From 121c289b39ab0988e978f457d714f1dab243739f Mon Sep 17 00:00:00 2001 From: megala21 Date: Thu, 27 Apr 2017 17:36:10 +0530 Subject: [PATCH 1/3] Adding security filters to web.xml --- .../src/main/webapp/WEB-INF/web.xml | 37 ++++++++++++++ .../src/main/webapp/WEB-INF/web.xml | 36 ++++++++++++++ .../src/main/webapp/WEB-INF/web.xml | 49 +++++++++++++++++-- 3 files changed, 117 insertions(+), 5 deletions(-) diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml index 3a900cd914d..823bf51d731 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml @@ -59,6 +59,43 @@ ApiPermissionFilter org.wso2.carbon.apimgt.application.extension.api.filter.ApiPermissionFilter + + + HttpHeaderSecurityFilter + org.apache.catalina.filters.HttpHeaderSecurityFilter + + hstsEnabled + false + + + + + ContentTypeBasedCachePreventionFilter + org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter + + patterns + text/html" ,application/json" ,text/plain + + + filterAction + enforce + + + httpHeaders + Cache-Control: no-store, no-cache, must-revalidate, private + + + + + HttpHeaderSecurityFilter + /* + + + + ContentTypeBasedCachePreventionFilter + /* + + ApiPermissionFilter /* diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/WEB-INF/web.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/WEB-INF/web.xml index 58aa02917c4..6fd45f33b32 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/WEB-INF/web.xml +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/WEB-INF/web.xml @@ -52,4 +52,40 @@ true + + HttpHeaderSecurityFilter + org.apache.catalina.filters.HttpHeaderSecurityFilter + + hstsEnabled + false + + + + + ContentTypeBasedCachePreventionFilter + org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter + + patterns + text/html" ,application/json" ,text/plain + + + filterAction + enforce + + + httpHeaders + Cache-Control: no-store, no-cache, must-revalidate, private + + + + + HttpHeaderSecurityFilter + /* + + + + ContentTypeBasedCachePreventionFilter + /* + + diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/web.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/web.xml index 1d59c04b173..ca08169c8c5 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/web.xml +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/web.xml @@ -16,7 +16,9 @@ ~ specific language governing permissions and limitations ~ under the License. --> - + Certificate-Webapp JAX-WS/JAX-RS Certificate Management Endpoint @@ -52,10 +54,10 @@ managed-api-owner admin - - isSharedWithAllTenants - true - + + isSharedWithAllTenants + true + @@ -71,6 +73,43 @@ ApiOriginFilter org.wso2.carbon.certificate.mgt.cert.jaxrs.api.util.ApiOriginFilter + + + HttpHeaderSecurityFilter + org.apache.catalina.filters.HttpHeaderSecurityFilter + + hstsEnabled + false + + + + + ContentTypeBasedCachePreventionFilter + org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter + + patterns + text/html" ,application/json" ,text/plain + + + filterAction + enforce + + + httpHeaders + Cache-Control: no-store, no-cache, must-revalidate, private + + + + + HttpHeaderSecurityFilter + /* + + + + ContentTypeBasedCachePreventionFilter + /* + + ApiOriginFilter /* From 45603486979fb31d39e71abf4cc8558721a39e61 Mon Sep 17 00:00:00 2001 From: megala21 Date: Thu, 27 Apr 2017 23:21:29 +0530 Subject: [PATCH 2/3] Fixing isses in authentication --- .../src/main/webapp/WEB-INF/web.xml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml index 823bf51d731..0b53726a421 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml @@ -39,11 +39,6 @@ doAuthentication true - - - basicAuth - true - From 47ce861b49865d79dca2d807766926a7131399e6 Mon Sep 17 00:00:00 2001 From: megala21 Date: Fri, 28 Apr 2017 10:01:54 +0530 Subject: [PATCH 3/3] Fixing basic authenticator issue --- .../src/main/webapp/WEB-INF/web.xml | 5 +++++ .../framework/authenticator/BasicAuthAuthenticator.java | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml index 0b53726a421..823bf51d731 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml @@ -39,6 +39,11 @@ doAuthentication true + + + basicAuth + true + diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java index f384efe6f52..7de0e8c3375 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java @@ -161,7 +161,7 @@ public class BasicAuthAuthenticator implements WebappAuthenticator { private boolean isAuthenticationSupported(Request request) { String param = request.getContext().findParameter("basicAuth"); - return (param == null || !Boolean.parseBoolean(param)); + return (param != null && Boolean.parseBoolean(param)); } }