Fix security risk 'Improper Input Validation'

[sdc.git] / openecomp-be / api / openecomp-sdc-rest-webapp / onboarding-rest-war / src / main / webapp / WEB-INF / web.xml

<web-app
    xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0">

    <!-- Spring -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>WEB-INF/beans-services.xml</param-value>
    </context-param>

    <context-param>
        <param-name>org.togglz.core.manager.TogglzConfig</param-name>
        <param-value>org.openecomp.sdc.be.togglz.TogglzConfiguration</param-value>
    </context-param>

    <context-param>
        <param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name>
        <param-value>false</param-value>
    </context-param>

    <listener>
        <listener-class>org.openecomp.server.listeners.OnboardingAppStartupListener</listener-class>
    </listener>

    <filter>
        <filter-name>dataValidatorFilter</filter-name>
        <filter-class>org.openecomp.sdc.common.filters.DataValidatorFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>dataValidatorFilter</filter-name>
        <url-pattern>/v1.0/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>contentSecurityPolicyHeaderFilter</filter-name>
        <filter-class>org.openecomp.sdc.common.filters.ContentSecurityPolicyHeaderFilter
        </filter-class>
        <async-supported>true</async-supported>
    </filter>
    <filter-mapping>
        <filter-name>contentSecurityPolicyHeaderFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>PermissionsFilter</filter-name>
        <filter-class>org.openecomp.sdc.itempermissions.servlet.PermissionsFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>PermissionsFilter</filter-name>
        <url-pattern>/v1.0/vendor-license-models/*</url-pattern>
        <url-pattern>/v1.0/vendor-software-products/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>cross-origin</filter-name>
        <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
        <init-param>
            <param-name>allowedOrigins</param-name>
            <param-value>*</param-value>
        </init-param>
        <init-param>
            <param-name>allowedMethods</param-name>
            <param-value>*</param-value>
        </init-param>
        <init-param>
            <param-name>allowedHeaders</param-name>
            <param-value>*</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>cross-origin</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>RestrictionAccessFilter</filter-name>
        <filter-class>org.openecomp.server.filters.RestrictionAccessFilter</filter-class>
        <async-supported>true</async-supported>
    </filter>
    <filter-mapping>
        <filter-name>RestrictionAccessFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>BasicAuth</filter-name>
        <filter-class>org.openecomp.server.filters.BasicAuthenticationFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>BasicAuth</filter-name>
        <url-pattern>/1.0/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>AuthN</filter-name>
        <filter-class>org.openecomp.server.filters.ActionAuthenticationFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>AuthN</filter-name>
        <url-pattern>/workflow/v1.0/actions/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>AuthZ</filter-name>
        <filter-class>org.openecomp.server.filters.ActionAuthorizationFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>AuthZ</filter-name>
        <url-pattern>/workflow/v1.0/actions/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>SessionContextFilter</filter-name>
        <filter-class>org.openecomp.server.filters.OnboardingSessionContextFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>SessionContextFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <!-- Spring WS Mapping -->
    <servlet>
        <servlet-name>spring-mapper</servlet-name>
        <servlet-class>
            org.springframework.web.servlet.DispatcherServlet
        </servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>spring-mapper</servlet-name>
        <url-pattern>/ws/*</url-pattern>
    </servlet-mapping>
    <!-- CXF -->
    <servlet>
        <servlet-name>CXFServlet</servlet-name>
        <servlet-class>
            org.apache.cxf.transport.servlet.CXFServlet
        </servlet-class>
        <init-param>
            <param-name>redirects-list</param-name>
            <param-value>
                /docs/(\S)+\.json
            </param-value>
        </init-param>
        <init-param>
            <param-name>redirect-attributes</param-name>
            <param-value>
                javax.servlet.include.request_uri
            </param-value>
        </init-param>
        <init-param>
            <param-name>redirect-servlet-name</param-name>
            <param-value>default</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>CXFServlet</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>

</web-app>