diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2017-06-22 14:26:15 +0200 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2017-06-22 14:26:15 +0200 |
commit | 345a8534ff39cc9550cbacabe2b3fffe20293508 (patch) | |
tree | 67c2deb3c10d00ecb758a162c4ff88221b7e3741 /BKUOnline/src/main/webapp/WEB-INF | |
parent | f31c5c8e557b611ff4f5e43443975fb08a202863 (diff) | |
download | mocca-345a8534ff39cc9550cbacabe2b3fffe20293508.tar.gz mocca-345a8534ff39cc9550cbacabe2b3fffe20293508.tar.bz2 mocca-345a8534ff39cc9550cbacabe2b3fffe20293508.zip |
implement a workaround to fix XXE and SSRF problems in an old XMLStreamParser implementation of a third party library
Diffstat (limited to 'BKUOnline/src/main/webapp/WEB-INF')
-rw-r--r-- | BKUOnline/src/main/webapp/WEB-INF/web.xml | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/BKUOnline/src/main/webapp/WEB-INF/web.xml b/BKUOnline/src/main/webapp/WEB-INF/web.xml index 5033cc5e..5779fc97 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/web.xml +++ b/BKUOnline/src/main/webapp/WEB-INF/web.xml @@ -175,6 +175,14 @@ <filter-name>RequestIdFilter</filter-name> <filter-class>at.gv.egiz.bku.online.webapp.TransactionIdFilter</filter-class> </filter> + <filter> + <filter-name>StalSecurityFilter</filter-name> + <filter-class>at.gv.egiz.bku.online.filter.StalSecurityFilter</filter-class> + </filter> + <filter-mapping> + <filter-name>StalSecurityFilter</filter-name> + <servlet-name>STALService</servlet-name> + </filter-mapping> <filter-mapping> <filter-name>RequestIdFilter</filter-name> <servlet-name>HTTPSecurityLayerServlet</servlet-name> |