merge-requests/1/head
Menaka Jayawardena 8 years ago
commit 53843181f7

@ -210,6 +210,7 @@
</outputDirectory>
<excludes>
<exclude>**/broker.xml</exclude>
<exclude>tomcat/carbon/WEB-INF/web.xml</exclude>
<exclude>**/axis2.xml</exclude>
<exclude>**/carbon.xml</exclude>
<exclude>**/cipher-text.properties</exclude>
@ -352,6 +353,12 @@
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/</outputDirectory>
<filtered>true</filtered>
</file>
<file>
<source>src/main/conf/web.xml
</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/tomcat/carbon/WEB-INF/</outputDirectory>
<filtered>true</filtered>
</file>
<file>
<source>src/main/conf/metrics.xml
</source>

@ -0,0 +1,177 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2005-2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app id="WebApp">
<security-constraint>
<display-name>Restrict access to carbon console</display-name>
<web-resource-collection>
<web-resource-name>Restricted Console UI</web-resource-name>
<url-pattern>/carbon/*</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
<!-- OWASP CSRFGuard per-application configuration property file location-->
<context-param>
<param-name>Owasp.CsrfGuard.Config</param-name>
<param-value>repository/conf/security/Owasp.CsrfGuard.Carbon.properties</param-value>
</context-param>
<servlet id="bridge">
<servlet-name>bridgeservlet</servlet-name>
<display-name>Carbon Bridge Servlet</display-name>
<description>Carbon Bridge Servlet</description>
<servlet-class>org.wso2.carbon.tomcat.ext.servlet.DelegationServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- OWASP CSRFGuard servlet that serves dynamic token injection JavaScript-->
<servlet>
<servlet-name>JavaScriptServlet</servlet-name>
<servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>bridgeservlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<!--
This is required if your application bundles expose JSPs.
-->
<servlet-mapping>
<servlet-name>bridgeservlet</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>JavaScriptServlet</servlet-name>
<url-pattern>/carbon/admin/js/csrfPrevention.js</url-pattern>
</servlet-mapping>
<!--This is for performing the character encoding in the JSPs. -->
<filter>
<filter-name>CharsetFilter</filter-name>
<filter-class>org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter</filter-class>
<init-param>
<param-name>requestEncoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<!-- OWASP CSRFGuard filter used to validate CSRF token-->
<filter>
<filter-name>CSRFGuard</filter-name>
<filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
</filter>
<!-- Tomcat http header security filter -->
<filter>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CharsetFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CSRFGuard</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- OWASP CSRFGuard context listener used to read CSRF configuration -->
<listener>
<listener-class>org.owasp.csrfguard.CsrfGuardServletContextListener</listener-class>
</listener>
<!-- OWASP CSRFGuard session listener used to generate per-session CSRF token -->
<listener>
<listener-class>org.owasp.csrfguard.CsrfGuardHttpSessionListener</listener-class>
</listener>
<session-config>
<session-timeout>15</session-timeout>
<cookie-config>
<secure>true</secure>
</cookie-config>
</session-config>
<!-- custom error pages -->
<error-page>
<error-code>400</error-code>
<location>/carbon/errors/error_400.html</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>/carbon/errors/error_401.html</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/carbon/errors/error_403.html</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/carbon/errors/error_404.html</location>
</error-page>
<error-page>
<error-code>405</error-code>
<location>/carbon/errors/error_405.html</location>
</error-page>
<error-page>
<error-code>408</error-code>
<location>/carbon/errors/error_408.html</location>
</error-page>
<error-page>
<error-code>410</error-code>
<location>/carbon/errors/error_410.html</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/carbon/errors/error_500.html</location>
</error-page>
<error-page>
<error-code>502</error-code>
<location>/carbon/errors/error_502.html</location>
</error-page>
<error-page>
<error-code>503</error-code>
<location>/carbon/errors/error_503.html</location>
</error-page>
<error-page>
<error-code>504</error-code>
<location>/carbon/errors/error_504.html</location>
</error-page>
<error-page>
<location>/carbon/errors/error.html</location>
</error-page>
</web-app>

