1 <?xml version="1.0" encoding="UTF-8"?>
2 <!-- Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
3 Licensed under the Apache License, Version 2.0 (the "License"); you may not
4 use this file except in compliance with the License. You may obtain a copy
5 of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
6 by applicable law or agreed to in writing, software distributed under the
7 License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
8 OF ANY KIND, either express or implied. See the License for the specific
9 language governing permissions and limitations under the License. -->
10 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
11 xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee"
12 xmlns:web="http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
13 version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee">
15 <display-name>bluvalui</display-name>
17 <!-- The app can function on a HA cluster -->
21 <session-timeout>30</session-timeout>
22 <tracking-mode>COOKIE</tracking-mode>
24 <http-only>true</http-only>
29 <filter-name>SecurityXssFilter</filter-name>
30 <filter-class>org.akraino.validation.ui.filter.SecurityXssFilter
34 <filter-name>SecurityXssFilter</filter-name>
35 <url-pattern>/*</url-pattern>
38 <filter-name>springSessionRepositoryFilter</filter-name>
39 <filter-class>org.onap.portalapp.music.filter.MusicSessionRepositoryFilter
43 <filter-name>springSessionRepositoryFilter</filter-name>
44 <url-pattern>/*</url-pattern>
45 <dispatcher>REQUEST</dispatcher>
46 <dispatcher>ERROR</dispatcher>
49 <location>/WEB-INF/jsp/error.jsp</location>
52 <!-- Require HTTPS for everything except /img (favicon) and /css. -->
54 <web-resource-collection>
55 <web-resource-name>HTTPSOnly</web-resource-name>
56 <url-pattern>/*</url-pattern>
57 </web-resource-collection>
58 <user-data-constraint>
59 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
60 </user-data-constraint>
61 </security-constraint>
63 <web-resource-collection>
64 <web-resource-name>HTTPSOrHTTP</web-resource-name>
65 <url-pattern>*.ico</url-pattern>
66 <url-pattern>/img/*</url-pattern>
67 <url-pattern>/css/*</url-pattern>
68 </web-resource-collection>
69 <user-data-constraint>
70 <transport-guarantee>NONE</transport-guarantee>
71 </user-data-constraint>
72 </security-constraint>