Skip to content

Commit

Permalink
BZ(1169544,1169556,1169557,1169559,1169560,1169545,1169566,1169565,11…
Browse files Browse the repository at this point in the history 
…69563,1169562): improvements on security related to file access and servlet restrictions (by role)
  • Loading branch information
@porcelli
porcelli committed Dec 24, 2014
1 parent da3e16f commit 90eed43
Show file tree
Hide file tree
Showing 16 changed files with 675 additions and 19 deletions.
54 changes: 54 additions & 0 deletions kie-drools-wb/kie-drools-wb-distribution-wars/src/main/eap6_1/WEB-INF/web.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,14 @@
<servlet>
<servlet-name>DTableXLSFileServlet</servlet-name>
<servlet-class>org.drools.workbench.screens.dtablexls.backend.server.DecisionTableXLSFileServlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>DTableXLSFileServlet</servlet-name>
Expand All @@ -120,6 +128,14 @@
<servlet>
<servlet-name>ScoreCardFileServlet</servlet-name>
<servlet-class>org.drools.workbench.screens.scorecardxls.backend.server.ScoreCardXLSFileServlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>ScoreCardFileServlet</servlet-name>
Expand All @@ -129,6 +145,14 @@
<servlet>
<servlet-name>UberfireFileUploadServlet</servlet-name>
<servlet-class>org.uberfire.server.FileUploadServlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>UberfireFileUploadServlet</servlet-name>
Expand All @@ -138,6 +162,14 @@
<servlet>
<servlet-name>UberfireFileDownloadServlet</servlet-name>
<servlet-class>org.uberfire.server.FileDownloadServlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>UberfireFileDownloadServlet</servlet-name>
Expand All @@ -147,6 +179,14 @@
<servlet>
<servlet-name>M2Servlet</servlet-name>
<servlet-class>org.guvnor.m2repo.backend.server.M2Servlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>M2Servlet</servlet-name>
Expand Down Expand Up @@ -495,6 +535,20 @@ See http://www.w3.org/TR/SVG/intro.html#MIMEType. -->
<!-- END DESIGNER -->

<!-- security settings -->
<security-constraint>
<web-resource-collection>
<web-resource-name>download</web-resource-name>
<url-pattern>/org.kie.workbench.drools.KIEDroolsWebapp/defaulteditor/upload/*</url-pattern>
<url-pattern>/org.kie.workbench.drools.KIEDroolsWebapp/defaulteditor/download/*</url-pattern>
<url-pattern>/org.kie.workbench.drools.KIEDroolsWebapp/dtablexls/file</url-pattern>
<url-pattern>/org.kie.workbench.drools.KIEDroolsWebapp/scorecardxls/file</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>analyst</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>console</web-resource-name>
Expand Down
54 changes: 54 additions & 0 deletions kie-drools-wb/kie-drools-wb-distribution-wars/src/main/jbossas7/WEB-INF/web.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,14 @@
<servlet>
<servlet-name>DTableXLSFileServlet</servlet-name>
<servlet-class>org.drools.workbench.screens.dtablexls.backend.server.DecisionTableXLSFileServlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>DTableXLSFileServlet</servlet-name>
Expand All @@ -119,6 +127,14 @@
<servlet>
<servlet-name>ScoreCardFileServlet</servlet-name>
<servlet-class>org.drools.workbench.screens.scorecardxls.backend.server.ScoreCardXLSFileServlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>ScoreCardFileServlet</servlet-name>
Expand All @@ -128,6 +144,14 @@
<servlet>
<servlet-name>UberfireFileUploadServlet</servlet-name>
<servlet-class>org.uberfire.server.FileUploadServlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>UberfireFileUploadServlet</servlet-name>
Expand All @@ -137,6 +161,14 @@
<servlet>
<servlet-name>UberfireFileDownloadServlet</servlet-name>
<servlet-class>org.uberfire.server.FileDownloadServlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>UberfireFileDownloadServlet</servlet-name>
Expand All @@ -146,6 +178,14 @@
<servlet>
<servlet-name>M2Servlet</servlet-name>
<servlet-class>org.guvnor.m2repo.backend.server.M2Servlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>M2Servlet</servlet-name>
Expand Down Expand Up @@ -494,6 +534,20 @@ See http://www.w3.org/TR/SVG/intro.html#MIMEType. -->
<!-- END DESIGNER -->

