Versions Compared

Version Old Version 5 New Version 6
Changes made by

Ravikumar Babu CTOO (Unlicensed)

Ravikumar Babu CTOO (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


The following is a sample security configuration securityconfig.properties (as per the name given in the default descriptor):

Code Block
languagexmlbash
# General guidelines for configuring property files for Canvas
# - All places where Routing mode is asked for, possible values are - "FORWARD", "REDIRECT"
# - All places where a flag or indicator is asked for, possible values for "true" are "yes", "y", "true", "1" (ignore case)
############################################################################# 

###############################################################################################################################################################
# Standard URLs Section - This category contains the URLs for common functionality
like# such -as Log in, Log out, Session Timeout, etc.
################################################################################################################################################################ 
# This key is used to identify the Log in page URL. The URL should not include the context root.
# For example, if the context root is "dummy" and the log in page is within a folder 
# called "jsp" in the WAR file, then the value would be "/jsp/login.jsp"
LOGIN_PAGE_URL=/index.jsp 

# This key is used to identify the Log in page URL routing mode.
# The possible values are "FORWARD", "REDIRECT"
LOGIN_PAGE_URL_ROUTING_MODE=FORWARD 

#This key is used to identify the Landing page / Home page
HOME_PAGE_URL=/CT_Home.jsp 

# This key is used to identify the Log in page URL routing mode.
# The possible values are "FORWARD", "REDIRECT"
HOME_PAGE_URL_ROUTING_MODE=REDIRECT 

#This key is used to identify the Expiry page
EXPIRY_PAGE_URL=/index.jsp 

# This key is used to identify the Log in page URL routing mode.
# The possible values are "FORWARD", "REDIRECT"
EXPIRY_PAGE_URL_ROUTING_MODE=REDIRECT 

# This key is used to identify the Error Page
ERROR_PAGE_URL=/index.jsp 

# This key is used to identify the Log in page URL routing mode.
# The possible values are "FORWARD", "REDIRECT"
ERROR_PAGE_URL_ROUTING_MODE=REDIRECT 

# This key is used to identify the Log out page URL. The URL should not include the 
# context root. For example, if the context root is "dummy" and the log out page is 
# within a folder called "jsp" in the WAR file, then the value would be "/jsp/logout.jsp"
LOGOUT_PAGE_URL=/index.jsp 

# This key is used to identify the Log out page URL routing mode.
LOGOUT_PAGE_URL_ROUTING_MODE=REDIRECT 

# This key is used to identify the Invalid Session page URL. The URL should not include 
# the context root. For example, if the context root is "dummy" and the log in page is 
# within a folder called "jsp" in the WAR file, then the value would be "/jsp/invalidsession.jsp"
INVALID_SESSION_PAGE_URL=/index.jsp 

# This key is used to identify the Invalid session page URL routing mode.
INVALID_SESSION_PAGE_URL_ROUTING_MODE=REDIRECT 

# This key is used to identify the Simulation Mode launch page URL. The URL should not 
# include the context root. For example, if the context root is "dummy" and the log in 
# page is within a folder called "jsp" in the WAR file, then the value would be "/jsp/simulationlaunch.jsp"
SIMULATION_MODE_PAGE_URL=/index.jsp 

# This key is used to indicate the key under which the user token will be shared as 
# part of the Simulation mode launch page URL.
# The possible values are "FORWARD", "REDIRECT"
SIMULATION_MODE_PAGE_USER_TOKEN_NAME=FORWARD 

# This key is used to identify the Force Change Password page URL. The URL should not include 
# the context root. For example, if the context root is "dummy" and the log in page is within 
a#ca folder called "jsp" in the WAR file, then the value would be "/jsp/changepassword.jsp"
FORCE_CHANGE_PWD_PAGE_URL=/index.jsp 

# This key is used to identify the Force Change Password page URL routing mode.
# The possible values are "FORWARD", "REDIRECT"
FORCE_CHANGE_PWD_PAGE_URL_ROUTING_MODE=FORWARD 

# CSRF Configuration - Configuration specific to CSRF Validation for the application
################################################################################################################################################################## 
# This is the key under which the CSRF Token will be sent by the browser to the server.
CSRF_TOKEN_FIELD_NAME=_dinsess 

