rajitha
/
product-iots
forked from community/product-iots
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added jaggery.conf and web apps with correct security filters / filter mappings

Browse Source
application-manager-new
Maninda 8 years ago
parent df3a2deeea
commit 12b1672208
7 changed files with 1021 additions and 0 deletions
Show Stats Download Patch File Download Diff File

59
modules/core/distribution/src/assembly/bin.xml
Unescape View File

@ -551,6 +551,23 @@
</includes>
</fileSet>
<fileSet>
<directory>src/repository/resources/web-apps</directory>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/webapps</outputDirectory>
<includes>
<include>api-application-registration.war</include>
<include>api#device-mgt#v1.0.war</include>
<include>api#scep-mgt#v1.0.war</include>
<include>client-registration#v0.11.war</include>
<include>secured-websocket.war</include>
<include>api#certificate-mgt#v1.0.war</include>
<include>api#identity#entitlement.war</include>
<include>authenticationendpoint.war</include>
<include>oauth2.war</include>
<include>shindig.war</include>
</includes>
</fileSet>
<fileSet>
<directory>../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/deployment/server/jaggeryapps/social/</directory>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/social</outputDirectory>
@ -1265,5 +1282,47 @@
<filtered>true</filtered>
<fileMode>644</fileMode>
</file>
<file>
<source>src/repository/jaggeryapps/api-store/jaggery.conf</source>
<outputDirectory>
${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/api-store/
</outputDirectory>
<fileMode>755</fileMode>
</file>
<file>
<source>src/repository/jaggeryapps/devicemgt/jaggery.conf</source>
<outputDirectory>
${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/devicemgt/
</outputDirectory>
<fileMode>755</fileMode>
</file>
<file>
<source>src/repository/jaggeryapps/portal/jaggery.conf</source>
<outputDirectory>
${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/
</outputDirectory>
<fileMode>755</fileMode>
</file>
<file>
<source>src/repository/jaggeryapps/publisher/jaggery.conf</source>
<outputDirectory>
${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/publisher/
</outputDirectory>
<fileMode>755</fileMode>
</file>
<file>
<source>src/repository/jaggeryapps/social/jaggery.conf</source>
<outputDirectory>
${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/social/
</outputDirectory>
<fileMode>755</fileMode>
</file>
<file>
<source>src/repository/jaggeryapps/store/jaggery.conf</source>
<outputDirectory>
${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/store/
</outputDirectory>
<fileMode>755</fileMode>
</file>
</files>
</assembly>

86
modules/core/distribution/src/repository/jaggeryapps/api-store/jaggery.conf
Unescape View File

@ -0,0 +1,86 @@
{
"welcomeFiles":["site/pages/list-apis.jag", "index.html"],
"logLevel" : "info",
"errorPages":
{
"401":"/site/pages/error-pages/401.html",
"403":"/site/pages/error-pages/403.html",
"404":"/site/pages/error-pages/404.html",
"500":"/site/pages/error-pages/500.html"
}
,
"securityConstraints":[
{
"securityConstraint":{
"webResourceCollection":{
"name":"site",
"urlPatterns":["/site/conf/site.json"],
"methods":["GET", "POST", "PUT", "DELETE", "PATCH"]
},
"authRoles":["admin"]
}
}
],
"urlMappings":[
{
"url":"/apis/info",
"path":"/site/pages/item-info.jag"
},
{
"url":"/apis/widget",
"path":"/site/pages/widget.jag"
},
{
"url":"/apis/list",
"path":"/site/pages/list-apis.jag"
},
{
"url":"/forum/api/topic/*",
"path":"/site/blocks/forum/controller/topics.jag"
},
{
"url":"/forum/api/reply/*",
"path":"/site/blocks/forum/controller/reply.jag"
},
{
"url":"/forum/*",
"path":"/site/pages/forum.jag"
},
{
"url":"/api-docs/*",
"path":"/site/blocks/api-doc/ajax/get.jag"
}
],
"filters":[
{
"name":"HttpHeaderSecurityFilter",
"class":"org.apache.catalina.filters.HttpHeaderSecurityFilter",
"params" : [{"name" : "hstsEnabled", "value" : "false"}]
},
{
"name": "ContentTypeBasedCachePreventionFilter",
"class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
"params" : [
{"name" : "patterns", "value" : "text/html"},
{"name" : "filterAction", "value" : "enforce"},
{"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"}
]
}
],
"filterMappings":[
{
"name":"HttpHeaderSecurityFilter",
"url":"*"
},
{
"name":"ContentTypeBasedCachePreventionFilter",
"url":"*"
}
]
}

