summaryrefslogtreecommitdiff
path: root/BKUOnline/src/main/webapp/WEB-INF
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2017-06-22 14:26:15 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2017-06-22 14:26:15 +0200
commit345a8534ff39cc9550cbacabe2b3fffe20293508 (patch)
tree67c2deb3c10d00ecb758a162c4ff88221b7e3741 /BKUOnline/src/main/webapp/WEB-INF
parentf31c5c8e557b611ff4f5e43443975fb08a202863 (diff)
downloadmocca-345a8534ff39cc9550cbacabe2b3fffe20293508.tar.gz
mocca-345a8534ff39cc9550cbacabe2b3fffe20293508.tar.bz2
mocca-345a8534ff39cc9550cbacabe2b3fffe20293508.zip
implement a workaround to fix XXE and SSRF problems in an old XMLStreamParser implementation of a third party library
Diffstat (limited to 'BKUOnline/src/main/webapp/WEB-INF')
-rw-r--r--BKUOnline/src/main/webapp/WEB-INF/web.xml8
1 files changed, 8 insertions, 0 deletions
diff --git a/BKUOnline/src/main/webapp/WEB-INF/web.xml b/BKUOnline/src/main/webapp/WEB-INF/web.xml
index 5033cc5e..5779fc97 100644
--- a/BKUOnline/src/main/webapp/WEB-INF/web.xml
+++ b/BKUOnline/src/main/webapp/WEB-INF/web.xml
@@ -175,6 +175,14 @@
<filter-name>RequestIdFilter</filter-name>
<filter-class>at.gv.egiz.bku.online.webapp.TransactionIdFilter</filter-class>
</filter>
+ <filter>
+ <filter-name>StalSecurityFilter</filter-name>
+ <filter-class>at.gv.egiz.bku.online.filter.StalSecurityFilter</filter-class>
+ </filter>
+ <filter-mapping>
+ <filter-name>StalSecurityFilter</filter-name>
+ <servlet-name>STALService</servlet-name>
+ </filter-mapping>
<filter-mapping>
<filter-name>RequestIdFilter</filter-name>
<servlet-name>HTTPSecurityLayerServlet</servlet-name>