implement a workaround to fix XXE and SSRF problems in an old XMLStreamParser implementation of a third party library

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2017-06-22 14:26:15 +0200
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2017-06-22 14:26:15 +0200
commit: 345a8534ff39cc9550cbacabe2b3fffe20293508 (patch)
tree: 67c2deb3c10d00ecb758a162c4ff88221b7e3741 /BKUOnline/src/main/webapp
parent: f31c5c8e557b611ff4f5e43443975fb08a202863 (diff)
download: mocca-345a8534ff39cc9550cbacabe2b3fffe20293508.tar.gz
mocca-345a8534ff39cc9550cbacabe2b3fffe20293508.tar.bz2
mocca-345a8534ff39cc9550cbacabe2b3fffe20293508.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/BKUOnline/src/main/webapp/WEB-INF/web.xml b/BKUOnline/src/main/webapp/WEB-INF/web.xml
index 5033cc5e..5779fc97 100644
--- a/BKUOnline/src/main/webapp/WEB-INF/web.xml
+++ b/BKUOnline/src/main/webapp/WEB-INF/web.xml
@@ -175,6 +175,14 @@
 		<filter-name>RequestIdFilter</filter-name>
 		<filter-class>at.gv.egiz.bku.online.webapp.TransactionIdFilter</filter-class>
 	</filter>
+	<filter>
+		<filter-name>StalSecurityFilter</filter-name>
+		<filter-class>at.gv.egiz.bku.online.filter.StalSecurityFilter</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>StalSecurityFilter</filter-name>
+		<servlet-name>STALService</servlet-name>
+	</filter-mapping>
 	<filter-mapping>
 		<filter-name>RequestIdFilter</filter-name>
 		<servlet-name>HTTPSecurityLayerServlet</servlet-name>
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2017-06-22 14:26:15 +0200
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2017-06-22 14:26:15 +0200
commit	345a8534ff39cc9550cbacabe2b3fffe20293508 (patch)
tree	67c2deb3c10d00ecb758a162c4ff88221b7e3741 /BKUOnline/src/main/webapp
parent	f31c5c8e557b611ff4f5e43443975fb08a202863 (diff)
download	mocca-345a8534ff39cc9550cbacabe2b3fffe20293508.tar.gz mocca-345a8534ff39cc9550cbacabe2b3fffe20293508.tar.bz2 mocca-345a8534ff39cc9550cbacabe2b3fffe20293508.zip