129
modules/core/distribution/src/repository/jaggeryapps/devicemgt/jaggery.conf
Unescape View File

@ -0,0 +1,129 @@
{
"displayName": "Carbon Device Management App",
"logLevel": "info",
"initScripts": ["/app/modules/init.js"],
"urlMappings": [
{
"url": "/api/devices/*",
"path": "/api/device-api.jag"
},
{
"url": "/api/groups/*",
"path": "/api/group-api.jag"
},
{
"url": "/api/policies/*",
"path": "/api/policy-api.jag"
},
{
"url": "/api/user/*",
"path": "/api/user-api.jag"
},
{
"url": "/api/invoker/*",
"path": "/api/invoker-api.jag"
},
{
"url": "/uuf/login",
"path": "/lib/modules/auth/login.jag"
},
{
"url": "/uuf/logout",
"path": "/lib/modules/auth/logout.jag"
},
{
"url": "/uuf/sso/acs",
"path": "/lib/modules/auth/acs.jag"
},
{
"url": "/public/*",
"path": "/lib/static-files.jag"
},
{
"url": "/unit/*",
"path": "/lib/units.jag"
},
{
"url": "/*",
"path": "/lib/pages.jag"
},
{
"url": "/api/data-tables/invoker",
"path": "/api/data-tables-invoker-api.jag"
},
{
"url": "/api/operation/*",
"path": "/api/operation-api.jag"
}
],
"errorPages": {
"500": "/error-pages/error500.html",
"404": "/error-pages/error404.html",
"401": "/error-pages/error401.html",
"405": "/error-pages/error405.html",
"403": "/error-pages/error403.html",
"400": "/error-pages/error400.html"
},
"filters": [
{
"name": "ContentTypeBasedCachePreventionFilter",
"class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
"params" : [
{"name" : "patterns", "value" : "text/html\" ,application/json\" ,text/plain"},
{"name" : "filterAction", "value" : "enforce"},
{"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"}
]
},
{
"name":"HttpHeaderSecurityFilter",
"class":"org.apache.catalina.filters.HttpHeaderSecurityFilter",
"params" : [{"name" : "hstsEnabled", "value" : "false"}]
},
{
"name" : "CSRFGuard",
"class" : "org.owasp.csrfguard.CsrfGuardFilter"
}
],
"filterMappings": [
{
"name":"HttpHeaderSecurityFilter",
"url":"*"
},
{
"name" : "CSRFGuard",
"url" : "/*"
},
{
"name":"ContentTypeBasedCachePreventionFilter",
"url":"*"
}
],
"listeners" : [
{
"class" : "org.owasp.csrfguard.CsrfGuardServletContextListener"
},
{
"class" : "org.owasp.csrfguard.CsrfGuardHttpSessionListener"
}
],
"servlets" : [
{
"name" : "JavaScriptServlet",
"class" : "org.owasp.csrfguard.servlet.JavaScriptServlet"
}
],
"servletMappings" : [
{
"name" : "JavaScriptServlet",
"url" : "/csrf.js"
}
],
"contextParams" : [
{
"name" : "Owasp.CsrfGuard.Config",
"value" : "repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
}
]
}

195
modules/core/distribution/src/repository/jaggeryapps/portal/jaggery.conf
Unescape View File

