Fix high-severity bug 'application exposed to path traversal attack'

[sdc.git] / openecomp-be / api / openecomp-sdc-rest-webapp / onboarding-rest-war / src / main / webapp / WEB-INF / web.xml

diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml
index b98ae4e..3cbfb13 100644 (file)
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml
@@ -1,8 +1,8 @@
 <web-app
-        xmlns="http://java.sun.com/xml/ns/javaee"
-        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
-        version="3.0">
+    xmlns="http://java.sun.com/xml/ns/javaee"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+    version="3.0">
 
 
     <!-- Spring -->
@@ -13,10 +13,13 @@
 
     <context-param>
         <param-name>org.togglz.core.manager.TogglzConfig</param-name>
-        <param-value>org.openecomp.sdc.common.togglz.TogglzConfiguration</param-value>
+        <param-value>org.openecomp.sdc.be.togglz.TogglzConfiguration</param-value>
     </context-param>
 
-
+    <context-param>
+        <param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name>
+        <param-value>false</param-value>
+    </context-param>
 
     <listener>
         <listener-class>org.openecomp.server.listeners.OnboardingAppStartupListener</listener-class>
@@ -52,6 +55,19 @@
         </init-param>
     </filter>
 
+    <filter>
+        <filter-name>RestrictionAccessFilter</filter-name>
+        <filter-class>org.openecomp.server.filters.RestrictionAccessFilter</filter-class>
+        <async-supported>true</async-supported>
+    </filter>
+    <filter-mapping>
+        <filter-name>RestrictionAccessFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+    <filter>
+        <filter-name>BasicAuth</filter-name>
+        <filter-class>org.openecomp.server.filters.BasicAuthenticationFilter</filter-class>
+    </filter>
     <filter>
         <filter-name>AuthN</filter-name>
         <filter-class>org.openecomp.server.filters.ActionAuthenticationFilter</filter-class>
@@ -64,6 +80,10 @@
         <filter-name>cross-origin</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
+    <filter-mapping>
+        <filter-name>BasicAuth</filter-name>
+        <url-pattern>/1.0/*</url-pattern>
+    </filter-mapping>
     <filter-mapping>
         <filter-name>AuthN</filter-name>
         <url-pattern>/workflow/v1.0/actions/*</url-pattern>