Merge pull request #226 from charithag/master-remove-carbon-console
Remove carbon console ui from MBmerge-requests/1/head
commit
2b35ff2aa8
@ -0,0 +1,177 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright (c) 2005-2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
~
|
||||||
|
~ WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
~ Version 2.0 (the "License"); you may not use this file except
|
||||||
|
~ in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing,
|
||||||
|
~ software distributed under the License is distributed on an
|
||||||
|
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
~ KIND, either express or implied. See the License for the
|
||||||
|
~ specific language governing permissions and limitations
|
||||||
|
~ under the License.
|
||||||
|
-->
|
||||||
|
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
|
||||||
|
"http://java.sun.com/dtd/web-app_2_3.dtd">
|
||||||
|
<web-app id="WebApp">
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<display-name>Restrict access to carbon console</display-name>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Restricted Console UI</web-resource-name>
|
||||||
|
<url-pattern>/carbon/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint/>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<!-- OWASP CSRFGuard per-application configuration property file location-->
|
||||||
|
<context-param>
|
||||||
|
<param-name>Owasp.CsrfGuard.Config</param-name>
|
||||||
|
<param-value>repository/conf/security/Owasp.CsrfGuard.Carbon.properties</param-value>
|
||||||
|
</context-param>
|
||||||
|
|
||||||
|
<servlet id="bridge">
|
||||||
|
<servlet-name>bridgeservlet</servlet-name>
|
||||||
|
<display-name>Carbon Bridge Servlet</display-name>
|
||||||
|
<description>Carbon Bridge Servlet</description>
|
||||||
|
<servlet-class>org.wso2.carbon.tomcat.ext.servlet.DelegationServlet</servlet-class>
|
||||||
|
|
||||||
|
<load-on-startup>1</load-on-startup>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<!-- OWASP CSRFGuard servlet that serves dynamic token injection JavaScript-->
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>JavaScriptServlet</servlet-name>
|
||||||
|
<servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>bridgeservlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
<!--
|
||||||
|
This is required if your application bundles expose JSPs.
|
||||||
|
-->
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>bridgeservlet</servlet-name>
|
||||||
|
<url-pattern>*.jsp</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>JavaScriptServlet</servlet-name>
|
||||||
|
<url-pattern>/carbon/admin/js/csrfPrevention.js</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<!--This is for performing the character encoding in the JSPs. -->
|
||||||
|
<filter>
|
||||||
|
<filter-name>CharsetFilter</filter-name>
|
||||||
|
<filter-class>org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter</filter-class>
|
||||||
|
<init-param>
|
||||||
|
<param-name>requestEncoding</param-name>
|
||||||
|
<param-value>UTF-8</param-value>
|
||||||
|
</init-param>
|
||||||
|
</filter>
|
||||||
|
|
||||||
|
<!-- OWASP CSRFGuard filter used to validate CSRF token-->
|
||||||
|
<filter>
|
||||||
|
<filter-name>CSRFGuard</filter-name>
|
||||||
|
<filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
|
||||||
|
</filter>
|
||||||
|
|
||||||
|
<!-- Tomcat http header security filter -->
|
||||||
|
<filter>
|
||||||
|
<filter-name>HttpHeaderSecurityFilter</filter-name>
|
||||||
|
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
|
||||||
|
<init-param>
|
||||||
|
<param-name>hstsEnabled</param-name>
|
||||||
|
<param-value>false</param-value>
|
||||||
|
</init-param>
|
||||||
|
</filter>
|
||||||
|
|
||||||
|
<filter-mapping>
|
||||||
|
<filter-name>HttpHeaderSecurityFilter</filter-name>
|
||||||
|
<url-pattern>*</url-pattern>
|
||||||
|
</filter-mapping>
|
||||||
|
|
||||||
|
<filter-mapping>
|
||||||
|
<filter-name>CharsetFilter</filter-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</filter-mapping>
|
||||||
|
|
||||||
|
<filter-mapping>
|
||||||
|
<filter-name>CSRFGuard</filter-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</filter-mapping>
|
||||||
|
|
||||||
|
<!-- OWASP CSRFGuard context listener used to read CSRF configuration -->
|
||||||
|
<listener>
|
||||||
|
<listener-class>org.owasp.csrfguard.CsrfGuardServletContextListener</listener-class>
|
||||||
|
</listener>
|
||||||
|
|
||||||
|
<!-- OWASP CSRFGuard session listener used to generate per-session CSRF token -->
|
||||||
|
<listener>
|
||||||
|
<listener-class>org.owasp.csrfguard.CsrfGuardHttpSessionListener</listener-class>
|
||||||
|
</listener>
|
||||||
|
|
||||||
|
<session-config>
|
||||||
|
<session-timeout>15</session-timeout>
|
||||||
|
<cookie-config>
|
||||||
|
<secure>true</secure>
|
||||||
|
</cookie-config>
|
||||||
|
</session-config>
|
||||||
|
|
||||||
|
<!-- custom error pages -->
|
||||||
|
<error-page>
|
||||||
|
<error-code>400</error-code>
|
||||||
|
<location>/carbon/errors/error_400.html</location>
|
||||||
|
</error-page>
|
||||||
|
<error-page>
|
||||||
|
<error-code>401</error-code>
|
||||||
|
<location>/carbon/errors/error_401.html</location>
|
||||||
|
</error-page>
|
||||||
|
<error-page>
|
||||||
|
<error-code>403</error-code>
|
||||||
|
<location>/carbon/errors/error_403.html</location>
|
||||||
|
</error-page>
|
||||||
|
<error-page>
|
||||||
|
<error-code>404</error-code>
|
||||||
|
<location>/carbon/errors/error_404.html</location>
|
||||||
|
</error-page>
|
||||||
|
<error-page>
|
||||||
|
<error-code>405</error-code>
|
||||||
|
<location>/carbon/errors/error_405.html</location>
|
||||||
|
</error-page>
|
||||||
|
<error-page>
|
||||||
|
<error-code>408</error-code>
|
||||||
|
<location>/carbon/errors/error_408.html</location>
|
||||||
|
</error-page>
|
||||||
|
<error-page>
|
||||||
|
<error-code>410</error-code>
|
||||||
|
<location>/carbon/errors/error_410.html</location>
|
||||||
|
</error-page>
|
||||||
|
<error-page>
|
||||||
|
<error-code>500</error-code>
|
||||||
|
<location>/carbon/errors/error_500.html</location>
|
||||||
|
</error-page>
|
||||||
|
<error-page>
|
||||||
|
<error-code>502</error-code>
|
||||||
|
<location>/carbon/errors/error_502.html</location>
|
||||||
|
</error-page>
|
||||||
|
<error-page>
|
||||||
|
<error-code>503</error-code>
|
||||||
|
<location>/carbon/errors/error_503.html</location>
|
||||||
|
</error-page>
|
||||||
|
<error-page>
|
||||||
|
<error-code>504</error-code>
|
||||||
|
<location>/carbon/errors/error_504.html</location>
|
||||||
|
</error-page>
|
||||||
|
|
||||||
|
<error-page>
|
||||||
|
<location>/carbon/errors/error.html</location>
|
||||||
|
</error-page>
|
||||||
|
</web-app>
|
Loading…
Reference in new issue