Fix security risk 'Improper Input Validation'

[sdc.git] / openecomp-be / api / openecomp-sdc-rest-webapp / onboarding-rest-war / src / main / webapp / WEB-INF / web.xml

diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml
index eb8bd9e..31400f8 100644 (file)
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml
@@ -24,9 +24,19 @@
         <listener-class>org.openecomp.server.listeners.OnboardingAppStartupListener</listener-class>
     </listener>
 
+    <filter>
+        <filter-name>dataValidatorFilter</filter-name>
+        <filter-class>org.openecomp.sdc.common.filters.DataValidatorFilter</filter-class>
+    </filter>
+    <filter-mapping>
+        <filter-name>dataValidatorFilter</filter-name>
+        <url-pattern>/v1.0/*</url-pattern>
+    </filter-mapping>
+
     <filter>
         <filter-name>contentSecurityPolicyHeaderFilter</filter-name>
-        <filter-class>org.openecomp.sdc.common.filters.ContentSecurityPolicyHeaderFilter</filter-class>
+        <filter-class>org.openecomp.sdc.common.filters.ContentSecurityPolicyHeaderFilter
+        </filter-class>
         <async-supported>true</async-supported>
     </filter>
     <filter-mapping>
@@ -41,9 +51,6 @@
     <filter-mapping>
         <filter-name>PermissionsFilter</filter-name>
         <url-pattern>/v1.0/vendor-license-models/*</url-pattern>
-    </filter-mapping>
-    <filter-mapping>
-        <filter-name>PermissionsFilter</filter-name>
         <url-pattern>/v1.0/vendor-software-products/*</url-pattern>
     </filter-mapping>
 
@@ -63,6 +70,10 @@
             <param-value>*</param-value>
         </init-param>
     </filter>
+    <filter-mapping>
+        <filter-name>cross-origin</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <filter>
         <filter-name>RestrictionAccessFilter</filter-name>
@@ -73,34 +84,34 @@
         <filter-name>RestrictionAccessFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+
     <filter>
         <filter-name>BasicAuth</filter-name>
         <filter-class>org.openecomp.server.filters.BasicAuthenticationFilter</filter-class>
     </filter>
-    <filter>
-        <filter-name>AuthN</filter-name>
-        <filter-class>org.openecomp.server.filters.ActionAuthenticationFilter</filter-class>
-    </filter>
-    <filter>
-        <filter-name>AuthZ</filter-name>
-        <filter-class>org.openecomp.server.filters.ActionAuthorizationFilter</filter-class>
-    </filter>
-    <filter-mapping>
-        <filter-name>cross-origin</filter-name>
-        <url-pattern>/*</url-pattern>
-    </filter-mapping>
     <filter-mapping>
         <filter-name>BasicAuth</filter-name>
         <url-pattern>/1.0/*</url-pattern>
     </filter-mapping>
+
+    <filter>
+        <filter-name>AuthN</filter-name>
+        <filter-class>org.openecomp.server.filters.ActionAuthenticationFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>AuthN</filter-name>
         <url-pattern>/workflow/v1.0/actions/*</url-pattern>
     </filter-mapping>
+
+    <filter>
+        <filter-name>AuthZ</filter-name>
+        <filter-class>org.openecomp.server.filters.ActionAuthorizationFilter</filter-class>
+    </filter>
     <filter-mapping>
         <filter-name>AuthZ</filter-name>
         <url-pattern>/workflow/v1.0/actions/*</url-pattern>
     </filter-mapping>
+
     <filter>
         <filter-name>SessionContextFilter</filter-name>
         <filter-class>org.openecomp.server.filters.OnboardingSessionContextFilter</filter-class>
@@ -109,6 +120,7 @@
         <filter-name>SessionContextFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+
     <!-- Spring WS Mapping -->
     <servlet>
         <servlet-name>spring-mapper</servlet-name>
@@ -117,6 +129,10 @@
         </servlet-class>
         <load-on-startup>1</load-on-startup>
     </servlet>
+    <servlet-mapping>
+        <servlet-name>spring-mapper</servlet-name>
+        <url-pattern>/ws/*</url-pattern>
+    </servlet-mapping>
     <!-- CXF -->
     <servlet>
         <servlet-name>CXFServlet</servlet-name>
@@ -141,10 +157,6 @@
         </init-param>
         <load-on-startup>1</load-on-startup>
     </servlet>
-    <servlet-mapping>
-        <servlet-name>spring-mapper</servlet-name>
-        <url-pattern>/ws/*</url-pattern>
-    </servlet-mapping>
     <servlet-mapping>
         <servlet-name>CXFServlet</servlet-name>
         <url-pattern>/*</url-pattern>