From 0899720f168c09d037e577109d7cab665fe1fb91 Mon Sep 17 00:00:00 2001 From: vasraz Date: Tue, 4 Oct 2022 18:16:26 +0100 Subject: Fix bug 'X-Frame-Options not configured: Lack of clickjacking protection' Add new Filter (ContentSecurityPolicyHeaderFilter) Signed-off-by: Vasyl Razinkov Change-Id: Ic8151df64e4b95b3d59b44a5f74dd12210f55e87 Issue-ID: SDC-4192 --- utils/webseal-simulator/pom.xml | 12 +++ .../recipes/SDC_Simulator_2_setup_configuration.rb | 4 +- .../default/SDC-Simulator-webseal.conf.erb | 4 +- .../ContentSecurityPolicyHeaderFilter.java | 32 +++++++ .../openecomp/sdc/webseal/simulator/conf/Conf.java | 100 +++++++++------------ .../src/main/webapp/WEB-INF/web.xml | 11 ++- 6 files changed, 101 insertions(+), 62 deletions(-) create mode 100644 utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/ContentSecurityPolicyHeaderFilter.java (limited to 'utils/webseal-simulator') diff --git a/utils/webseal-simulator/pom.xml b/utils/webseal-simulator/pom.xml index 9aba026299..8b2fa980a8 100644 --- a/utils/webseal-simulator/pom.xml +++ b/utils/webseal-simulator/pom.xml @@ -22,6 +22,18 @@ + + org.openecomp.sdc + common-app-api + ${project.version} + compile + + + org.apache.httpcomponents + httpcore + + + javax.servlet javax.servlet-api diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb index 3769a1f723..9ee166364c 100644 --- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb +++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/recipes/SDC_Simulator_2_setup_configuration.rb @@ -6,7 +6,6 @@ else fe_url="http://#{node['Nodes']['FE']}:#{node['FE'][:http_port]}" end - template "webseal.conf" do path "#{ENV['JETTY_BASE']}/config/sdc-simulator/webseal.conf" source "SDC-Simulator-webseal.conf.erb" @@ -14,6 +13,7 @@ template "webseal.conf" do group "#{ENV['JETTY_GROUP']}" mode "0755" variables({ - :fe_url =>"#{fe_url}" + :fe_url =>"#{fe_url}", + :permittedAncestors => "#{ENV['permittedAncestors']}" }) end diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb index f6e634481f..f72c3ae270 100644 --- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb +++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb @@ -2,6 +2,8 @@ webseal { fe="<%= @fe_url %>" portalCookieName="EPService" + #Space separated list of permitted ancestors + permittedAncestors="<%= @permittedAncestors %>" users = [ { userId="cs0008" @@ -9,7 +11,7 @@ firstName="Carlos" lastName="Santana" role="Designer" - email="csantana@sdc.com" + email="csantana@sdc.com" }, { userId="jh0003" diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/ContentSecurityPolicyHeaderFilter.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/ContentSecurityPolicyHeaderFilter.java new file mode 100644 index 0000000000..ed4b4c1c39 --- /dev/null +++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/ContentSecurityPolicyHeaderFilter.java @@ -0,0 +1,32 @@ +/* + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2022 Nordix Foundation. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.webseal.simulator; + +import org.openecomp.sdc.common.filters.ContentSecurityPolicyHeaderFilterAbstract; +import org.openecomp.sdc.webseal.simulator.conf.Conf; + +public class ContentSecurityPolicyHeaderFilter extends ContentSecurityPolicyHeaderFilterAbstract { + + @Override + protected String getPermittedAncestors() { + return Conf.getInstance().getPermittedAncestors(); + } +} diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/conf/Conf.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/conf/Conf.java index 449fe62f49..eb498c975e 100644 --- a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/conf/Conf.java +++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/conf/Conf.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -22,75 +22,59 @@ package org.openecomp.sdc.webseal.simulator.conf; import com.typesafe.config.Config; import com.typesafe.config.ConfigFactory; -import org.openecomp.sdc.webseal.simulator.User; - import java.io.File; import java.util.HashMap; import java.util.List; import java.util.Map; +import lombok.Getter; +import lombok.Setter; +import org.openecomp.sdc.webseal.simulator.User; +@Getter +@Setter public class Conf { - private static Conf conf = new Conf(); - private String feHost; - private Map users = new HashMap(); + private static Conf conf = new Conf(); + private String feHost; + private Map users = new HashMap(); private String portalCookieName; + private String permittedAncestors; // Space separated list of permitted ancestors - private void setPortalCookieName(String portalCookieName) { - this.portalCookieName = portalCookieName; + private Conf() { + initConf(); } - public String getPortalCookieName() { - return portalCookieName; - } + private void initConf() { + try { + String confPath = System.getProperty("config.resource"); + if (confPath == null) { + System.out.println("config.resource is empty - goint to get it from config.home"); + confPath = System.getProperty("config.home") + "/webseal.conf"; + } + System.out.println("confPath=" + confPath); + final Config confFile = ConfigFactory.parseFileAnySyntax(new File(confPath)); + final Config resolve = confFile.resolve(); + setFeHost(resolve.getString("webseal.fe")); + setPortalCookieName(resolve.getString("webseal.portalCookieName")); + final List list = resolve.getConfigList("webseal.users"); - private Conf(){ - initConf(); - } - - private void initConf() { - try{ - String confPath = System.getProperty("config.resource"); - if (confPath == null){ - System.out.println("config.resource is empty - goint to get it from config.home"); - confPath = System.getProperty("config.home") + "/webseal.conf"; - } - System.out.println("confPath=" + confPath ); - Config confFile = ConfigFactory.parseFileAnySyntax(new File(confPath)); - Config resolve = confFile.resolve(); - setFeHost(resolve.getString("webseal.fe")); - setPortalCookieName(resolve.getString("webseal.portalCookieName")); - List list = resolve.getConfigList("webseal.users"); + for (final Config config : list) { + String userId = config.getString("userId"); + String password = config.getString("password"); + String firstName = config.getString("firstName"); + String lastName = config.getString("lastName"); + String email = config.getString("email"); + String role = config.getString("role"); + users.put(userId, new User(firstName, lastName, email, userId, role, password)); + } - for (Config conf : list ){ - String userId = conf.getString("userId"); - String password = conf.getString("password"); - String firstName = conf.getString("firstName"); - String lastName = conf.getString("lastName"); - String email = conf.getString("email"); - String role = conf.getString("role"); - users.put(userId,new User(firstName,lastName,email,userId,role,password)); - } - - }catch(Exception e){ - e.printStackTrace(); - } - } - - public static Conf getInstance(){ - return conf; - } + } catch (Exception e) { + e.printStackTrace(); + } + } - public String getFeHost() { - return feHost; - } + public static Conf getInstance() { + return conf; + } - public void setFeHost(String feHost) { - this.feHost = feHost; - } - - public Map getUsers() { - return users; - } - } diff --git a/utils/webseal-simulator/src/main/webapp/WEB-INF/web.xml b/utils/webseal-simulator/src/main/webapp/WEB-INF/web.xml index a293d3c883..c23e265aae 100644 --- a/utils/webseal-simulator/src/main/webapp/WEB-INF/web.xml +++ b/utils/webseal-simulator/src/main/webapp/WEB-INF/web.xml @@ -38,9 +38,18 @@ /create + + contentSecurityPolicyHeaderFilter + org.openecomp.sdc.webseal.simulator.ContentSecurityPolicyHeaderFilter + true + + + contentSecurityPolicyHeaderFilter + /* + + login - -- cgit 1.2.3-korg