@ -103,9 +103,6 @@
<featureArtifactDef>
org.wso2.carbon.registry:org.wso2.carbon.registry.contentsearch.feature:${carbon.registry.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.registry:org.wso2.carbon.registry.ui.menu.feature:${carbon.registry.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.registry:org.wso2.carbon.registry.resource.properties.feature:${carbon.registry.version}
</featureArtifactDef>
@ -119,7 +116,7 @@
org.wso2.carbon.messaging:org.wso2.carbon.andes.feature:${carbon.messaging.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.multitenancy:org.wso2.carbon.tenant.common.feature:${carbon.multitenancy.version}
org.wso2.carbon.multitenancy:org.wso2.carbon.tenant.common.server.feature:${carbon.multitenancy.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.commons:org.wso2.carbon.tenant.mgt.common.feature:${carbon.commons.version}
@ -136,18 +133,12 @@
<featureArtifactDef>
org.wso2.carbon.identity:org.wso2.carbon.identity.authenticator.saml2.sso.server.feature:${identity.carbon.auth.saml2.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.identity:org.wso2.carbon.identity.authenticator.saml2.sso.ui.feature:${identity.carbon.auth.saml2.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.identity:org.wso2.carbon.user.mgt.feature:${carbon.identity.framework.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.identity:org.wso2.carbon.identity.core.feature:${carbon.identity.framework.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.carbon.identity:org.wso2.carbon.identity.core.ui.feature:${carbon.identity.framework.version}
</featureArtifactDef>
<!--carbon core features -->
<featureArtifactDef>
org.wso2.carbon:org.wso2.carbon.core.feature:${carbon.kernel.version}
@ -161,13 +152,6 @@
<featureArtifactDef>
org.wso2.carbon.metrics:org.wso2.carbon.metrics.feature:${carbon.metrics.version}
</featureArtifactDef>
<!-- mb styles -->
<featureArtifactDef>
org.wso2.mb:org.wso2.mb.styles.feature:${product.mb.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.mb:org.wso2.stratos.mb.dashboard.ui.feature:${product.mb.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.ciphertool:org.wso2.ciphertool.feature:${cipher.tool.version}
</featureArtifactDef>
@ -232,10 +216,6 @@
<id>org.wso2.carbon.registry.core.feature.group</id>
<version>${carbon.registry.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.registry.ui.menu.feature.group</id>
<version>${carbon.registry.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.registry.resource.properties.feature.group
</id>
@ -245,10 +225,6 @@
<id>org.wso2.carbon.wsdl.tools.feature.group</id>
<version>${carbon.commons.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.registry.core.ui.feature.group</id>
<version>${carbon.registry.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.um.ws.service.feature.group</id>
<version>${carbon.um.ws.version}</version>
@ -264,7 +240,7 @@
</feature>
<!-- multitenancy feature groups -->
<feature>
<id>org.wso2.carbon.tenant.common.feature.group</id>
<id>org.wso2.carbon.tenant.common.server.feature.group</id>
<version>${carbon.multitenancy.version}</version>
</feature>
<feature>
@ -281,12 +257,6 @@
<id>org.wso2.carbon.tenant.throttling.agent.feature.group</id>
<version>${carbon.multitenancy.version}</version>
</feature>
<feature>
<id>
org.wso2.carbon.identity.authenticator.saml2.sso.ui.feature.group
</id>
<version>${identity.carbon.auth.saml2.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.user.mgt.feature.group</id>
<version>${carbon.identity.framework.version}</version>
@ -295,10 +265,6 @@
<id>org.wso2.carbon.identity.core.feature.group</id>
<version>${carbon.identity.framework.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.identity.core.ui.feature.group</id>
<version>${carbon.identity.framework.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.messaging.metrics.feature.group</id>
<version>${carbon.messaging.version}</version>
@ -307,15 +273,6 @@
<id>org.wso2.carbon.metrics.feature.group</id>
<version>${carbon.metrics.version}</version>
</feature>
<!-- mb style -->
<feature>
<id>org.wso2.stratos.mb.dashboard.ui.feature.group</id>
<version>${product.mb.version}</version>
</feature>
<feature>
<id>org.wso2.mb.styles.feature.group</id>
<version>${product.mb.version}</version>
</feature>
<!--cipher tool-->
<feature>
<id>org.wso2.ciphertool.feature.group</id>

