Added security configs to that were missing

modules/analytics/distribution/src/assembly/bin.xml

@@ -833,5 +833,12 @@
             <filtered>true</filtered>
             <fileMode>644</fileMode>
         </file>
+        <file>
+            <source>src/repository/jaggeryapps/portal/jaggery.conf</source>
+            <outputDirectory>
+                ${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/
+            </outputDirectory>
+            <fileMode>755</fileMode>
+        </file>
     </files>
 </assembly>

modules/analytics/distribution/src/repository/jaggeryapps/portal/jaggery.conf

@@ -0,0 +1,187 @@
+{
+  "initScripts": [
+    "js/dashboard-deployer.js"
+  ],
+  "welcomeFiles": [
+    "routers/tenant.jag"
+  ],
+  "errorPages": {
+    "500": "/controllers/error-pages/error500.html",
+    "404": "/controllers/error-pages/error404.html",
+    "401": "/controllers/error-pages/error401.html",
+    "405": "/controllers/error-pages/error405.html",
+    "403": "/controllers/error-pages/error403.html",
+    "400": "/controllers/error-pages/error400.html"
+  },
+  "urlMappings": [
+    {
+      "url": "/login-controller",
+      "path": "/routers/tenant.jag"
+    },
+    {
+      "url": "/login",
+      "path": "/routers/tenant.jag"
+    },
+    {
+      "url": "/logout",
+      "path": "/routers/tenant.jag"
+    },
+    {
+      "url": "/t/*",
+      "path": "/routers/tenant.jag"
+    },
+    {
+      "url": "/apis/*",
+      "path": "/routers/tenant.jag"
+    },
+    {
+      "url": "/dashboards/*",
+      "path": "/routers/tenant.jag"
+    },
+    {
+      "url": "/gadget/*",
+      "path": "/routers/tenant.jag"
+    },
+    {
+      "url": "/layout/*",
+      "path": "/routers/tenant.jag"
+    },
+    {
+      "url": "/assets/*",
+      "path": "/routers/tenant.jag"
+    },
+    {
+      "url": "/create-dashboard",
+      "path": "/routers/tenant.jag"
+    },
+    {
+      "url": "/dashboard-settings/*",
+      "path": "/routers/tenant.jag"
+    },
+    {
+      "url": "/select-layout",
+      "path": "/routers/tenant.jag"
+    },
+    {
+      "url": "/create-gadget",
+      "path": "/routers/tenant.jag"
+    },
+    {
+      "url": "/upload-gadget",
+      "path": "/routers/tenant.jag"
+    },
+    {
+      "url": "/upload-layout",
+      "path": "/routers/tenant.jag"
+    },
+    {
+      "url": "/geojson/world/*",
+      "path": "/templates/geojson/world.json"
+    },
+    {
+      "url": "/geojson/europe/*",
+      "path": "/templates/geojson/europe.json"
+    },
+    {
+      "url": "/geojson/usa/*",
+      "path": "/templates/geojson/usa.json"
+    },
+    {
+      "url": "/geojson/countryInfo/*",
+      "path": "/templates/geojson/countryInfo.json"
+    },
+    {
+      "url": "/geojson/usaInfo/*",
+      "path": "/templates/geojson/usaInfo.json"
+    },
+    {
+      "url": "/acs",
+      "path": "/controllers/acs.jag"
+    },
+    {
+      "url": "/banners/*",
+      "path": "/routers/tenant.jag"
+    },
+    {
+      "url": "/gadgets/*",
+      "path": "/routers/tenant.jag"
+    },
+    {
+      "url": "/configs/designer.json",
+      "path": "/controllers/error-pages/error404.html"
+    }
+  ],
+  "listeners": [
+    {
+      "class": "org.owasp.csrfguard.CsrfGuardServletContextListener"
+    },
+    {
+      "class": "org.owasp.csrfguard.CsrfGuardHttpSessionListener"
+    }
+  ],
+  "servlets": [
+    {
+      "name": "JavaScriptServlet",
+      "class": "org.owasp.csrfguard.servlet.JavaScriptServlet"
+    }
+  ],
+  "servletMappings": [
+    {
+      "name": "JavaScriptServlet",
+      "url": "/csrf.js"
+    }
+  ],
+  "contextParams": [
+    {
+      "name": "Owasp.CsrfGuard.Config",
+      "value": "repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
+    }
+  ],
+  "filters": [
+    {
+            "name": "ContentTypeBasedCachePreventionFilter",
+            "class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
+            "params" : [
+                {"name" : "patterns", "value" : "text/html\" ,application/json\" ,text/plain"},
+                {"name" : "filterAction", "value" : "enforce"},
+                {"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"}
+            ]
+    },
+    {
+      "name": "HttpHeaderSecurityFilter",
+      "class": "org.apache.catalina.filters.HttpHeaderSecurityFilter",
+      "params": [
+        {
+          "name": "hstsEnabled",
+          "value": "false"
+        },
+        {
+          "name": "antiClickJackingOption",
+          "value": "SAMEORIGIN"
+        }
+      ]
+    },
+    {
+      "name": "TenantStoresFilter",
+      "class": "org.wso2.carbon.dashboard.store.filter.TenantStoreFilter"
+    }
+  ],
+  "filterMappings": [
+    {
+      "name": "HttpHeaderSecurityFilter",
+      "url": "*"
+    },
+    {
+       "name": "TenantStoresFilter",
+       "url": "/store/*"
+    },
+    {
+       "name": "TenantStoresFilter",
+       "url": "/temp/*"
+    },
+    {
+        "name":"ContentTypeBasedCachePreventionFilter",
+        "url":"*"
+    }
+  ]
+}

