From e3982f6c2a13c903947a66d89e1af1ccbb161e5f Mon Sep 17 00:00:00 2001
From: "Christopher Lott (cl778h)" <clott@research.att.com>
Date: Fri, 20 Oct 2017 08:22:19 -0400
Subject: Role management; security vulnerabilities.

Extend user/role management interface to allow role deletion.
Add filters to defend against common web Javascript attacks.
Drop Greensock code with unusable license.
Use OParent in EPSDK web application.

Issue: US324470, US342324, PORTAL-127
Change-Id: I3a10744fbbbdbda7c88d2b2e542e72e779c9b142
Signed-off-by: Christopher Lott (cl778h) <clott@research.att.com>
---
 ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF')

diff --git a/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml b/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml
index 0290f1fc..7441508a 100644
--- a/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml
+++ b/ecomp-sdk/epsdk-app-os/src/main/webapp/WEB-INF/web.xml
@@ -10,8 +10,16 @@
 	<distributable />
 
 	<session-config>
-		<session-timeout>7</session-timeout>
+		<session-timeout>30</session-timeout>
 		<tracking-mode>COOKIE</tracking-mode>
 	</session-config>
+	<filter>
+    <filter-name>SecurityXssFilter</filter-name>
+    <filter-class>org.onap.portalapp.filtersss.SecurityXssFilter</filter-class>
+   </filter> 
+    <filter-mapping>
+    <filter-name>SecurityXssFilter</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
 
 </web-app>
\ No newline at end of file
-- 
cgit 1.2.3-korg