@ -704,7 +704,7 @@ org.wso2.carbon.server.admin_4.4.3.jar
org.wso2.carbon.service.mgt_4.6.0.jar bundle apache2 6318
org.wso2.carbon.siddhi.metrics.core_2.0.13.alpha.jar bundle apache2 7889
org.wso2.carbon.siddhi.tryit.ui_2.0.13.alpha.jar bundle apache2 7888
org.wso2.carbon.simple.policy.decision.point_1.1.0.SNAPSHOT.jar bundle apache2 7887
org.wso2.carbon.policy.decision.point_1.1.0.SNAPSHOT.jar bundle apache2 7887
org.wso2.carbon.social.core_1.4.1.jar bundle apache2 6316
org.wso2.carbon.social.db.adapter_1.4.1.jar bundle apache2 6315
org.wso2.carbon.social.sql_1.4.1.jar bundle apache2 6314

@ -168,7 +168,7 @@
<classpath refid="maven.compile.classpath" />
<classpath refid="maven.runtime.classpath" />
<fileset file="${basedir}/src/repository/resources/dbscripts/apimgt/h2.sql" />
<fileset file="${basedir}/../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/dbscripts/apimgt/h2.sql"/>
</sql>
<echo message="##################### END ####################" />
</tasks>
@ -196,7 +196,7 @@
<classpath refid="maven.compile.classpath" />
<classpath refid="maven.runtime.classpath" />
<fileset file="${basedir}/src/repository/resources/dbscripts/appmgt/h2.sql" />
<fileset file="${basedir}/../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/dbscripts/appmgt/h2.sql"/>
</sql>
<echo message="##################### END ####################" />
</tasks>
@ -346,6 +346,20 @@ d <exclude name="**/shindig.properties" /
<goal>run</goal>
</goals>
</execution>
<execution>
<id>modify_entitlement_properties</id>
<phase>prepare-package</phase>
<configuration>
<tasks>
<replace token= "PIP.AttributeDesignators.Designator.2=org.wso2.carbon.identity.application.authz.xacml.pip.AuthenticationContextAttributePIP" value="#PIP.AttributeDesignators.Designator.2=org.wso2.carbon.identity.application.authz.xacml.pip.AuthenticationContextAttributePIP" dir="${basedir}/../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/identity/">
<include name="entitlement.properties"/>
</replace>
</tasks>
</configuration>
<goals>
<goal>run</goal>
</goals>
</execution>
</executions>
</plugin>

@ -338,7 +338,7 @@
#end
</inSequence>
<outSequence>
<class name="org.wso2.carbon.apimgt.usage.publisher.APIMgtResponseHandler"/>
<class name="org.wso2.carbon.apimgt.gateway.handlers.analytics.APIMgtResponseHandler"/>
## check and set response caching
#if($responseCacheEnabled)
<cache scope="per-host" collector="true"/>

@ -1,5 +1,5 @@
<sequence name="_throttle_out_handler_" xmlns="http://ws.apache.org/ns/synapse">
<property name="X-JWT-Assertion" scope="transport" action="remove"/>
<class name="org.wso2.carbon.apimgt.usage.publisher.APIMgtThrottleUsageHandler"/>
<class name="org.wso2.carbon.apimgt.gateway.handlers.analytics.APIMgtThrottleUsageHandler"/>
<sequence key="_cors_request_handler_"/>
</sequence>