@ -0,0 +1,195 @@
{
"initScripts": [
"js/dashboard-deployer.js"
],
"welcomeFiles": [
"routers/tenant.jag"
],
"errorPages": {
"500": "/controllers/error-pages/error500.html",
"404": "/controllers/error-pages/error404.html",
"401": "/controllers/error-pages/error401.html",
"405": "/controllers/error-pages/error405.html",
"403": "/controllers/error-pages/error403.html",
"400": "/controllers/error-pages/error400.html"
},
"urlMappings": [
{
"url": "/login-controller",
"path": "/routers/tenant.jag"
},
{
"url": "/login",
"path": "/routers/tenant.jag"
},
{
"url": "/logout",
"path": "/routers/tenant.jag"
},
{
"url": "/t/*",
"path": "/routers/tenant.jag"
},
{
"url": "/apis/*",
"path": "/routers/tenant.jag"
},
{
"url": "/dashboards/*",
"path": "/routers/tenant.jag"
},
{
"url": "/gadget/*",
"path": "/routers/tenant.jag"
},
{
"url": "/layout/*",
"path": "/routers/tenant.jag"
},
{
"url": "/assets/*",
"path": "/routers/tenant.jag"
},
{
"url": "/create-dashboard",
"path": "/routers/tenant.jag"
},
{
"url": "/dashboard-settings/*",
"path": "/routers/tenant.jag"
},
{
"url": "/select-layout",
"path": "/routers/tenant.jag"
},
{
"url": "/create-gadget",
"path": "/routers/tenant.jag"
},
{
"url": "/upload-gadget",
"path": "/routers/tenant.jag"
},
{
"url": "/upload-layout",
"path": "/routers/tenant.jag"
},
{
"url": "/geojson/world/*",
"path": "/templates/geojson/world.json"
},
{
"url": "/geojson/europe/*",
"path": "/templates/geojson/europe.json"
},
{
"url": "/geojson/usa/*",
"path": "/templates/geojson/usa.json"
},
{
"url": "/geojson/countryInfo/*",
"path": "/templates/geojson/countryInfo.json"
},
{
"url": "/geojson/usaInfo/*",
"path": "/templates/geojson/usaInfo.json"
},
{
"url": "/acs",
"path": "/controllers/acs.jag"
},
{
"url": "/banners/*",
"path": "/routers/tenant.jag"
},
{
"url": "/gadgets/*",
"path": "/routers/tenant.jag"
},
{
"url": "/configs/designer.json",
"path": "/controllers/error-pages/error404.html"
}
],
"listeners": [
{
"class": "org.owasp.csrfguard.CsrfGuardServletContextListener"
},
{
"class": "org.owasp.csrfguard.CsrfGuardHttpSessionListener"
}
],
"servlets": [
{
"name": "JavaScriptServlet",
"class": "org.owasp.csrfguard.servlet.JavaScriptServlet"
}
],
"servletMappings": [
{
"name": "JavaScriptServlet",
"url": "/csrf.js"
}
],
"contextParams": [
{
"name": "Owasp.CsrfGuard.Config",
"value": "repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
}
],
"filters": [
{
"name": "ContentTypeBasedCachePreventionFilter",
"class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
"params" : [
{"name" : "patterns", "value" : "text/html\" ,application/json\" ,text/plain"},
{"name" : "filterAction", "value" : "enforce"},
{"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"}
]
},
{
"name": "HttpHeaderSecurityFilter",
"class": "org.apache.catalina.filters.HttpHeaderSecurityFilter",
"params": [
{
"name": "hstsEnabled",
"value": "false"
},
{
"name": "antiClickJackingOption",
"value": "SAMEORIGIN"
}
]
},
{
"name": "TenantStoresFilter",
"class": "org.wso2.carbon.dashboard.store.filter.TenantStoreFilter"
},
{
"name" : "CSRFGuard",
"class" : "org.owasp.csrfguard.CsrfGuardFilter"
}
],
"filterMappings": [
{
"name": "HttpHeaderSecurityFilter",
"url": "*"
},
{
"name": "TenantStoresFilter",
"url": "/store/*"
},
{
"name": "TenantStoresFilter",
"url": "/temp/*"
},
{
"name" : "CSRFGuard",
"url" : "/*"
},
{
"name":"ContentTypeBasedCachePreventionFilter",
"url":"*"
}
]
}

195
modules/core/distribution/src/repository/jaggeryapps/publisher/jaggery.conf
Unescape View File