# This is a boolean configuration to indicate whether CSRF Validation is enabled or not.
CSRF_VALIDATION_ENABLED=Y 

# This is a comma separated list of URIs. This should not include the context root of the application.
CSRF_IGNORE_URLS=/index.jsp,/PortalLoginServlet,/pfus 

# Session Configuration - Configuration specific to session handling of the application
##############################################################################
# This indicates the idle session time out interval in seconds that should be monitored at 
# the browser level. This has to be less than the value configured under MAX_SESSION_TIMOUT_SEC.
IDLE_SESSION_TIMEOUT_SEC=60 

# This is a boolean configuration to indicate whether multiple concurrent sessions for a 
# single log in idID of the user should be allowed or not.
ALLOW_MULTI_LOGIN=Y 

# This is the default authentication provider that is to be used during Log in /, log out /or re-authentication purposes.
AUTH_SERV_PROV_CLASS=com.intellectdesign.canvas.authentication.providers.CTAuthenticationProvider

# This is the default hybrid policy provider that is to be used during Loginlog in.
# com.intellectdesign.canvas.authentication.providers.CTOneToOneHybridPolicyProvider
HYBRID_POLICY_PROV_CLASS=NONE 

# This indicates how the log in into the system should happen if there is a direct access to 
# protected content. Possible values are - AUTO, FORM, BLOCK. Default is BLOCK.
LOGIN_MODE=AUTO 

# This is a boolean configuration to indicate whether the unique Request IdID generated by 
# Canvas for each request should be displayed to the end user in case of any errors faced.
LOG_REQUESTID_AS_REFERENCE=Y 

# This is a boolean configuration to indicate whether for every request the Client IP should 
# be validated with that detected at the time of application launch.
CHECK_CLIENT_IP_FOR_SESSION_VALIDATION=Y 

# This key is used only if the CHECK_CLIENT_IP_FOR_SESSION_VALIDATION is enabled. This key is 
# optional and can be used to tell the Canvas platform as to how it can retrieve the Client IP from.
CLIENT_IP_PARAM_NAME= CANVAS 

# This key is used only if the CHECK_CLIENT_IP_FOR_SESSION_VALIDATION is enabled. This key is 
# optional and used to indicate the exact location from where the custom Client IP key should 
# be read from. The possible values are "HEADER" (indicating from Request Header) or 
# "PARAM" (indicating from Request parameters).
CLIENT_IP_PARAM_SCOPE=PARAM 

##############################################################################################################################################################
# Other Configuration - Other configurations related to security and validations
##############################################################################################################################################################

# This key is used to identify the current application context path
# This provides a comma separated list of all context roots enabled for the application. 
# The context roots are the basis by which the ProtectionDomain as well as context root level 
# validations get configured.
#
# DEFAULT_CONTEXT_ROOT=
# ALL_CONTEXT_ROOTS=
# [CONTEXT_ROOT]_VALIDATE_REFERRER_ACTION_FLAG=
# [CONTEXT_ROOT]_VALID_REFERERS==
# [CONTEXT_ROOT]_SKIP_REFERRER_SOURCE_URLS= 
DEFAULT_CONTEXT_ROOT=/CTModelHouse
ALL_CONTEXT_ROOTS=CTModelHouse 

# This key is used to indicate whether Referrer URL needs to be validation for a particular 
# context root. If this is not configured, by default it is treated as "false".
CTModelHouse_VALIDATE_REFERRER_ACTION_FLAG=false 

# This key is used to provide the list of valid referrer URLs applicable for that particular 
# Context root. For this key to be detected, the context root should have been included in the ALL_CONTEXT_ROOTS list
CTModelHouse_VALID_REFERERS=/,/index.jsp,/CT_HOME.jsp 

# This key is used to provide the list of URLs for which the referrer validation need not 
# be done. For this key to be detected, the context root should have been included in the ALL_CONTEXT_ROOTS list.
CTModelHouse_SKIP_REFERRER_SOURCE_URLS=/printtemplate.jsp 

# This is the default value for X-FRAME-OPTIONS that should be set in all responses. The possible 
# valid values for this option are "DENY" and "SAMEORIGIN" If this is not provided, 
# the default value is assumed to be "DENY".
XFRAMEOPTION_DEFAULT=DENY 

# This contains the comma separated list of URL patterns for which the X-FRAME-OPTIONS header should not be emitted.
XFRAMEOPTION_IGNOREURLS=/index.jsp,/index.jsp

...