@ -113,6 +113,7 @@
<exclude>**/conf/log4j.properties</exclude>
<exclude>**/repository/conf/security/Owasp.CsrfGuard.Carbon.properties</exclude>
<exclude>**/repository/components/plugins/httpclient_4.3.2.wso2v1.jar</exclude>
<exclude>**/conf/tomcat/carbon/WEB-INF/web.xml</exclude>
</excludes>
</fileSet>
@ -297,9 +298,7 @@
<!-- Copying API management related dbscripts -->
<fileSet>
<directory>
src/repository/resources/dbscripts/apimgt
</directory>
<directory>../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/dbscripts/apimgt</directory>
<outputDirectory>${pom.artifactId}-${pom.version}/dbscripts/apimgt</outputDirectory>
<includes>
<include>*/**</include>
@ -701,6 +700,11 @@
</dependencySets>
<files>
<file>
<source>src/repository/conf/tomcat/carbon/WEB-INF/web.xml</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/tomcat/carbon/WEB-INF</outputDirectory>
<fileMode>755</fileMode>
</file>
<file>
<source>src/repository/bin/wso2server.sh</source>
<outputDirectory>${pom.artifactId}-${pom.version}/bin</outputDirectory>
@ -840,6 +844,12 @@
<filtered>true</filtered>
<fileMode>644</fileMode>
</file>
<file>
<source>../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/identity/oidc-scope-config.xml</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/identity/</outputDirectory>
<filtered>true</filtered>
<fileMode>644</fileMode>
</file>
<file>
<source>src/repository/conf/identity/identity.xml</source>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/identity

@ -162,7 +162,7 @@ set CARBON_CLASSPATH=.\lib;%CARBON_CLASSPATH%
set JAVA_ENDORSED=".\lib\endorsed";"%JAVA_HOME%\jre\lib\endorsed";"%JAVA_HOME%\lib\endorsed"
set CMD_LINE_ARGS=-Xbootclasspath/a:%CARBON_XBOOTCLASSPATH% -Xms256m -Xmx1024m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="%CARBON_HOME%\repository\logs\heap-dump.hprof" -Dcom.sun.management.jmxremote -classpath %CARBON_CLASSPATH% %JAVA_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED% -Dcarbon.registry.root=/ -Dcarbon.home="%CARBON_HOME%" -Dlogger.server.name="IoT-Core" -Dwso2.server.standalone=true -Djava.command="%JAVA_HOME%\bin\java" -Djava.opts="%JAVA_OPTS%" -Djava.io.tmpdir="%CARBON_HOME%\tmp" -Dcatalina.base="%CARBON_HOME%\lib\tomcat" -Dwso2.carbon.xml=%CARBON_HOME%\repository\conf\carbon.xml -Dwso2.registry.xml="%CARBON_HOME%\repository\conf\registry.xml" -Dwso2.user.mgt.xml="%CARBON_HOME%\repository\conf\user-mgt.xml" -Dwso2.transports.xml="%CARBON_HOME%\repository\conf\mgt-transports.xml" -Djava.util.logging.config.file="%CARBON_HOME%\repository\conf\etc\logging-bridge.properties" -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcarbon.config.dir.path="%CARBON_HOME%\repository\conf" -Dcomponents.repo="%CARBON_HOME%\repository\components" -Dconf.location="%CARBON_HOME%\repository\conf" -Dcom.atomikos.icatch.file="%CARBON_HOME%\lib\transactions.properties" -Dcom.atomikos.icatch.hide_init_file_path="true" -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dcom.sun.jndi.ldap.connect.pool.authentication=simple -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 -Dorg.terracotta.quartz.skipUpdateCheck=true -Dcarbon.classpath=%CARBON_CLASSPATH% -Dfile.encoding=UTF8 -Dorg.wso2.ignoreHostnameVerification=true
set CMD_LINE_ARGS=-Xbootclasspath/a:%CARBON_XBOOTCLASSPATH% -Xms256m -Xmx1024m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="%CARBON_HOME%\repository\logs\heap-dump.hprof" -Dcom.sun.management.jmxremote -classpath %CARBON_CLASSPATH% %JAVA_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED% -Dcarbon.registry.root=/ -Dcarbon.home="%CARBON_HOME%" -Dlogger.server.name="IoT-Core" -Dwso2.server.standalone=true -Djava.command="%JAVA_HOME%\bin\java" -Djava.opts="%JAVA_OPTS%" -Djava.io.tmpdir="%CARBON_HOME%\tmp" -Dcatalina.base="%CARBON_HOME%\lib\tomcat" -Dwso2.carbon.xml=%CARBON_HOME%\repository\conf\carbon.xml -Dwso2.registry.xml="%CARBON_HOME%\repository\conf\registry.xml" -Dwso2.user.mgt.xml="%CARBON_HOME%\repository\conf\user-mgt.xml" -Dwso2.transports.xml="%CARBON_HOME%\repository\conf\mgt-transports.xml" -Djava.util.logging.config.file="%CARBON_HOME%\repository\conf\etc\logging-bridge.properties" -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcarbon.config.dir.path="%CARBON_HOME%\repository\conf" -Dcomponents.repo="%CARBON_HOME%\repository\components" -Dconf.location="%CARBON_HOME%\repository\conf" -Dcom.atomikos.icatch.file="%CARBON_HOME%\lib\transactions.properties" -Dcom.atomikos.icatch.hide_init_file_path="true" -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dcom.sun.jndi.ldap.connect.pool.authentication=simple -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 -Dorg.terracotta.quartz.skipUpdateCheck=true -Dcarbon.classpath=%CARBON_CLASSPATH% -Dfile.encoding=UTF8 -Dorg.wso2.ignoreHostnameVerification=true -Dorg.opensaml.httpclient.https.disableHostnameVerification=true
:runJava
echo JAVA_HOME environment variable is set to %JAVA_HOME%

