From 93a4a9d4943853b863be269249ca871af7d31ef9 Mon Sep 17 00:00:00 2001 From: Maninda Date: Wed, 18 Jan 2017 16:33:42 +0530 Subject: [PATCH] Added security configs to that were missing --- .../distribution/src/assembly/bin.xml | 7 + .../jaggeryapps/portal/jaggery.conf | 187 ++++++++++++++++++ .../core/distribution/src/assembly/bin.xml | 14 ++ .../android-web-agent/jaggery.conf | 58 ++++++ .../jaggeryapps/api-store/jaggery.conf | 2 +- .../windows-web-agent/jaggery.conf | 125 ++++++++++++ 6 files changed, 392 insertions(+), 1 deletion(-) create mode 100644 modules/analytics/distribution/src/repository/jaggeryapps/portal/jaggery.conf create mode 100644 modules/core/distribution/src/repository/jaggeryapps/android-web-agent/jaggery.conf create mode 100644 modules/core/distribution/src/repository/jaggeryapps/windows-web-agent/jaggery.conf diff --git a/modules/analytics/distribution/src/assembly/bin.xml b/modules/analytics/distribution/src/assembly/bin.xml index 2055b087..6153fc43 100644 --- a/modules/analytics/distribution/src/assembly/bin.xml +++ b/modules/analytics/distribution/src/assembly/bin.xml @@ -833,5 +833,12 @@ true 644 + + src/repository/jaggeryapps/portal/jaggery.conf + + ${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/ + + 755 + diff --git a/modules/analytics/distribution/src/repository/jaggeryapps/portal/jaggery.conf b/modules/analytics/distribution/src/repository/jaggeryapps/portal/jaggery.conf new file mode 100644 index 00000000..77030553 --- /dev/null +++ b/modules/analytics/distribution/src/repository/jaggeryapps/portal/jaggery.conf @@ -0,0 +1,187 @@ +{ + "initScripts": [ + "js/dashboard-deployer.js" + ], + "welcomeFiles": [ + "routers/tenant.jag" + ], + "errorPages": { + "500": "/controllers/error-pages/error500.html", + "404": "/controllers/error-pages/error404.html", + "401": "/controllers/error-pages/error401.html", + "405": "/controllers/error-pages/error405.html", + "403": "/controllers/error-pages/error403.html", + "400": "/controllers/error-pages/error400.html" + }, + "urlMappings": [ + { + "url": "/login-controller", + "path": "/routers/tenant.jag" + }, + { + "url": "/login", + "path": "/routers/tenant.jag" + }, + { + "url": "/logout", + "path": "/routers/tenant.jag" + }, + { + "url": "/t/*", + "path": "/routers/tenant.jag" + }, + { + "url": "/apis/*", + "path": "/routers/tenant.jag" + }, + { + "url": "/dashboards/*", + "path": "/routers/tenant.jag" + }, + { + "url": "/gadget/*", + "path": "/routers/tenant.jag" + }, + { + "url": "/layout/*", + "path": "/routers/tenant.jag" + }, + { + "url": "/assets/*", + "path": "/routers/tenant.jag" + }, + { + "url": "/create-dashboard", + "path": "/routers/tenant.jag" + }, + { + "url": "/dashboard-settings/*", + "path": "/routers/tenant.jag" + }, + { + "url": "/select-layout", + "path": "/routers/tenant.jag" + }, + { + "url": "/create-gadget", + "path": "/routers/tenant.jag" + }, + { + "url": "/upload-gadget", + "path": "/routers/tenant.jag" + }, + { + "url": "/upload-layout", + "path": "/routers/tenant.jag" + }, + { + "url": "/geojson/world/*", + "path": "/templates/geojson/world.json" + }, + { + "url": "/geojson/europe/*", + "path": "/templates/geojson/europe.json" + }, + { + "url": "/geojson/usa/*", + "path": "/templates/geojson/usa.json" + }, + { + "url": "/geojson/countryInfo/*", + "path": "/templates/geojson/countryInfo.json" + }, + { + "url": "/geojson/usaInfo/*", + "path": "/templates/geojson/usaInfo.json" + }, + { + "url": "/acs", + "path": "/controllers/acs.jag" + }, + { + "url": "/banners/*", + "path": "/routers/tenant.jag" + }, + { + "url": "/gadgets/*", + "path": "/routers/tenant.jag" + }, + { + "url": "/configs/designer.json", + "path": "/controllers/error-pages/error404.html" + } + ], + "listeners": [ + { + "class": "org.owasp.csrfguard.CsrfGuardServletContextListener" + }, + { + "class": "org.owasp.csrfguard.CsrfGuardHttpSessionListener" + } + ], + "servlets": [ + { + "name": "JavaScriptServlet", + "class": "org.owasp.csrfguard.servlet.JavaScriptServlet" + } + ], + "servletMappings": [ + { + "name": "JavaScriptServlet", + "url": "/csrf.js" + } + ], + "contextParams": [ + { + "name": "Owasp.CsrfGuard.Config", + "value": "repository/conf/security/Owasp.CsrfGuard.dashboard.properties" + } + ], + "filters": [ + { + "name": "ContentTypeBasedCachePreventionFilter", + "class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter", + "params" : [ + {"name" : "patterns", "value" : "text/html\" ,application/json\" ,text/plain"}, + {"name" : "filterAction", "value" : "enforce"}, + {"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"} + ] + }, + { + "name": "HttpHeaderSecurityFilter", + "class": "org.apache.catalina.filters.HttpHeaderSecurityFilter", + "params": [ + { + "name": "hstsEnabled", + "value": "false" + }, + { + "name": "antiClickJackingOption", + "value": "SAMEORIGIN" + } + ] + }, + { + "name": "TenantStoresFilter", + "class": "org.wso2.carbon.dashboard.store.filter.TenantStoreFilter" + } + ], + "filterMappings": [ + { + "name": "HttpHeaderSecurityFilter", + "url": "*" + }, + { + "name": "TenantStoresFilter", + "url": "/store/*" + }, + { + "name": "TenantStoresFilter", + "url": "/temp/*" + }, + { + "name":"ContentTypeBasedCachePreventionFilter", + "url":"*" + } + ] +} diff --git a/modules/core/distribution/src/assembly/bin.xml b/modules/core/distribution/src/assembly/bin.xml index 2b382f33..edbc77f8 100644 --- a/modules/core/distribution/src/assembly/bin.xml +++ b/modules/core/distribution/src/assembly/bin.xml @@ -1312,6 +1312,13 @@ true 644 + + src/repository/jaggeryapps/android-web-agent/jaggery.conf + + ${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/android-web-agent/ + + 755 + src/repository/jaggeryapps/api-store/jaggery.conf @@ -1347,6 +1354,13 @@ 755 + + src/repository/jaggeryapps/windows-web-agent/jaggery.conf + + ${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/windows-web-agent/ + + 755 + target/webapp-temp/api-application-registration.war diff --git a/modules/core/distribution/src/repository/jaggeryapps/android-web-agent/jaggery.conf b/modules/core/distribution/src/repository/jaggeryapps/android-web-agent/jaggery.conf new file mode 100644 index 00000000..7c33479a --- /dev/null +++ b/modules/core/distribution/src/repository/jaggeryapps/android-web-agent/jaggery.conf @@ -0,0 +1,58 @@ +{ + "displayName": "UUF Template App", + "logLevel": "warn", + "urlMappings": [ + { + "url": "/uuf/login", + "path": "/lib/modules/auth/login.jag" + }, + { + "url": "/uuf/logout", + "path": "/lib/modules/auth/logout.jag" + }, + { + "url": "/uuf/sso/acs", + "path": "/lib/modules/auth/acs.jag" + }, + { + "url": "/public/*", + "path": "/lib/static-files.jag" + }, + { + "url": "/unit/*", + "path": "/lib/units.jag" + }, + { + "url": "/*", + "path": "/lib/pages.jag" + } + ], + "filters": [ + { + "name": "ContentTypeBasedCachePreventionFilter", + "class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter", + "params" : [ + {"name" : "patterns", "value" : "text/html\" ,application/json\" ,text/plain"}, + {"name" : "filterAction", "value" : "enforce"}, + {"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"} + ] + }, + { + "name":"HttpHeaderSecurityFilter", + "class":"org.apache.catalina.filters.HttpHeaderSecurityFilter", + "params" : [{"name" : "hstsEnabled", "value" : "false"}] + } + + ], + "filterMappings": [ + { + "name":"HttpHeaderSecurityFilter", + "url":"*" + }, + { + "name":"ContentTypeBasedCachePreventionFilter", + "url":"*" + } + + ] +} diff --git a/modules/core/distribution/src/repository/jaggeryapps/api-store/jaggery.conf b/modules/core/distribution/src/repository/jaggeryapps/api-store/jaggery.conf index cd51e91f..520acab5 100644 --- a/modules/core/distribution/src/repository/jaggeryapps/api-store/jaggery.conf +++ b/modules/core/distribution/src/repository/jaggeryapps/api-store/jaggery.conf @@ -66,7 +66,7 @@ "name": "ContentTypeBasedCachePreventionFilter", "class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter", "params" : [ - {"name" : "patterns", "value" : "text/html"}, + {"name" : "patterns", "value" : "text/html\" ,application/json\" ,text/plain"}, {"name" : "filterAction", "value" : "enforce"}, {"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"} ] diff --git a/modules/core/distribution/src/repository/jaggeryapps/windows-web-agent/jaggery.conf b/modules/core/distribution/src/repository/jaggeryapps/windows-web-agent/jaggery.conf new file mode 100644 index 00000000..00514b3a --- /dev/null +++ b/modules/core/distribution/src/repository/jaggeryapps/windows-web-agent/jaggery.conf @@ -0,0 +1,125 @@ +{ + "displayName": "EMM Web Agent", + "logLevel": "error", + "initScripts": ["/app/modules/init.js"], + "urlMappings": [ + { + "url": "/enrollment", + "path": "/lib/pages.jag" + }, + { + "url": "/enrollment/windows/login", + "path": "/app/modules/enrollments/windows/agent-controller.jag" + }, + { + "url": "/enrollment/windows/enroll", + "path": "/app/modules/enrollments/windows/agent-enroll.jag" + }, + { + "url": "/enrollment/ios/download-certificate", + "path": "/app/modules/enrollments/ios/certificate.jag" + }, + { + "url": "/enrollment/ios/download-agent", + "path": "/app/modules/enrollments/ios/agent.jag" + }, + { + "url": "/enrollment/ios/login", + "path": "/app/modules/enrollments/ios/agent-controller.jag" + }, + { + "url": "/enrollment/ios/enroll", + "path": "/app/modules/enrollments/ios/agent-enroll.jag" + }, + { + "url": "/enrollment/ios/check", + "path": "/app/modules/enrollments/ios/agent-check.jag" + }, + { + "url": "/api/invoker/*", + "path": "/api/invoker-api.jag" + }, + { + "url": "/uuf/login", + "path": "/lib/modules/auth/login.jag" + }, + { + "url": "/uuf/logout", + "path": "/lib/modules/auth/logout.jag" + }, + { + "url": "/uuf/sso/acs", + "path": "/lib/modules/auth/acs.jag" + }, + { + "url": "/public/*", + "path": "/lib/static-files.jag" + }, + { + "url": "/unit/*", + "path": "/lib/units.jag" + }, + { + "url": "/*", + "path": "/lib/pages.jag" + } + ], + "securityConstraints": [ + { + "securityConstraint": { + "webResourceCollection": { + "name": "WINDOWS-WEB-AGENT", + "urlPatterns": [ + "/*" + ] + }, + "userDataConstraint": { + "transportGuarantee": "CONFIDENTIAL" + } + } + }, + { + "securityConstraint": { + "webResourceCollection": { + "name": "WINDOWS-WEB-AGENT-http", + "urlPatterns": [ + "/public/*", + "/enrollments/windows/*", + "/enrollment/windows/*" + ] + }, + "userDataConstraint": { + "transportGuarantee": "NONE" + } + } + } + ], + "filters": [ + { + "name": "ContentTypeBasedCachePreventionFilter", + "class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter", + "params" : [ + {"name" : "patterns", "value" : "text/html\" ,application/json\" ,text/plain"}, + {"name" : "filterAction", "value" : "enforce"}, + {"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"} + ] + }, + { + "name":"HttpHeaderSecurityFilter", + "class":"org.apache.catalina.filters.HttpHeaderSecurityFilter", + "params" : [{"name" : "hstsEnabled", "value" : "false"}] + } + + ], + "filterMappings": [ + { + "name":"HttpHeaderSecurityFilter", + "url":"*" + }, + { + "name":"ContentTypeBasedCachePreventionFilter", + "url":"*" + } + + ] +}