From 69062c0ec148ccadaced3ef1d6eff63ba422c055 Mon Sep 17 00:00:00 2001
From: st782s <statta@research.att.com>
Date: Wed, 3 Jan 2018 14:30:16 -0500
Subject: Harden code

Issue-ID: PORTAL-145,PORTAL-119,PORTAL-118

Harden code to address SQL injecton, XSS vulnerabilities; Separate
docker images for portal, sdk app and DMaaPBC ui; Missing error page

Change-Id: I1818fbf86c601dd41b274729038e731fb2ec8f7d
Signed-off-by: st782s <statta@research.att.com>
---
 .../epsdk-app-os/src/main/webapp/WEB-INF/web.xml   | 23 ++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

(limited to 'ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml')

diff --git a/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml b/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml
index f5039df4..76a372be 100644
--- a/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml
+++ b/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml
@@ -1,8 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee" 
-         xmlns:web="http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
-         version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee">
+	xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee" xmlns:web="http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+	version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee">
 
 	<display-name>ecomp-sdk-app-os</display-name>
 
@@ -14,12 +13,16 @@
 		<tracking-mode>COOKIE</tracking-mode>
 	</session-config>
 	<filter>
-    <filter-name>SecurityXssFilter</filter-name>
-    <filter-class>org.onap.portalapp.filter.SecurityXssFilter</filter-class>
-   </filter> 
-    <filter-mapping>
-    <filter-name>SecurityXssFilter</filter-name>
-    <url-pattern>/*</url-pattern>
-  </filter-mapping>
+		<filter-name>SecurityXssFilter</filter-name>
+		<filter-class>org.onap.portalapp.filter.SecurityXssFilter
+		</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>SecurityXssFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+	<error-page>
+		<location>/WEB-INF/jsp/error.jsp</location>
+	</error-page>
 
 </web-app>
\ No newline at end of file
-- 
cgit 1.2.3-korg