Merge pull request #465 from harshanL/release-2.0.x

Added security filters to devicemgt jaggery app
8 years ago · 631ea6e80f
parent 24c0966dce b4eb86e985
commit 631ea6e80f
1 changed files with 48 additions and 1 deletions
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf
@ -55,5 +55,52 @@
      "url": "/api/operation/*",
      "path": "/api/operation-api.jag"
    }
-  ]
+  ],
+  "filters": [
+      {
+        "name": "URLBasedCachePreventionFilter",
+        "class": "org.wso2.carbon.ui.filters.cache.URLBasedCachePreventionFilter"
+      },
+      {
+        "name":"HttpHeaderSecurityFilter",
+        "class":"org.apache.catalina.filters.HttpHeaderSecurityFilter",
+        "params" : [{"name" : "hstsEnabled", "value" : "false"}]
+      }
+    ],
+    "filterMappings": [
+      {
+        "name": "URLBasedCachePreventionFilter",
+        "url": "/api/*"
+      },
+      {
+        "name":"HttpHeaderSecurityFilter",
+         "url":"*"
+      }
+    ],
+    "listeners" : [
+        {
+          "class" : "org.owasp.csrfguard.CsrfGuardServletContextListener"
+        },
+        {
+          "class" : "org.owasp.csrfguard.CsrfGuardHttpSessionListener"
+        }
+      ],
+      "servlets" : [
+        {
+          "name" : "JavaScriptServlet",
+          "class" : "org.owasp.csrfguard.servlet.JavaScriptServlet"
+        }
+      ],
+      "servletMappings" : [
+        {
+          "name" : "JavaScriptServlet",
+          "url" : "/csrf.js"
+        }
+      ],
+      "contextParams" : [
+        {
+          "name" : "Owasp.CsrfGuard.Config",
+          "value" : "/repository/conf/security/Owasp.CsrfGuard.Carbon.properties"
+        }
+      ]
 }