|
|
@@ -401,6 +401,7 @@ public class WebApps {
|
|
|
WebApp webApp = build(webapp);
|
|
|
HttpServer2 httpServer = webApp.httpServer();
|
|
|
if (ui2Context != null) {
|
|
|
+ addFiltersForNewContext(ui2Context);
|
|
|
httpServer.addHandlerAtFront(ui2Context);
|
|
|
}
|
|
|
try {
|
|
|
@@ -413,6 +414,27 @@ public class WebApps {
|
|
|
return webApp;
|
|
|
}
|
|
|
|
|
|
+ private void addFiltersForNewContext(WebAppContext ui2Context) {
|
|
|
+ Map<String, String> params = getConfigParameters(csrfConfigPrefix);
|
|
|
+
|
|
|
+ if (hasCSRFEnabled(params)) {
|
|
|
+ LOG.info("CSRF Protection has been enabled for the {} application. "
|
|
|
+ + "Please ensure that there is an authentication mechanism "
|
|
|
+ + "enabled (kerberos, custom, etc).", name);
|
|
|
+ String restCsrfClassName = RestCsrfPreventionFilter.class.getName();
|
|
|
+ HttpServer2.defineFilter(ui2Context, restCsrfClassName,
|
|
|
+ restCsrfClassName, params, new String[]{"/*"});
|
|
|
+ }
|
|
|
+
|
|
|
+ params = getConfigParameters(xfsConfigPrefix);
|
|
|
+
|
|
|
+ if (hasXFSEnabled()) {
|
|
|
+ String xfsClassName = XFrameOptionsFilter.class.getName();
|
|
|
+ HttpServer2.defineFilter(ui2Context, xfsClassName, xfsClassName, params,
|
|
|
+ new String[]{"/*"});
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
private String inferHostClass() {
|
|
|
String thisClass = this.getClass().getName();
|
|
|
Throwable t = new Throwable();
|
Wangda Tan