Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 116 lines (96 sloc) 3.99 kb
9e52c64 first commit
meri authored
1 <!DOCTYPE web-app PUBLIC
2 "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
3 "http://java.sun.com/dtd/web-app_2_3.dtd" >
4
85434cd Storing user names, passwords, roles and permissions in database.
meri authored
5 <web-app id="SimpleShiroSecuredApplication">
9e52c64 first commit
meri authored
6 <display-name>Simple Secure Application</display-name>
7
8 <!-- ==== Servlets ================================================================== -->
9 <servlet>
2d452c3 Unsecured application almost ready.
meri authored
10 <servlet-name>PerformFunctionAndGoBackServlet</servlet-name>
11 <servlet-class>org.meri.simpleshirosecuredapplication.servlet.PerformFunctionAndGoBackServlet</servlet-class>
9e52c64 first commit
meri authored
12 <load-on-startup>1</load-on-startup>
13 </servlet>
14
e456b65 Added edit personal account page so we can sanitize it later.
meri authored
15 <servlet>
16 <servlet-name>AccountPageServlet</servlet-name>
17 <servlet-class>org.meri.simpleshirosecuredapplication.servlet.AccountPageServlet</servlet-class>
18 <load-on-startup>1</load-on-startup>
19 </servlet>
9e52c64 first commit
meri authored
20 <!-- ==== Servlets Mapping ========================================================== -->
2d452c3 Unsecured application almost ready.
meri authored
21 <servlet-mapping>
22 <servlet-name>PerformFunctionAndGoBackServlet</servlet-name>
23 <url-pattern>/simpleshirosecuredapplication/masterservlet</url-pattern>
24 </servlet-mapping>
25
e456b65 Added edit personal account page so we can sanitize it later.
meri authored
26 <servlet-mapping>
27 <servlet-name>AccountPageServlet</servlet-name>
28 <url-pattern>/simpleshirosecuredapplication/accountpageservlet</url-pattern>
29 </servlet-mapping>
30
2d452c3 Unsecured application almost ready.
meri authored
31 <welcome-file-list>
32 <welcome-file>index.jsp</welcome-file>
33 </welcome-file-list>
9e52c64 first commit
meri authored
34
ec89bac Adding static users and passwords. Adding login page and forcing it to
meri authored
35 <!-- ==== Security ================================================================== -->
1dad3d9 integration with AppSensor
meri authored
36 <filter>
37 <filter-name>ShiroAppSensorIntegrationFilter</filter-name>
38 <filter-class>org.meri.simpleshirosecuredapplication.intrusiondetection.integration.ShiroAppSensorIntegrationFilter</filter-class>
39 </filter>
40
41 <filter-mapping>
42 <filter-name>ShiroAppSensorIntegrationFilter</filter-name>
43 <url-pattern>/*</url-pattern>
44 </filter-mapping>
ec89bac Adding static users and passwords. Adding login page and forcing it to
meri authored
45
46 <filter>
47 <filter-name>ShiroFilter</filter-name>
48 <filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class>
49 <init-param>
50 <param-name>configPath</param-name>
51 <param-value>classpath:Shiro.ini</param-value>
52 </init-param>
53 </filter>
54
55 <filter-mapping>
56 <filter-name>ShiroFilter</filter-name>
57 <url-pattern>/*</url-pattern>
58 </filter-mapping>
59
d20c2ab Enabling disable component response actions.
meri authored
60 <filter>
61 <filter-name>AppSensorBlockComponent</filter-name>
62 <filter-class>org.owasp.appsensor.filters.AppSensorRequestBlockingFilter</filter-class>
63 <init-param>
64 <param-name>redirectURL</param-name>
65 <param-value>/simpleshirosecuredapplication/account/accessdenied.jsp</param-value>
66 </init-param>
67 </filter>
68
69 <filter-mapping>
70 <filter-name>AppSensorBlockComponent</filter-name>
71 <url-pattern>/*</url-pattern>
72 </filter-mapping>
73
74 <filter>
75 <filter-name>IpChangedDetectionPoint</filter-name>
76 <filter-class>org.owasp.appsensor.filters.IpAddressChangeDetectionFilter</filter-class>
77 </filter>
78
79 <filter-mapping>
80 <filter-name>IpChangedDetectionPoint</filter-name>
81 <url-pattern>/*</url-pattern>
82 </filter-mapping>
83
84 <!-- ==== Initialize Database on Startup ========================================================== -->
85
86 <!-- reference to data source -->
87 <resource-ref>
88 <description>Derby Connection</description>
89 <res-ref-name>jdbc/SimpleShiroSecuredApplicationDB</res-ref-name>
90 <res-type>javax.sql.DataSource</res-type>
91 <res-auth>Container</res-auth>
92 </resource-ref>
93
94 <!-- liquibase configuration -->
95 <context-param>
96 <param-name>liquibase.changelog</param-name>
97 <param-value>src/main/resources/db.changelog.xml</param-value>
98 </context-param>
99
100 <context-param>
101 <param-name>liquibase.datasource</param-name>
102 <param-value>jdbc/SimpleShiroSecuredApplicationDB</param-value>
103 </context-param>
104
105 <!-- liquibase sevlet listener to check database on start up and apply new
106 changes if needed -->
107 <listener>
108 <listener-class>liquibase.integration.servlet.LiquibaseServletListener</listener-class>
109 </listener>
110
111 <persistence-unit-ref>
112 <persistence-unit-ref-name>persistence/SimpleShiroSecuredApplicationPU</persistence-unit-ref-name>
113 <persistence-unit-name>SimpleShiroSecuredApplicationPU</persistence-unit-name>
114 </persistence-unit-ref>
9e52c64 first commit
meri authored
115 </web-app>
Something went wrong with that request. Please try again.