modules/core/distribution/src/assembly/bin.xml

@@ -1312,6 +1312,13 @@
             <filtered>true</filtered>
             <fileMode>644</fileMode>
         </file>
+        <file>
+            <source>src/repository/jaggeryapps/android-web-agent/jaggery.conf</source>
+            <outputDirectory>
+                ${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/android-web-agent/
+            </outputDirectory>
+            <fileMode>755</fileMode>
+        </file>
         <file>
             <source>src/repository/jaggeryapps/api-store/jaggery.conf</source>
             <outputDirectory>
@@ -1347,6 +1354,13 @@
             </outputDirectory>
             <fileMode>755</fileMode>
         </file>
+        <file>
+            <source>src/repository/jaggeryapps/windows-web-agent/jaggery.conf</source>
+            <outputDirectory>
+                ${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/windows-web-agent/
+            </outputDirectory>
+            <fileMode>755</fileMode>
+        </file>
 
         <file>
             <source>target/webapp-temp/api-application-registration.war</source>

modules/core/distribution/src/repository/jaggeryapps/android-web-agent/jaggery.conf

@@ -0,0 +1,58 @@
+{
+  "displayName": "UUF Template App",
+  "logLevel": "warn",
+  "urlMappings": [
+    {
+      "url": "/uuf/login",
+      "path": "/lib/modules/auth/login.jag"
+    },
+    {
+      "url": "/uuf/logout",
+      "path": "/lib/modules/auth/logout.jag"
+    },
+    {
+      "url": "/uuf/sso/acs",
+      "path": "/lib/modules/auth/acs.jag"
+    },
+    {
+      "url": "/public/*",
+      "path": "/lib/static-files.jag"
+    },
+    {
+      "url": "/unit/*",
+      "path": "/lib/units.jag"
+    },
+    {
+      "url": "/*",
+      "path": "/lib/pages.jag"
+    }
+  ],
+  "filters": [
+    {
+            "name": "ContentTypeBasedCachePreventionFilter",
+            "class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
+            "params" : [
+                {"name" : "patterns", "value" : "text/html\" ,application/json\" ,text/plain"},
+                {"name" : "filterAction", "value" : "enforce"},
+                {"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"}
+            ]
+    },
+    {
+      "name":"HttpHeaderSecurityFilter",
+      "class":"org.apache.catalina.filters.HttpHeaderSecurityFilter",
+      "params" : [{"name" : "hstsEnabled", "value" : "false"}]
+    }
+
+  ],
+  "filterMappings": [
+    {
+      "name":"HttpHeaderSecurityFilter",
+       "url":"*"
+    },
+    {
+        "name":"ContentTypeBasedCachePreventionFilter",
+        "url":"*"
+    }
+
+  ]
+}

modules/core/distribution/src/repository/jaggeryapps/api-store/jaggery.conf

@@ -66,7 +66,7 @@
             "name": "ContentTypeBasedCachePreventionFilter",
             "class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
             "params" : [
-                {"name" : "patterns", "value" : "text/html"},
+                {"name" : "patterns", "value" : "text/html\" ,application/json\" ,text/plain"},
                 {"name" : "filterAction", "value" : "enforce"},
                 {"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"}
             ]

modules/core/distribution/src/repository/jaggeryapps/windows-web-agent/jaggery.conf

