prevent xss and xframe attack

Question

I look spring web site and want to prevent my website form xss and xframe attack

But My english is not well enough to figure out what to set

Please guide

Answer 1

If you just specify the same code that you have above, Spring Security should automatically add all of the relevant security headers. Per the docs:

If you are using Spring Security’s Java configuration, all of the default security headers are added by default.

Also:

As soon as you specify any headers that should be included, then only those headers will be include

See details and code samples in this section:

http://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/reference/htmlsingle/#default-security-headers

Answer 2

Please use following code for example

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/api/**").hasAnyRole("ADMIN","USER").and().httpBasic().and().headers().disable();
        //.and().formLogin();


    }