diff options
| author |   st782s <statta@research.att.com> | 2018-01-03 14:30:16 -0500 |
|---|---|---|
| committer | TATTAVARADA <statta@research.att.com> | 2018-01-03 14:31:40 -0500 |
| commit | 69062c0ec148ccadaced3ef1d6eff63ba422c055 (patch) | |
| tree | 153af87b560baa991263ad66797f44e1c475431f /ecomp-sdk/epsdk-app-os/src/main/webapp | |
| parent | ed07ebfbce4031ef4dfbd2f42147f6a7b351aeb8 (diff) | |
Harden code
Issue-ID: PORTAL-145,PORTAL-119,PORTAL-118
Harden code to address SQL injecton, XSS vulnerabilities; Separate
docker images for portal, sdk app and DMaaPBC ui; Missing error page
Change-Id: I1818fbf86c601dd41b274729038e731fb2ec8f7d
Signed-off-by: st782s <statta@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-app-os/src/main/webapp')
| -rw-r--r-- | ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/conf/system.properties | 4 | ||||
| -rw-r--r-- | ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml | 23 |
2 files changed, 16 insertions, 11 deletions
diff --git a/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/conf/system.properties b/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/conf/system.properties index de056a3d..0dc81301 100644 --- a/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/conf/system.properties +++ b/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/conf/system.properties @@ -69,4 +69,6 @@ instance_uuid=8da691c9-987d-43ed-a358-00ac2f35685d # app_base_url = https://www.openecomp.org/app_context/ #authenticate user server -authenticate_user_server=http://todo_enter_auth_server_hostname:8383/openid-connect-server-webapp/allUsers
\ No newline at end of file +authenticate_user_server=http://todo_enter_auth_server_hostname:8383/openid-connect-server-webapp/allUsers +#cookie domain +cookie_domain = onap.org
\ No newline at end of file diff --git a/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml b/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml index f5039df4..76a372be 100644 --- a/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml +++ b/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml @@ -1,8 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee" - xmlns:web="http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" - version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee"> + xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee" xmlns:web="http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" + version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee"> <display-name>ecomp-sdk-app-os</display-name> @@ -14,12 +13,16 @@ <tracking-mode>COOKIE</tracking-mode> </session-config> <filter> - <filter-name>SecurityXssFilter</filter-name> - <filter-class>org.onap.portalapp.filter.SecurityXssFilter</filter-class> - </filter> - <filter-mapping> - <filter-name>SecurityXssFilter</filter-name> - <url-pattern>/*</url-pattern> - </filter-mapping> + <filter-name>SecurityXssFilter</filter-name> + <filter-class>org.onap.portalapp.filter.SecurityXssFilter + </filter-class> + </filter> + <filter-mapping> + <filter-name>SecurityXssFilter</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> + <error-page> + <location>/WEB-INF/jsp/error.jsp</location> + </error-page> </web-app>
\ No newline at end of file |