@ -0,0 +1,195 @@
{
"initScripts": ["config/app.js"],
"welcomeFiles": ["/controllers/index_router.jag"],
"sessionDestroyedListeners": ["config/clearindex.js"],
"logLevel": "info",
"urlMappings": [
{
"url": "/api/authenticate",
"path": "/apis/v1/authenticate.jag"
},
{
"url": "/asset/*",
"path": "/controllers/asset_router.jag"
},
{
"url": "/assets/*",
"path": "/controllers/assets_router.jag"
},
{
"url": "/assets/discover/*",
"path": "/controllers/app_discover_router.jag"
},
{
"url": "/api/asset/*",
"path": "/apis/v1/asset_api_router.jag"
},
{
"url": "/api/assets/*",
"path": "/apis/v1/assets_api_router.jag"
},
{
"url": "/api/discover/*",
"path": "/apis/v1/app_discover_api_router.jag"
},
{
"url": "/api/lifecycle/*",
"path": "/apis/v1/lifecycle_api_router.jag"
},
{
"url": "/api/entitlement/*",
"path": "/apis/v1/entitlement_api_router.jag"
},
{
"url": "/api/mobile/*",
"path": "/extensions/mobileapp/api/mobile_api_router.jag"
},
{
"url": "/api/validations/assets/*",
"path": "/apis/v1/validations_api_router.jag"
},
{
"url": "/api/validate/*",
"path": "/apis/v1/validations_api_router.jag"
},
{
"url": "/api/version/*",
"path": "/apis/v1/version_api_router.jag"
},
{
"url": "/api/tag/*",
"path": "/apis/v1/tags_api_router.jag"
},
{
"url": "/api/cache/*",
"path": "/apis/v1/cache_api_router.jag"
},
{
"url": "/storage/*",
"path": "/controllers/storage_router.jag"
},
{
"url": "/test",
"path": "/test.jag"
},
{
"url": "/login",
"path": "/controllers/login.jag"
},
{
"url": "/acs",
"path": "/controllers/acs.jag"
},
{
"url": "/logout",
"path": "/controllers/logout.jag"
},
{
"url": "/api/doc",
"path": "/apis/v1/docs.jag"
},
{
"url": "/webapp/doc/inline",
"path": "/controllers/inline-editor.jag"
},
{
"url": "/api/sso/*",
"path": "/apis/v1/ssoconfig_api_router.jag"
},
{
"url": "/api/mobileapp/getfile/*",
"path": "/extensions/mobileapp/getfile.jag"
},
{
"url": "/api/mobileapp/getplist/*",
"path": "/extensions/mobileapp/plist.jag"
},
{
"url": "/api/xacmlpolicy",
"path": "/extensions/webapp/modules/manager/xacmlpolicies.jag"
},
{
"url": "/api/mobileapp/upload",
"path": "/extensions/mobileapp/mobileupload.jag"
}
],
"errorPages": {
"401": "/controllers/error401.html",
"500": "/controllers/error500.html",
"404": "/controllers/error404.html",
"403": "/controllers/error403.html",
"400": "/controllers/error400.html"
},
"filters": [
{
"name": "HttpHeaderSecurityFilter",
"class": "org.apache.catalina.filters.HttpHeaderSecurityFilter",
"params": [
{
"name": "hstsEnabled",
"value": "false"
}
]
},
{
"name": "URLBasedCachePreventionFilter",
"class": "org.wso2.carbon.ui.filters.cache.URLBasedCachePreventionFilter"
},
{
"name" : "CSRFGuard",
"class" : "org.owasp.csrfguard.CsrfGuardFilter"
}
],
"filterMappings": [
{
"name": "HttpHeaderSecurityFilter",
"url": "*"
},
{
"name":"URLBasedCachePreventionFilter",
"url":"/api/*"
},
{
"name":"URLBasedCachePreventionFilter",
"url":"/asset/*"
},
{
"name":"URLBasedCachePreventionFilter",
"url":"/assets/*"
},
{
"name":"URLBasedCachePreventionFilter",
"url":"/storage/*"
},
{
"name" : "CSRFGuard",
"url" : "/*"
}
],
"listeners": [
{
"class": "org.owasp.csrfguard.CsrfGuardServletContextListener"
},
{
"class": "org.owasp.csrfguard.CsrfGuardHttpSessionListener"
}
],
"servlets": [
{
"name": "JavaScriptServlet",
"class": "org.owasp.csrfguard.servlet.JavaScriptServlet"
}
],
"servletMappings": [
{
"name": "JavaScriptServlet",
"url": "/csrf.js"
}
],
"contextParams": [
{
"name": "Owasp.CsrfGuard.Config",
"value": "repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
}
]
}

115
modules/core/distribution/src/repository/jaggeryapps/social/jaggery.conf
Unescape View File

