Versions Compared

Version Old Version 1 New Version Current
Changes made by

Lakshminarayanan1 S CTOO (Unlicensed)

Lakshminarayanan1 S CTOO (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


The following is a sample security configuration securityconfigSigmasecurityconfig.properties (as per the name given in the default descriptor):

Code Block
languagebash
##############################################################################
# General guidelines for configuring property files for Canvas
# - All places where Routing mode is asked for, possible valid values for the same are - "FORWARD", "REDIRECT"
# - All places where it is indicated as a Boolean configuration, possible values for "true" are - "yes", "y", "true", "1" (ignore case)
##############################################################################


##############################################################################
# Standard URLs Section - This category contains the URLs for common functionality like - Login, Logout, Session Timeout, etc
##############################################################################
# This key is used to identify the Login page URL. The URL should not include the context root. For example, if the context root is "dummy" and the login page is within a folder called "jsp" in the WAR file, then the value would be "/jsp/login.jsp"
LOGIN_PAGE_URL=/index.jsp
# This key is used to identify the Login page URL routing mode.
LOGIN_PAGE_URL_ROUTING_MODE=FORWARD
#This key is used to identify the Landing page / Home page
HOME_PAGE_URL=/CT_Homehome.jsp
# This key is used to identify the Login page URL routing mode.
HOME_PAGE_URL_ROUTING_MODE=REDIRECT
#This key is used to identify the Expiry page
EXPIRY_PAGE_URL=/SESSION_EXPIREindex.jsp
# This key is used to identify the Login page URL routing mode.
EXPIRY_PAGE_URL_ROUTING_MODE=REDIRECT
# This key is used to identify the Error Page
ERROR_PAGE_URL=/index.jsp
# This key is used to identify the Login page URL routing mode.
ERROR_PAGE_URL_ROUTING_MODE=REDIRECT
# This key is used to identify the Logout page URL. The URL should not include the context root. For example, if the context root is "dummy" and the logout page is within a folder called "jsp" in the WAR file, then the value would be "/jsp/logout.jsp"
LOGOUT_PAGE_URL=/logout.jsp
# This key is used to identify the Logout page URL routing mode.
LOGOUT_PAGE_URL_ROUTING_MODE=REDIRECT
# This key is used to identify the Invalid Session page URL. The URL should not include the context root. For example, if the context root is "dummy" and the login page is within a folder called "jsp" in the WAR file, then the value would be "/jsp/invalidsession.jsp"
INVALID_SESSION_PAGE_URL=/index.jsp
# This key is used to identify the Invalid session page URL routing mode.
INVALID_SESSION_PAGE_URL_ROUTING_MODE=REDIRECT
# This key is used to identify the Simulation Mode launch page URL. The URL should not include the context root. For example, if the context root is "dummy" and the login page is within a folder called "jsp" in the WAR file, then the value would be "/jsp/simulationlaunch.jsp"
SIMULATION_MODE_PAGE_URL=/index.jsp
# This key is used to indicate the key under which the user token will be shared as part of the Simulation mode launch page URL.
SIMULATION_MODE_PAGE_USER_TOKEN_NAME=FORWARD
# This key is used to identify the Force Change Password page URL. The URL should not include the context root. For example, if the context root is "dummy" and the login page is within a folder called "jsp" in the WAR file, then the value would be "/jsp/changepassword.jsp"
FORCE_CHANGE_PWD_PAGE_URL=/index.jsp
# This key is used to identify the Force Change Password page URL routing mode.
FORCE_CHANGE_PWD_PAGE_URL_ROUTING_MODE=FORWARD

##############################################################################
# CSRF Configuration - Configuration specific to CSRF Validation for the application
##############################################################################
# This is the key under which the CSRF Token will be sent by the browser to the server.
CSRF_TOKEN_FIELD_NAME=_dinsesscf
# This is a boolean configuration to indicate whether CSRF Validation is enabled or not.
CSRF_VALIDATION_ENABLED=Y
# This is a comma separated list of URIs. This should not include the context root of the application
CSRF_IGNORE_URLS=/index.jsp,/PortalLoginServlet,/pfus

##############################################################################
# Session Configuration - Configuration specific to session handling of the application
##############################################################################
# This indicates the idle session time out interval in seconds that should be monitored at the browser level. 
IDLE_SESSION_TIMEOUT_SEC=660
# This is a boolean configuration to indicate whether multiple concurrent sessions for a single login id of the user should be allowed or not.
ALLOW_MULTI_LOGIN=Y
# This is the default authentication provider that is to be used during Login / logout / re-authentication purposes
AUTH_SERV_PROV_CLASS=com.intellectdesign.canvas.authentication.providers.CTAuthenticationProvider
#AUTH_SERV_PROV_CLASS=com.intellectdesign.canvas.provider.auth.ldap.LDAPAuthenticationProvider
#AUTH_SERV_PROV_CLASS=com.intellectdesign.canvas.provider.auth.arx.ARXAuthenticationProvider
#AUTH_SERV_PROV_CLASS=com.intellectdesign.canvas.provider.auth.arx.ARXCookieBasedAuthenticationProvider

