Code Review / sdc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Fix high-severity bug 'application exposed to path traversal attack'
[sdc.git] / catalog-fe / src / main / webapp / WEB-INF / web.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2 <web-app xmlns="http://java.sun.com/xml/ns/javaee"
3     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
5     version="3.0">
6
7     <servlet>
8         <servlet-name>jersey</servlet-name>
9         <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
10         <init-param>
11             <param-name>jersey.config.server.provider.packages</param-name>
12             <param-value>org.openecomp.sdc.fe.servlets</param-value>
13         </init-param>
14
15         <init-param>
16             <param-name>jersey.config.server.provider.classnames</param-name>
17             <param-value>org.glassfish.jersey.media.multipart.MultiPartFeature</param-value>
18         </init-param>
19         <init-param>
20             <param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
21             <param-value>true</param-value>
22         </init-param>
23         <load-on-startup>1</load-on-startup>
24         <async-supported>true</async-supported>
25     </servlet>
26
27     <servlet-mapping>
28         <servlet-name>jersey</servlet-name>
29         <url-pattern>/rest/*</url-pattern>
30     </servlet-mapping>
31
32     <servlet>
33         <servlet-name>ViewStatusMessages</servlet-name>
34         <servlet-class>ch.qos.logback.classic.ViewStatusMessagesServlet</servlet-class>
35         <async-supported>true</async-supported>
36     </servlet>
37
38     <servlet-mapping>
39         <servlet-name>ViewStatusMessages</servlet-name>
40         <url-pattern>/lbClassicStatus</url-pattern>
41     </servlet-mapping>
42
43     <!-- Fe Proxy Servlet -->
44     <servlet>
45         <servlet-name>FeProxy</servlet-name>
46         <servlet-class>org.openecomp.sdc.fe.servlets.FeProxyServlet</servlet-class>
47
48         <load-on-startup>1</load-on-startup>
49         <async-supported>true</async-supported>
50
51
52     </servlet>
53
54     <servlet-mapping>
55         <servlet-name>FeProxy</servlet-name>
56         <url-pattern>/feProxy/*</url-pattern>
57     </servlet-mapping>
58
59     <servlet>
60         <servlet-name>Portal</servlet-name>
61         <servlet-class>org.openecomp.sdc.fe.servlets.PortalServlet</servlet-class>
62         <async-supported>true</async-supported>
63     </servlet>
64
65     <servlet-mapping>
66         <servlet-name>Portal</servlet-name>
67         <url-pattern>/portal</url-pattern>
68     </servlet-mapping>
69
70     <context-param>
71         <param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name>
72         <param-value>false</param-value>
73     </context-param>
74
75
76     <filter>
77         <filter-name>AuditLogServletFilter</filter-name>
78         <filter-class>org.onap.logging.filter.base.AuditLogServletFilter</filter-class>
79         <async-supported>true</async-supported>
80     </filter>
81
82     <!--        <filter>-->
83     <!--                <filter-name>SecurityFilter</filter-name>-->
84     <!--                <filter-class>org.openecomp.sdc.fe.filters.SecurityFilter</filter-class>-->
85     <!--        <async-supported>true</async-supported>-->
86     <!--        <init-param>-->
87     <!--            <param-name>excludedUrls</param-name>-->
88     <!--            &lt;!&ndash; Comma separated list of excluded servlet URLs  &ndash;&gt;-->
89     <!--            <param-value>/config,/configmgr,/rest</param-value>-->
90     <!--        </init-param>-->
91     <!--        </filter>-->
92
93     <filter>
94         <filter-name>gzipFilter</filter-name>
95         <filter-class>org.openecomp.sdc.fe.filters.GzipFilter</filter-class>
96         <async-supported>true</async-supported>
97     </filter>
98
99     <filter-mapping>
100         <filter-name>AuditLogServletFilter</filter-name>
101         <url-pattern>/*</url-pattern>
102     </filter-mapping>
103
104     <!--        <filter-mapping>-->
105     <!--                <filter-name>SecurityFilter</filter-name>-->
106     <!--                <url-pattern>/*</url-pattern>-->
107     <!--    </filter-mapping>-->
108
109     <filter-mapping>
110         <filter-name>gzipFilter</filter-name>
111         <url-pattern>*.jsgz</url-pattern>
112     </filter-mapping>
113
114     <listener>
115         <listener-class>org.openecomp.sdc.fe.listen.FEAppContextListener</listener-class>
116     </listener>
117
118     <welcome-file-list>
119         <welcome-file>index.html</welcome-file>
120     </welcome-file-list>
121 </web-app>
SDC Parent Project Catalog FE and BE