Fix security risk 'Improper Input Validation'

[sdc.git] / catalog-be / src / main / webapp / WEB-INF / web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0">

    <servlet>
        <servlet-name>jersey</servlet-name>
        <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
        <init-param>
            <param-name>jersey.config.server.provider.packages</param-name>
            <param-value>
                io.swagger.v3.jaxrs2.integration.resources,
                org.openecomp.sdc.be.servlets
            </param-value>
        </init-param>
        <init-param>
            <param-name>jersey.config.server.provider.classnames</param-name>
            <param-value>
                org.glassfish.jersey.media.multipart.MultiPartFeature,
                org.openecomp.sdc.be.filters.BasicAuthenticationFilter,
                org.openecomp.sdc.be.filters.BeServletFilter,
                org.openecomp.sdc.be.filters.DataValidatorFilter,
                org.openecomp.sdc.be.filters.ComponentsAvailabilityFilter,
                org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature,
                org.openecomp.sdc.be.servlets.exception.DefaultExceptionMapper,
                org.openecomp.sdc.be.servlets.exception.ComponentExceptionMapper,
                org.openecomp.sdc.be.servlets.exception.ConstraintViolationExceptionMapper,
                org.openecomp.sdc.be.servlets.exception.StorageExceptionMapper,
                org.openecomp.sdc.be.view.MixinModelWriter,
                org.openecomp.sdc.config.ObjectMapperProvider
            </param-value>
        </init-param>
        <init-param>
            <param-name>exclude_url_endpoints</param-name>
            <param-value>/api/v3/analytics,/api/v3/storeAnalytics</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>

    </servlet>

    <servlet-mapping>
        <servlet-name>jersey</servlet-name>
        <url-pattern>/sdc2/rest/*</url-pattern>
    </servlet-mapping>

    <servlet>
        <servlet-name>jerseyDistribution</servlet-name>
        <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
        <init-param>
            <param-name>jersey.config.server.provider.packages</param-name>
            <param-value>
                io.swagger.v3.jaxrs2.integration.resources,
                org.openecomp.sdc.be.distribution.servlet,
                org.openecomp.sdc.be.externalapi.servlet
            </param-value>
        </init-param>
        <init-param>
            <param-name>jersey.config.server.provider.classnames</param-name>
            <param-value>
                org.glassfish.jersey.media.multipart.MultiPartFeature,
                org.openecomp.sdc.be.filters.BeServletFilter,
                org.openecomp.sdc.be.filters.DataValidatorFilter,
                org.openecomp.sdc.be.filters.ComponentsAvailabilityFilter,
                org.openecomp.sdc.be.servlets.exception.DefaultExceptionMapper,
                org.openecomp.sdc.be.servlets.exception.ComponentExceptionMapper,
                org.openecomp.sdc.be.servlets.exception.StorageExceptionMapper,
                org.openecomp.sdc.be.filters.BasicAuthenticationFilter
            </param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
        <async-supported>true</async-supported>
    </servlet>

    <servlet-mapping>
        <servlet-name>jerseyDistribution</servlet-name>
        <url-pattern>/sdc/*</url-pattern>
    </servlet-mapping>

    <!-- ECOMP Portal -->
    <servlet>
        <servlet-name>ECOMPServlet</servlet-name>
        <servlet-class>org.onap.portalsdk.core.onboarding.crossapi.PortalRestAPIProxy
        </servlet-class>
        <load-on-startup>3</load-on-startup>
        <async-supported>true</async-supported>
    </servlet>

    <servlet>
        <servlet-name>ViewStatusMessages</servlet-name>
        <servlet-class>ch.qos.logback.classic.ViewStatusMessagesServlet</servlet-class>
        <async-supported>true</async-supported>
    </servlet>

    <servlet>
        <servlet-name>TogglzConsoleServlet</servlet-name>
        <servlet-class>org.togglz.console.TogglzConsoleServlet</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>TogglzConsoleServlet</servlet-name>
        <url-pattern>/catalog/togglz/*</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>ViewStatusMessages</servlet-name>
        <url-pattern>/lbClassicStatus</url-pattern>
    </servlet-mapping>

    <filter>
        <filter-name>contentSecurityPolicyHeaderFilter</filter-name>
        <filter-class>org.openecomp.sdc.be.filters.ContentSecurityPolicyHeaderFilter</filter-class>
        <async-supported>true</async-supported>
    </filter>
    <filter-mapping>
        <filter-name>contentSecurityPolicyHeaderFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>gatewayFilter</filter-name>
        <filter-class>
            org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
        <init-param>
            <param-name>targetFilterLifecycle</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>gatewayFilter</filter-name>
        <url-pattern>/sdc2/rest/*</url-pattern>
        <url-pattern>/sdc/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>reqValidationFilter</filter-name>
        <filter-class>
            org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
        <init-param>
            <param-name>targetFilterLifecycle</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>reqValidationFilter</filter-name>
        <url-pattern>/sdc2/rest/*</url-pattern>
        <url-pattern>/sdc/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>dataValidatorFilter</filter-name>
        <filter-class>
            org.openecomp.sdc.be.filters.DataValidatorFilter
        </filter-class>
    </filter>
    <filter-mapping>
        <filter-name>dataValidatorFilter</filter-name>
        <url-pattern>/sdc2/rest/*</url-pattern>
        <url-pattern>/sdc/*</url-pattern>
    </filter-mapping>

    <error-page>
        <exception-type>java.lang.RuntimeException</exception-type>
        <location>/sdc2/rest/v1/catalog/handleException/</location>
    </error-page>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:application-context.xml</param-value>
    </context-param>

    <context-param>
        <param-name>org.togglz.core.manager.TogglzConfig</param-name>
        <param-value>org.openecomp.sdc.be.togglz.TogglzConfiguration</param-value>
    </context-param>

    <context-param>
        <param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name>
        <param-value>false</param-value>
    </context-param>

    <listener>
        <listener-class>org.openecomp.sdc.be.listen.BEAppContextListener</listener-class>
    </listener>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <welcome-file-list>
        <welcome-file>swagger-ui/index.html</welcome-file>
    </welcome-file-list>
</web-app>