# This is the default hybrid policy provider that is to be used during Login 
# com.intellectdesign.canvas.authentication.providers.CTOneToOneHybridPolicyProvider
HYBRID_POLICY_PROV_CLASS=NONE
# This indicates how the login into the system should happen if there is a direct access to protected content. Possible values are - AUTO, FORM, BLOCK. Default is BLOCK
LOGIN_MODE=AUTO
# This is a boolean configuration to indicate whether the unique Request Id generated by Canvas for each request should be displayed to the end user in case of any errors faced.
LOG_REQUESTID_AS_REFERENCE=Y
# This is a boolean configuration to indicate whether for every request the Client IP should be validated with that detected at the time of application launch.
CHECK_CLIENT_IP_FOR_SESSION_VALIDATION=Y
# This key is used only if the CHECK_CLIENT_IP_FOR_SESSION_VALIDATION is enabled. This key is optional and can be used to tell the Canvas platform as to how it can retrieve the Client IP from.
CLIENT_IP_PARAM_NAME= CANVAS
# This key is used only if the CHECK_CLIENT_IP_FOR_SESSION_VALIDATION is enabled. This key is optional and used to indicate the exact location from where the custom Client IP key should be read from. The possible values are "HEADER" (indicating from Request Header) or "PARAM" (indicating from Request parameters).
CLIENT_IP_PARAM_SCOPE=PARAM 

##############################################################################
# Other Configuration - Other configurations related to security and validations
##############################################################################
# This key is used to identify the current application context path
# This provides a comma separated list of all context roots enabled for the application. The context roots are the basis by which the ProtectionDomain as well as context root level validations get configured.
#DEFAULT_CONTEXT_ROOT=
# ALL_CONTEXT_ROOTS=
# [CONTEXT_ROOT]_VALIDATE_REFERRER_ACTION_FLAG=
# [CONTEXT_ROOT]_VALID_REFERERS==
# [CONTEXT_ROOT]_SKIP_REFERRER_SOURCE_URLS=

DEFAULT_CONTEXT_ROOT=/ctmodelhousesigma
ALL_CONTEXT_ROOTS=ctmodelhousesigma
# This key is used to indicate whether Referrer URL needs to be validation for a particular context root. If this is not configured, by default it is treated as "false".
ctmodelhousesigma_VALIDATE_REFERRER_ACTION_FLAG=false
# This key is used to provide the list of valid referrer URLs applicable for that particular Context root. For this key to be detected, the context root should have been included in the ALL_CONTEXT_ROOTS list
ctmodelhousesigma_VALID_REFERERS=/,/index.jsp,/CT_HOME.jsp
# This key is used to provide the list of URL's for which the referrer validation need not be done. For this key to be detected, the context root should have been included in the ALL_CONTEXT_ROOTS list
ctmodelhousesigma_SKIP_REFERRER_SOURCE_URLS=/printtemplate.jsp
# This is the default value for X-FRAME-OPTIONS that should be set in all responses. The possible valid values for this option are "DENY" and "SAMEORIGIN" If this is not provided, the default value is assumed to be "DENY"
XFRAMEOPTION_DEFAULT=DENY
# This contains the comma separated list of URL patterns for which the X-FRAME-OPTIONS header should not be emitted.
XFRAMEOPTION_IGNOREURLS=/index.jsp,/index.jsp,/pfus
#This is a boolean configuration to indicate whether to encrypt the network calls based on keys from certificate or through default keypair.
LOAD_KEYS_FROM_CERTIFICATE=N
#This is the path from where the keystore is fetched.
#Example : modelhouse.keystore
KEYSTORE_PATH=modelhouseSigma.keystore
#This is the alias name which is required to fetch the certicate from the keystore
KEYSTORE_ALIAS=modelhouse
#This is a secure password which is needed while loading the keystore from the path
KEYSTORE_PASSWORD=001a28f43ecb3e394276
#This is a secure password which is needed to get key from keystore based on alias name
ALIAS_PASSWORD=9b01657cf3f548e44f65

#This is used to get JWT Token key
JWT_TOKEN_KEY=${env.JWT_TOKEN_KEY}
#This is used to enable web socket connection
WEB_SOCKET_ENABLED=${env.WEB_SOCKET_ENABLED}
#This is used to get CSRF key in service based execution
SERVICE_CSRF_KEY=${env.SERVICE_CSRF_KEY}

...