<!-- security settings -->
<security-constraint>
<web-resource-collection>
<web-resource-name>download</web-resource-name>
<url-pattern>/org.kie.workbench.drools.KIEDroolsWebapp/defaulteditor/upload/*</url-pattern>
<url-pattern>/org.kie.workbench.drools.KIEDroolsWebapp/defaulteditor/download/*</url-pattern>
<url-pattern>/org.kie.workbench.drools.KIEDroolsWebapp/dtablexls/file</url-pattern>
<url-pattern>/org.kie.workbench.drools.KIEDroolsWebapp/scorecardxls/file</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>analyst</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>console</web-resource-name>
Expand Down
54 changes: 54 additions & 0 deletions kie-drools-wb/kie-drools-wb-distribution-wars/src/main/tomcat7/WEB-INF/web.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,14 @@
<servlet>
<servlet-name>DTableXLSFileServlet</servlet-name>
<servlet-class>org.drools.workbench.screens.dtablexls.backend.server.DecisionTableXLSFileServlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>DTableXLSFileServlet</servlet-name>
Expand All @@ -152,6 +160,14 @@
<servlet>
<servlet-name>ScoreCardFileServlet</servlet-name>
<servlet-class>org.drools.workbench.screens.scorecardxls.backend.server.ScoreCardXLSFileServlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>ScoreCardFileServlet</servlet-name>
Expand All @@ -161,6 +177,14 @@
<servlet>
<servlet-name>UberfireFileUploadServlet</servlet-name>
<servlet-class>org.uberfire.server.FileUploadServlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>UberfireFileUploadServlet</servlet-name>
Expand All @@ -170,6 +194,14 @@
<servlet>
<servlet-name>UberfireFileDownloadServlet</servlet-name>
<servlet-class>org.uberfire.server.FileDownloadServlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>UberfireFileDownloadServlet</servlet-name>
Expand All @@ -179,6 +211,14 @@
<servlet>
<servlet-name>M2Servlet</servlet-name>
<servlet-class>org.guvnor.m2repo.backend.server.M2Servlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>M2Servlet</servlet-name>
Expand Down Expand Up @@ -539,6 +579,20 @@ See http://www.w3.org/TR/SVG/intro.html#MIMEType. -->
</welcome-file-list>
<!-- TOMCAT-JEE-SECURITY -->
<!--
<security-constraint>
<web-resource-collection>
<web-resource-name>download</web-resource-name>
<url-pattern>/org.kie.workbench.drools.KIEDroolsWebapp/defaulteditor/upload/*</url-pattern>
<url-pattern>/org.kie.workbench.drools.KIEDroolsWebapp/defaulteditor/download/*</url-pattern>
<url-pattern>/org.kie.workbench.drools.KIEDroolsWebapp/dtablexls/file</url-pattern>
<url-pattern>/org.kie.workbench.drools.KIEDroolsWebapp/scorecardxls/file</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>analyst</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>console</web-resource-name>
Expand Down
54 changes: 54 additions & 0 deletions kie-drools-wb/kie-drools-wb-distribution-wars/src/main/was8/WEB-INF/web.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,14 @@
<servlet>
<servlet-name>DTableXLSFileServlet</servlet-name>
<servlet-class>org.drools.workbench.screens.dtablexls.backend.server.DecisionTableXLSFileServlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>DTableXLSFileServlet</servlet-name>
Expand All @@ -112,6 +120,14 @@
<servlet>
<servlet-name>ScoreCardFileServlet</servlet-name>
<servlet-class>org.drools.workbench.screens.scorecardxls.backend.server.ScoreCardXLSFileServlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>ScoreCardFileServlet</servlet-name>
Expand All @@ -121,6 +137,14 @@
<servlet>
<servlet-name>UberfireFileUploadServlet</servlet-name>
<servlet-class>org.uberfire.server.FileUploadServlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>UberfireFileUploadServlet</servlet-name>
Expand All @@ -130,6 +154,14 @@
<servlet>
<servlet-name>UberfireFileDownloadServlet</servlet-name>
<servlet-class>org.uberfire.server.FileDownloadServlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>UberfireFileDownloadServlet</servlet-name>
Expand All @@ -139,6 +171,14 @@
<servlet>
<servlet-name>M2Servlet</servlet-name>
<servlet-class>org.guvnor.m2repo.backend.server.M2Servlet</servlet-class>
<init-param>
<param-name>includes-path</param-name>
<param-value>git://**,default://**</param-value>
</init-param>
<init-param>
<param-name>excludes-path</param-name>
<param-value>file://**</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>M2Servlet</servlet-name>
Expand Down Expand Up @@ -487,6 +527,20 @@ See http://www.w3.org/TR/SVG/intro.html#MIMEType. -->
<!-- END DESIGNER -->

<!-- security settings -->
<security-constraint>
<web-resource-collection>
<web-resource-name>download</web-resource-name>
<url-pattern>/org.kie.workbench.drools.KIEDroolsWebapp/defaulteditor/upload/*</url-pattern>
<url-pattern>/org.kie.workbench.drools.KIEDroolsWebapp/defaulteditor/download/*</url-pattern>
<url-pattern>/org.kie.workbench.drools.KIEDroolsWebapp/dtablexls/file</url-pattern>
<url-pattern>/org.kie.workbench.drools.KIEDroolsWebapp/scorecardxls/file</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>analyst</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>console</web-resource-name>
Expand Down
Loading

0 comments on commit 90eed43

Please sign in to comment.