ui/src/main/webapp/WEB-INF/web.xml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2 <!-- Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
   3     Licensed under the Apache License, Version 2.0 (the "License"); you may not
   4     use this file except in compliance with the License. You may obtain a copy
   5     of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
   6     by applicable law or agreed to in writing, software distributed under the
   7     License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
   8     OF ANY KIND, either express or implied. See the License for the specific
   9     language governing permissions and limitations under the License. -->
  10 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  11     xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee"
  12     xmlns:web="http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
  13     version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee">
  14
  15     <display-name>bluvalui</display-name>
  16
  17     <!-- The app can function on a HA cluster -->
  18     <distributable />
  19
  20     <session-config>
  21         <session-timeout>30</session-timeout>
  22         <tracking-mode>COOKIE</tracking-mode>
  23         <cookie-config>
  24             <http-only>true</http-only>
  25             <secure>true</secure>
  26         </cookie-config>
  27     </session-config>
  28     <filter>
  29         <filter-name>SecurityXssFilter</filter-name>
  30         <filter-class>org.akraino.validation.ui.filter.SecurityXssFilter
  31         </filter-class>
  32     </filter>
  33     <filter-mapping>
  34         <filter-name>SecurityXssFilter</filter-name>
  35         <url-pattern>/*</url-pattern>
  36     </filter-mapping>
  37     <filter>
  38         <filter-name>springSessionRepositoryFilter</filter-name>
  39         <filter-class>org.onap.portalapp.music.filter.MusicSessionRepositoryFilter
  40         </filter-class>
  41     </filter>
  42     <filter-mapping>
  43         <filter-name>springSessionRepositoryFilter</filter-name>
  44         <url-pattern>/*</url-pattern>
  45         <dispatcher>REQUEST</dispatcher>
  46         <dispatcher>ERROR</dispatcher>
  47     </filter-mapping>
  48     <error-page>
  49         <location>/WEB-INF/jsp/error.jsp</location>
  50     </error-page>
  51
  52      <!-- Require HTTPS for everything except /img (favicon) and /css. -->
  53     <security-constraint>
  54         <web-resource-collection>
  55             <web-resource-name>HTTPSOnly</web-resource-name>
  56             <url-pattern>/*</url-pattern>
  57         </web-resource-collection>
  58         <user-data-constraint>
  59             <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  60         </user-data-constraint>
  61     </security-constraint>
  62     <security-constraint>
  63         <web-resource-collection>
  64             <web-resource-name>HTTPSOrHTTP</web-resource-name>
  65             <url-pattern>*.ico</url-pattern>
  66             <url-pattern>/img/*</url-pattern>
  67             <url-pattern>/css/*</url-pattern>
  68         </web-resource-collection>
  69         <user-data-constraint>
  70             <transport-guarantee>NONE</transport-guarantee>
  71         </user-data-constraint>
  72     </security-constraint>
  73
  74 </web-app>