I have resource say /logout.jspx which is outside the ADF context. The remaining of the app in under ADF. This has been done for some reason and cannot be undone. Now the problem is that since the logout.jspx is outside ADF, it is vulnerable to CSRF and Click jack attacks. To avoid this I want to load logout.jspx via ResouceServlet. I have a question for this:
- Can I do this just by having the following configuration:
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/jsp/logout.jsp</url-pattern>
</servlet-mapping>
Do I need a resources file for this and if so then what will be resource handler in this case?