@ -0,0 +1,115 @@
{
"welcomeFiles": ["index.jag"],
"sessionDestroyedListeners":["modules/clearindex.js"],
"initScripts": ["inits/app.js"],
"urlMappings": [
{
"url": "/apis/v1/comments/*",
"path": "/apis/v1/comments.jag"
},
{
"url": "/apis/v1/rating/*",
"path": "/apis/v1/rating.jag"
},
{
"url": "/",
"path": "/controllers/index.jag"
},
{
"url": "/t/*",
"path": "/controllers/index.jag"
},
{
"url": "/login",
"path": "/controllers/login.jag"
},
{
"url": "/logout",
"path": "/controllers/logout.jag"
},
{
"url": "/acs",
"path": "/controllers/acs.jag"
},
{
"url": "/configs/*",
"path": "/"
}
],
"errorPages": {
"500": "/controllers/error500.html",
"404": "/controllers/error404.html",
"401": "/controllers/error401.html",
"403": "/controllers/error403.html"
},
"filters":[
{
"name": "ContentTypeBasedCachePreventionFilter",
"class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
"params" : [
{"name" : "patterns", "value" : "text/html\" ,application/json\" ,text/plain"},
{"name" : "filterAction", "value" : "enforce"},
{"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"}
]
},
{
"name":"HttpHeaderSecurityFilter",
"class":"org.apache.catalina.filters.HttpHeaderSecurityFilter",
"params" : [{"name" : "hstsEnabled", "value" : "false"}]
},
{
"name":"HttpHeaderSecurityFilter_AntiClickJacking_SpecialURL",
"class":"org.apache.catalina.filters.HttpHeaderSecurityFilter"
"params" : [
{"name" : "hstsEnabled", "value" : "false"},
{"name" : "blockContentTypeSniffingEnabled", "value" : "false"},
{"name" : "xssProtectionEnabled", "value" : "false"},
{"name" : "antiClickJackingOption", "value" : "SAMEORIGIN"}
]
},
{
"name" : "CSRFGuard",
"class" : "org.owasp.csrfguard.CsrfGuardFilter"
}
],
"filterMappings":[
{
"name":"HttpHeaderSecurityFilter_AntiClickJacking_SpecialURL",
"url":"/social/*"
},
{
"name":"ContentTypeBasedCachePreventionFilter",
"url":"*"
},
{
"name" : "CSRFGuard",
"url" : "/*"
}
],
"listeners" : [
{
"class" : "org.owasp.csrfguard.CsrfGuardServletContextListener"
},
{
"class" : "org.owasp.csrfguard.CsrfGuardHttpSessionListener"
}
],
"servlets" : [
{
"name" : "JavaScriptServlet",
"class" : "org.owasp.csrfguard.servlet.JavaScriptServlet"
}
],
"servletMappings" : [
{
"name" : "JavaScriptServlet",
"url" : "/csrf.js"
}
],
"contextParams" : [
{
"name" : "Owasp.CsrfGuard.Config",
"value" : "repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
}
]
}

242
modules/core/distribution/src/repository/jaggeryapps/store/jaggery.conf
Unescape View File