@@ -0,0 +1,125 @@
+{
+  "displayName": "EMM Web Agent",
+  "logLevel": "error",
+  "initScripts": ["/app/modules/init.js"],
+  "urlMappings": [
+      {
+        "url": "/enrollment",
+        "path": "/lib/pages.jag"
+      },
+      {
+        "url": "/enrollment/windows/login",
+        "path": "/app/modules/enrollments/windows/agent-controller.jag"
+      },
+      {
+        "url": "/enrollment/windows/enroll",
+        "path": "/app/modules/enrollments/windows/agent-enroll.jag"
+      },
+      {
+        "url": "/enrollment/ios/download-certificate",
+        "path": "/app/modules/enrollments/ios/certificate.jag"
+      },
+      {
+        "url": "/enrollment/ios/download-agent",
+        "path": "/app/modules/enrollments/ios/agent.jag"
+      },
+      {
+        "url": "/enrollment/ios/login",
+        "path": "/app/modules/enrollments/ios/agent-controller.jag"
+      },
+      {
+        "url": "/enrollment/ios/enroll",
+        "path": "/app/modules/enrollments/ios/agent-enroll.jag"
+      },
+      {
+        "url": "/enrollment/ios/check",
+        "path": "/app/modules/enrollments/ios/agent-check.jag"
+      },
+      {
+        "url": "/api/invoker/*",
+        "path": "/api/invoker-api.jag"
+      },
+      {
+        "url": "/uuf/login",
+        "path": "/lib/modules/auth/login.jag"
+      },
+      {
+        "url": "/uuf/logout",
+        "path": "/lib/modules/auth/logout.jag"
+      },
+      {
+        "url": "/uuf/sso/acs",
+        "path": "/lib/modules/auth/acs.jag"
+      },
+      {
+        "url": "/public/*",
+        "path": "/lib/static-files.jag"
+      },
+      {
+        "url": "/unit/*",
+        "path": "/lib/units.jag"
+      },
+      {
+        "url": "/*",
+        "path": "/lib/pages.jag"
+      }
+  ],
+  "securityConstraints": [
+    {
+      "securityConstraint": {
+        "webResourceCollection": {
+          "name": "WINDOWS-WEB-AGENT",
+          "urlPatterns": [
+            "/*"
+          ]
+        },
+        "userDataConstraint": {
+          "transportGuarantee": "CONFIDENTIAL"
+        }
+      }
+    },
+    {
+      "securityConstraint": {
+        "webResourceCollection": {
+          "name": "WINDOWS-WEB-AGENT-http",
+          "urlPatterns": [
+            "/public/*",
+            "/enrollments/windows/*",
+            "/enrollment/windows/*"
+          ]
+        },
+        "userDataConstraint": {
+          "transportGuarantee": "NONE"
+        }
+      }
+    }
+  ],
+  "filters": [
+    {
+            "name": "ContentTypeBasedCachePreventionFilter",
+            "class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
+            "params" : [
+                {"name" : "patterns", "value" : "text/html\" ,application/json\" ,text/plain"},
+                {"name" : "filterAction", "value" : "enforce"},
+                {"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"}
+            ]
+    },
+    {
+      "name":"HttpHeaderSecurityFilter",
+      "class":"org.apache.catalina.filters.HttpHeaderSecurityFilter",
+      "params" : [{"name" : "hstsEnabled", "value" : "false"}]
+    }
+
+  ],
+  "filterMappings": [
+    {
+      "name":"HttpHeaderSecurityFilter",
+       "url":"*"
+    },
+    {
+        "name":"ContentTypeBasedCachePreventionFilter",
+        "url":"*"
+    }
+
+  ]
+}