aboutsummaryrefslogtreecommitdiffstats
path: root/utils/webseal-simulator/src/main
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2022-10-04 18:16:26 +0100
committerVasyl Razinkov <vasyl.razinkov@est.tech>2022-10-04 18:54:54 +0000
commit0899720f168c09d037e577109d7cab665fe1fb91 (patch)
treec6c210914a6fb029841d28de92cb760cdad6088d /utils/webseal-simulator/src/main
parentca487f60c2ca67794b16c0ff0cf5cc6deca556fc (diff)
Fix bug 'X-Frame-Options not configured: Lack of clickjacking protection'
Add new Filter (ContentSecurityPolicyHeaderFilter) Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: Ic8151df64e4b95b3d59b44a5f74dd12210f55e87 Issue-ID: SDC-4192
Diffstat (limited to 'utils/webseal-simulator/src/main')
-rw-r--r--utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/ContentSecurityPolicyHeaderFilter.java32
-rw-r--r--utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/conf/Conf.java100
-rw-r--r--utils/webseal-simulator/src/main/webapp/WEB-INF/web.xml11
3 files changed, 84 insertions, 59 deletions
diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/ContentSecurityPolicyHeaderFilter.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/ContentSecurityPolicyHeaderFilter.java
new file mode 100644
index 0000000000..ed4b4c1c39
--- /dev/null
+++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/ContentSecurityPolicyHeaderFilter.java
@@ -0,0 +1,32 @@
+/*
+ * ============LICENSE_START=======================================================
+ * SDC
+ * ================================================================================
+ * Copyright (C) 2022 Nordix Foundation. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.sdc.webseal.simulator;
+
+import org.openecomp.sdc.common.filters.ContentSecurityPolicyHeaderFilterAbstract;
+import org.openecomp.sdc.webseal.simulator.conf.Conf;
+
+public class ContentSecurityPolicyHeaderFilter extends ContentSecurityPolicyHeaderFilterAbstract {
+
+ @Override
+ protected String getPermittedAncestors() {
+ return Conf.getInstance().getPermittedAncestors();
+ }
+}
diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/conf/Conf.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/conf/Conf.java
index 449fe62f49..eb498c975e 100644
--- a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/conf/Conf.java
+++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/conf/Conf.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -22,75 +22,59 @@ package org.openecomp.sdc.webseal.simulator.conf;
import com.typesafe.config.Config;
import com.typesafe.config.ConfigFactory;
-import org.openecomp.sdc.webseal.simulator.User;
-
import java.io.File;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import lombok.Getter;
+import lombok.Setter;
+import org.openecomp.sdc.webseal.simulator.User;
+@Getter
+@Setter
public class Conf {
- private static Conf conf = new Conf();
- private String feHost;
- private Map<String,User> users = new HashMap<String,User>();
+ private static Conf conf = new Conf();
+ private String feHost;
+ private Map<String, User> users = new HashMap<String, User>();
private String portalCookieName;
+ private String permittedAncestors; // Space separated list of permitted ancestors
- private void setPortalCookieName(String portalCookieName) {
- this.portalCookieName = portalCookieName;
+ private Conf() {
+ initConf();
}
- public String getPortalCookieName() {
- return portalCookieName;
- }
+ private void initConf() {
+ try {
+ String confPath = System.getProperty("config.resource");
+ if (confPath == null) {
+ System.out.println("config.resource is empty - goint to get it from config.home");
+ confPath = System.getProperty("config.home") + "/webseal.conf";
+ }
+ System.out.println("confPath=" + confPath);
+ final Config confFile = ConfigFactory.parseFileAnySyntax(new File(confPath));
+ final Config resolve = confFile.resolve();
+ setFeHost(resolve.getString("webseal.fe"));
+ setPortalCookieName(resolve.getString("webseal.portalCookieName"));
+ final List<? extends Config> list = resolve.getConfigList("webseal.users");
- private Conf(){
- initConf();
- }
-
- private void initConf() {
- try{
- String confPath = System.getProperty("config.resource");
- if (confPath == null){
- System.out.println("config.resource is empty - goint to get it from config.home");
- confPath = System.getProperty("config.home") + "/webseal.conf";
- }
- System.out.println("confPath=" + confPath );
- Config confFile = ConfigFactory.parseFileAnySyntax(new File(confPath));
- Config resolve = confFile.resolve();
- setFeHost(resolve.getString("webseal.fe"));
- setPortalCookieName(resolve.getString("webseal.portalCookieName"));
- List<? extends Config> list = resolve.getConfigList("webseal.users");
+ for (final Config config : list) {
+ String userId = config.getString("userId");
+ String password = config.getString("password");
+ String firstName = config.getString("firstName");
+ String lastName = config.getString("lastName");
+ String email = config.getString("email");
+ String role = config.getString("role");
+ users.put(userId, new User(firstName, lastName, email, userId, role, password));
+ }
- for (Config conf : list ){
- String userId = conf.getString("userId");
- String password = conf.getString("password");
- String firstName = conf.getString("firstName");
- String lastName = conf.getString("lastName");
- String email = conf.getString("email");
- String role = conf.getString("role");
- users.put(userId,new User(firstName,lastName,email,userId,role,password));
- }
-
- }catch(Exception e){
- e.printStackTrace();
- }
- }
-
- public static Conf getInstance(){
- return conf;
- }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
- public String getFeHost() {
- return feHost;
- }
+ public static Conf getInstance() {
+ return conf;
+ }
- public void setFeHost(String feHost) {
- this.feHost = feHost;
- }
-
- public Map<String,User> getUsers() {
- return users;
- }
-
}
diff --git a/utils/webseal-simulator/src/main/webapp/WEB-INF/web.xml b/utils/webseal-simulator/src/main/webapp/WEB-INF/web.xml
index a293d3c883..c23e265aae 100644
--- a/utils/webseal-simulator/src/main/webapp/WEB-INF/web.xml
+++ b/utils/webseal-simulator/src/main/webapp/WEB-INF/web.xml
@@ -38,9 +38,18 @@
<url-pattern>/create</url-pattern>
</servlet-mapping>
+ <filter>
+ <filter-name>contentSecurityPolicyHeaderFilter</filter-name>
+ <filter-class>org.openecomp.sdc.webseal.simulator.ContentSecurityPolicyHeaderFilter</filter-class>
+ <async-supported>true</async-supported>
+ </filter>
+ <filter-mapping>
+ <filter-name>contentSecurityPolicyHeaderFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+
<welcome-file-list>
<welcome-file>login</welcome-file>
</welcome-file-list>
</web-app>
-