@ -0,0 +1,242 @@
{
"welcomeFiles":[
"/controllers/public-stores.jag"
],
"initScripts":[
"/config/app.js"
],
"sessionDestroyedListeners":[
"/config/clearindex.js"
],
"logLevel":"info",
"urlMappings":[
{
"url":"/modules/*",
"path":"/"
},
{
"url":"/apis/v1/assets/*",
"path":"/apis/v1/assets.jag"
},
{
"url":"/apis/asset/*",
"path":"/apis/asset.jag"
},
{
"url":"/apis/assets/*",
"path":"/apis/assets.jag"
},
{
"url":"/apis/remove/*",
"path":"/apis/asset.jag"
},
{
"url":"/apis/tag/*",
"path":"/apis/tag.jag"
},
{
"url":"/apis/myAsset/*",
"path":"/apis/asset.jag"
},
{
"url":"/t/*",
"path":"/controllers/ref_tenant_router.jag"
},
{
"url":"/apis/user/*",
"path":"/apis/user.jag"
},
{
"url":"/apis/comment/*",
"path":"/apis/comment.jag"
},
{
"url":"/apis/enterprise/*",
"path":"/apis/enterprise.jag"
},
{
"url":"/apis/comments/*",
"path":"/apis/comment.jag"
},
{
"url":"/apis/eventpublish/*",
"path":"/apis/eventpublish.jag"
},
{
"url":"/apis/rate/*",
"path":"/apis/rating.jag"
},
{
"url":"/apis/favourite/*",
"path":"/apis/favourite.jag"
},
{
"url":"/apis/*",
"path":"/controllers/routers/apis.jag"
},
{
"url":"/assets/*",
"path":"/controllers/routers/assets.jag"
},
{
"url":"/resources/*",
"path":"/controllers/routers/restfulapis.jag"
},
{
"url":"/storage/*",
"path":"/controllers/routers/storage_router.jag"
},
{
"url":"/extensions/*",
"path":"/controllers/routers/extensions.jag"
},
{
"url":"/subscriptions/*",
"path":"/controllers/routers/subscriptions.jag"
},
{
"url":"/assets/",
"path":"/controllers/home.jag"
},
{
"url":"/assets/favourite",
"path":"/controllers/favouriteapps.jag"
},
{
"url":"/asset/*",
"path":"/routers/asset.jag"
},
{
"url":"/config",
"path":"/"
},
{
"url":"/acs",
"path":"/controllers/acs.jag"
},
{
"url":"/dashboard",
"path":"/controllers/dashboard.jag"
},
{
"url":"/login",
"path":"/controllers/login.jag"
},
{
"url":"/logout",
"path":"/controllers/logout.jag"
},
{
"url":"/mobileapp/device_image",
"path":"/extensions/assets/mobileapp/pages/device_image.jag"
},
{
"url":"/apps/*",
"path":"/extensions/assets/mobileapp/apis.jag"
},
{
"url":"/mobileapp/myapps",
"path":"/extensions/assets/mobileapp/pages/myapps.jag"
},
{
"url":"/api/mobileapp/getfile/*",
"path":"/extensions/assets/mobileapp/pages/getfile.jag"
}
],
"errorPages":{
"500":"/controllers/error500.html",
"404":"/controllers/error404.html",
"401":"/controllers/error401.html",
"403":"/controllers/error403.jag"
},
"filters": [
{
"name": "HttpHeaderSecurityFilter",
"class": "org.apache.catalina.filters.HttpHeaderSecurityFilter",
"params": [
{
"name": "hstsEnabled",
"value": "false"
}
]
},
{
"name": "HttpHeaderSecurityFilter_AntiClickJacking_SpecialURL",
"class": "org.apache.catalina.filters.HttpHeaderSecurityFilter",
"params": [
{
"name": "hstsEnabled",
"value": "false"
},
{
"name": "blockContentTypeSniffingEnabled",
"value": "false"
},
{
"name": "xssProtectionEnabled",
"value": "false"
},
{
"name": "antiClickJackingOption",
"value": "SAMEORIGIN"
}
]
},
{
"name": "URLBasedCachePreventionFilter",
"class": "org.wso2.carbon.ui.filters.cache.URLBasedCachePreventionFilter"
},
{
"name" : "CSRFGuard",
"class" : "org.owasp.csrfguard.CsrfGuardFilter"
}
],
"filterMappings": [
{
"name": "HttpHeaderSecurityFilter",
"url": "*"
},
{
"name": "HttpHeaderSecurityFilter_AntiClickJacking_SpecialURL",
"url": "/samlsso/*"
},
{
"name":"URLBasedCachePreventionFilter",
"url":"/apis/*"
},
{
"name":"URLBasedCachePreventionFilter",
"url":"/assets/*"
},
{
"name" : "CSRFGuard",
"url" : "/*"
}
],
"listeners": [
{
"class": "org.owasp.csrfguard.CsrfGuardServletContextListener"
},
{
"class": "org.owasp.csrfguard.CsrfGuardHttpSessionListener"
}
],
"servlets": [
{
"name": "JavaScriptServlet",
"class": "org.owasp.csrfguard.servlet.JavaScriptServlet"
}
],
"servletMappings": [
{
"name": "JavaScriptServlet",
"url": "/csrf.js"
}
],
"contextParams": [
{
"name": "Owasp.CsrfGuard.Config",
"value": "repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
}
]
}
Write Preview
Loading…
Cancel
Save