@ -306,6 +306,7 @@ do
-Dcom.ibm.cacheLocalHost=true \
-DworkerNode=false \
-Dorg.wso2.ignoreHostnameVerification=true \
-Dorg.opensaml.httpclient.https.disableHostnameVerification=true \
org.wso2.carbon.bootstrap.Bootstrap $*
status=$?
done

@ -202,7 +202,7 @@
-->
<APIKeyValidator>
<!-- Server URL of the API key manager -->
<ServerURL>https://localhost:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
<ServerURL>https://${carbon.local.ip}:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
<!-- Admin username for API key manager. -->
<Username>${admin.username}</Username>

@ -43,6 +43,10 @@
<MaxRetries>5</MaxRetries>
<MinRetriesToMarkUnreachable>8</MinRetriesToMarkUnreachable>
<MinRetriesToMarkInactive>20</MinRetriesToMarkInactive>
<!--Set the policy evaluation point name (Simple/Merged)-->
<!--Simple - Simple policy evaluation point-->
<!--Merged - Merged policy evaluation point -->
<PolicyEvaluationPoint>Simple</PolicyEvaluationPoint>
</PolicyConfiguration>
<TaskConfiguration>
<Enable>true</Enable>

@ -1,3 +1,21 @@
#
# Copyright (c) 2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
PDP.Enable=true
PAP.Enable=true
PDP.DecisionCaching.Enable=true
@ -12,7 +30,13 @@ PDP.Balana.Config.Enable=false
PDP.Multiple.Decision.Profile.Enable=true
PDP.Global.Policy.Combining.Algorithm=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides
PAP.Policy.Add.Start.Enable=false
#PAP.Policy.Add.Start.Policy.File.Path=
PAP.Items.Per.Page=10
PDP.Registry.Level.Policy.Cache.Clear=false
PDP.PolicyCaching.CachingInterval=100
Entitlement.Engine.CachingInterval=100000
PDP.References.MaxPolicyEntries=3000
#PDP.Extensions.Extension.1=your.extension.class.name
@ -20,6 +44,7 @@ PAP.Items.Per.Page=10
#PDP.Policy.Store=org.wso2.carbon.identity.entitlement.policy.store.CarbonRegistryPolicyStore
PIP.AttributeDesignators.Designator.1=org.wso2.carbon.identity.entitlement.pip.DefaultAttributeFinder
#PIP.AttributeDesignators.Designator.2=org.wso2.carbon.identity.application.authz.xacml.pip.AuthenticationContextAttributePIP
PIP.ResourceFinders.Finder.1=org.wso2.carbon.identity.entitlement.pip.DefaultResourceFinder
PAP.Entitlement.Data.Finder.1=org.wso2.carbon.identity.entitlement.pap.CarbonEntitlementDataFinder

