Merge pull request #419 from harshanL/master

Added security filters to emm-web-agent app
8 years ago · ab3e31f432
parent 3b867a533d e1afb5bcdc
commit ab3e31f432
1 changed files with 35 additions and 0 deletions
--- a/components/mobile-plugins/mobile-base-plugin/org.wso2.carbon.device.mgt.mobile.ui/src/main/resources/jaggeryapps/emm-web-agent/jaggery.conf
+++ b/components/mobile-plugins/mobile-base-plugin/org.wso2.carbon.device.mgt.mobile.ui/src/main/resources/jaggeryapps/emm-web-agent/jaggery.conf
@ -98,6 +98,11 @@
    {
      "name": "URLBasedCachePreventionFilter",
      "class": "org.wso2.carbon.ui.filters.cache.URLBasedCachePreventionFilter"
+    },
+    {
+      "name":"HttpHeaderSecurityFilter",
+      "class":"org.apache.catalina.filters.HttpHeaderSecurityFilter",
+      "params" : [{"name" : "hstsEnabled", "value" : "false"}]
    }
  ],
  "filterMappings": [
@ -108,6 +113,36 @@
    {
      "name": "URLBasedCachePreventionFilter",
      "url": "/enrollment/*"
+    },
+    {
+      "name":"HttpHeaderSecurityFilter",
+      "url":"*"
+    }
+  ],
+  "listeners" : [
+    {
+      "class" : "org.owasp.csrfguard.CsrfGuardServletContextListener"
+    },
+    {
+      "class" : "org.owasp.csrfguard.CsrfGuardHttpSessionListener"
+    }
+  ],
+  "servlets" : [
+    {
+      "name" : "JavaScriptServlet",
+      "class" : "org.owasp.csrfguard.servlet.JavaScriptServlet"
+    }
+  ],
+  "servletMappings" : [
+    {
+      "name" : "JavaScriptServlet",
+      "url" : "/csrf.js"
+    }
+  ],
+  "contextParams" : [
+    {
+      "name" : "Owasp.CsrfGuard.Config",
+      "value" : "/repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
    }
  ]
 }