@ -450,15 +450,15 @@ org.owasp.csrfguard.configOverlay.secondsBetweenUpdateChecks = 60
org.owasp.csrfguard.unprotected.Services=%servletContext%/services/*
org.owasp.csrfguard.unprotected.oauth=%servletContext%/commonauth/*
org.owasp.csrfguard.unprotected.samlsso=%servletContext%/samlsso/*
org.owasp.csrfguard.unprotected.authenticationendpoint=%servletContext%/authenticationendpoint/*
org.owasp.csrfguard.unprotected.authenticationEndpoint=%servletContext%/authenticationendpoint/*
org.owasp.csrfguard.unprotected.wso2=%servletContext%/wso2/*
org.owasp.csrfguard.unprotected.oauth2=%servletContext%/oauth2/*
org.owasp.csrfguard.unprotected.openid=%servletContext%/openid/*
org.owasp.csrfguard.unprotected.openidserver=%servletContext%/openidserver/*
org.owasp.csrfguard.unprotected.openId=%servletContext%/openid/*
org.owasp.csrfguard.unprotected.openIdServer=%servletContext%/openidserver/*
org.owasp.csrfguard.unprotected.passivests=%servletContext%/passivests/*
org.owasp.csrfguard.unprotected.thrift=%servletContext%/thriftAuthenticator/*
org.owasp.csrfguard.unprotected.publisher.rest.api=%servletContext%/api/appm/publisher/*
org.owasp.csrfguard.unprotected.store.rest.api=%servletContext%/api/appm/store/*
org.owasp.csrfguard.unprotected.certificate.mgt.rest.api=%servletContext%/api/certificate-mgt/*
org.owasp.csrfguard.unprotected.device.mgt.rest.api=%servletContext%/api/device-mgt/*
org.owasp.csrfguard.unprotected.dcr.rest.api=%servletContext%/dynamic-client-web/*
org.owasp.csrfguard.unprotected.publisherRestApi=%servletContext%/api/appm/publisher/*
org.owasp.csrfguard.unprotected.storeRestApi=%servletContext%/api/appm/store/*
org.owasp.csrfguard.unprotected.certificateMgtRestApi=%servletContext%/api/certificate-mgt/*
org.owasp.csrfguard.unprotected.deviceMgtRestApi=%servletContext%/api/device-mgt/*
org.owasp.csrfguard.unprotected.dcrRestApi=%servletContext%/dynamic-client-web/*

@ -0,0 +1,185 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app id="WebApp">
<!-- OWASP CSRFGuard per-application configuration property file location-->
<context-param>
<param-name>Owasp.CsrfGuard.Config</param-name>
<param-value>repository/conf/security/Owasp.CsrfGuard.Carbon.properties</param-value>
</context-param>
<servlet id="bridge">
<servlet-name>bridgeservlet</servlet-name>
<display-name>Carbon Bridge Servlet</display-name>
<description>Carbon Bridge Servlet</description>
<servlet-class>org.wso2.carbon.tomcat.ext.servlet.DelegationServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- OWASP CSRFGuard servlet that serves dynamic token injection JavaScript-->
<servlet>
<servlet-name>JavaScriptServlet</servlet-name>
<servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>bridgeservlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<!--
This is required if your application bundles expose JSPs.
-->
<servlet-mapping>
<servlet-name>bridgeservlet</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>JavaScriptServlet</servlet-name>
<url-pattern>/carbon/admin/js/csrfPrevention.js</url-pattern>
</servlet-mapping>
<!--This is for performing the character encoding in the JSPs. -->
<filter>
<filter-name>CharsetFilter</filter-name>
<filter-class>org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter</filter-class>
<init-param>
<param-name>requestEncoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<!-- OWASP CSRFGuard filter used to validate CSRF token-->
<filter>
<filter-name>CSRFGuard</filter-name>
<filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
</filter>
<!-- Tomcat http header security filter -->
<filter>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
<filter>
<filter-name>HttpHeaderSecurityFilter_AntiClickJacking_SpecialURL</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<!-- Disable other headers except X-Frame-Options (not required, but enhances performance)-->
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>blockContentTypeSniffingEnabled</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>xssProtectionEnabled</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
<filter>
<filter-name>URLBasedCachePreventionFilter</filter-name>
<filter-class>org.wso2.carbon.ui.filters.cache.URLBasedCachePreventionFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>HttpHeaderSecurityFilter_AntiClickJacking_SpecialURL</filter-name>
<url-pattern>/samlsso</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CharsetFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CSRFGuard</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>URLBasedCachePreventionFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<!-- OWASP CSRFGuard context listener used to read CSRF configuration -->
<listener>
<listener-class>org.owasp.csrfguard.CsrfGuardServletContextListener</listener-class>
</listener>
<!-- OWASP CSRFGuard session listener used to generate per-session CSRF token -->
<listener>
<listener-class>org.owasp.csrfguard.CsrfGuardHttpSessionListener</listener-class>
</listener>
<session-config>
<session-timeout>15</session-timeout>
<cookie-config>
<secure>true</secure>
</cookie-config>
</session-config>
<!-- custom error pages -->
<error-page>
<error-code>400</error-code>
<location>/carbon/errors/error_400.html</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>/carbon/errors/error_401.html</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/carbon/errors/error_403.html</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/carbon/errors/error_404.html</location>
</error-page>
<error-page>
<error-code>405</error-code>
<location>/carbon/errors/error_405.html</location>
</error-page>
<error-page>
<error-code>408</error-code>
<location>/carbon/errors/error_408.html</location>
</error-page>
<error-page>
<error-code>410</error-code>
<location>/carbon/errors/error_410.html</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/carbon/errors/error_500.html</location>
</error-page>
<error-page>
<error-code>502</error-code>
<location>/carbon/errors/error_502.html</location>
</error-page>
<error-page>
<error-code>503</error-code>
<location>/carbon/errors/error_503.html</location>
</error-page>
<error-page>
<error-code>504</error-code>
<location>/carbon/errors/error_504.html</location>
</error-page>
<error-page>
<location>/carbon/errors/error.html</location>
</error-page>
</web-app>

File diff suppressed because it is too large Load Diff

@ -825,19 +825,19 @@
<version>${joda-time.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
<artifactId>org.wso2.carbon.identity.oauth.stub</artifactId>
<version>${carbon.identity.version}</version>
<version>${identity.inbound.auth.oauth.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
<artifactId>org.wso2.carbon.identity.oauth.dto</artifactId>
<version>${carbon.identity.version}</version>
<version>${identity.inbound.auth.oauth.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity</groupId>
<groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
<artifactId>org.wso2.carbon.identity.oauth</artifactId>
<version>${carbon.identity.version}</version>
<version>${identity.inbound.auth.oauth.version}</version>
</dependency>
<!-- Tomcat dependencies -->
<dependency>
@ -1274,36 +1274,16 @@
<artifactId>servlet-api</artifactId>
<version>${servlet-api.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.iot</groupId>
<artifactId>org.wso2.stratos.mb.dashboard.ui</artifactId>
<version>${product.iot.broker.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.ui.menu.stratos</artifactId>
<version>${carbon.ui.menu.stratos.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.iot</groupId>
<artifactId>org.wso2.stratos.mb.deployment</artifactId>
<version>${product.iot.broker.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.iot</groupId>
<artifactId>org.wso2.stratos.mb.login.ui</artifactId>
<version>${product.iot.broker.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.iot</groupId>
<artifactId>org.wso2.iot.broker.styles</artifactId>
<version>${product.iot.broker.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.iot</groupId>
<artifactId>org.wso2.stratos.mb.styles</artifactId>
<version>${product.iot.broker.version}</version>
</dependency>
<!--Dependencies for integration tests -->
<dependency>
<groupId>org.wso2.iot</groupId>
@ -1516,18 +1496,23 @@
<!-- Carbon Identity -->
<carbon.identity.framework.version>5.2.0</carbon.identity.framework.version>
<carbon.identity.framework.version.iotcore>5.6.89</carbon.identity.framework.version.iotcore>
<carbon.identity.framework.version.range>[5.2.0, 6.0.0)</carbon.identity.framework.version.range>
<identity.local.auth.basicauth.version>5.1.1</identity.local.auth.basicauth.version>
<identity.local.auth.basicauth.version.iotcore>5.2.4</identity.local.auth.basicauth.version.iotcore>
<identity.inbound.auth.openid.version>5.1.1</identity.inbound.auth.openid.version>
<identity.inbound.auth.saml.version>5.1.1</identity.inbound.auth.saml.version>
<identity.inbound.auth.saml.version.iotcore>5.2.14</identity.inbound.auth.saml.version.iotcore>
<identity.carbon.auth.saml2.version>5.1.3</identity.carbon.auth.saml2.version>
<identity.carbon.auth.saml2.version.iotcore>5.1.6</identity.carbon.auth.saml2.version.iotcore>
<identity.inbound.auth.oauth.version>5.1.2</identity.inbound.auth.oauth.version>
<identity.inbound.auth.oauth.version.iotcore>5.2.33</identity.inbound.auth.oauth.version.iotcore>
<identity.carbon.auth.mutual.ssl.version>5.1.1</identity.carbon.auth.mutual.ssl.version>
<identity.user.ws.version>5.1.2</identity.user.ws.version>
<identity.outbound.auth.requestpath.basicauth.version>5.1.1
</identity.outbound.auth.requestpath.basicauth.version>
<identity.user.ws.version>5.1.3</identity.user.ws.version>
<identity.outbound.auth.requestpath.basicauth.version>5.1.1</identity.outbound.auth.requestpath.basicauth.version>
<identity.outbound.auth.requestpath.oauth.version>5.1.1</identity.outbound.auth.requestpath.oauth.version>
<identity.outbound.auth.samlsso.version>5.1.2</identity.outbound.auth.samlsso.version>
<identity.outbound.auth.samlsso.version>5.1.4</identity.outbound.auth.samlsso.version>
<identity.metadata.saml2>0.1.3</identity.metadata.saml2>
<!--JWT grant type extension feature-->
<identity.jwt.extension.version>1.0.2</identity.jwt.extension.version>
@ -1537,8 +1522,9 @@
<!-- Carbon Registry -->
<carbon.registry.version>4.5.8</carbon.registry.version>
<carbon.registry.version.iotcore>4.6.0</carbon.registry.version.iotcore>
<!-- Carbon Governance -->
<carbon.governance.version>4.6.5</carbon.governance.version>
<carbon.governance.version>4.7.0</carbon.governance.version>
<!-- Carbon Device Management -->
<carbon.device.mgt.version>2.0.4-SNAPSHOT</carbon.device.mgt.version>
@ -1551,14 +1537,14 @@
<carbon.device.mgt.plugin.version>3.0.4-SNAPSHOT</carbon.device.mgt.plugin.version>
<!-- API Management -->
<carbon.api.mgt.version>6.0.5</carbon.api.mgt.version>
<carbon.api.mgt.version>6.1.2</carbon.api.mgt.version>
<carbon.api.mgt.version.range>(5.0.0,7.0.0]</carbon.api.mgt.version.range>
<!-- Carbon Mediation -->
<carbon.mediation.version>4.6.6</carbon.mediation.version>
<carbon.mediation.version>4.6.9</carbon.mediation.version>
<!-- Carbon Analytics Common (DAS) -->
<carbon.analytics.common.version>5.1.5-SNAPSHOT</carbon.analytics.common.version>
<carbon.analytics.common.version>5.1.5</carbon.analytics.common.version>
<carbon.analytics.version>1.3.0</carbon.analytics.version>
<carbon.analytics.das.version>1.3.0</carbon.analytics.das.version>
<product.iot.analytics.version>${product.iot.version}</product.iot.analytics.version>
@ -1655,7 +1641,7 @@
<caramel.version>1.0.1</caramel.version>
<!-- App manager version-->
<appmgt.feature.version>1.2.8</appmgt.feature.version>
<appmgt.feature.version>1.2.9</appmgt.feature.version>
<!-- Carbon Store version-->
<carbon.store.version>1.4.4</carbon.store.version>

Loading…
Cancel
Save