Versions Compared

Version Old Version 10 New Version Current
Changes made by

Vaishnavi Sridhar (Unlicensed)

DevaDarshini.S

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


The following is a sample security configuration securityconfig.properties (as per the name given in the default descriptor):

Code Block
languagebash
##############################################################################
# General guidelines for configuring property files for Canvas
# - All places where Routing mode is asked for, possible valid values for the same are - "FORWARD", "REDIRECT"
# - All places where ait flagis orindicated indicatoras isa askedBoolean forconfiguration, possible values for "true" are - "yes", "y", "true", "1" (ignore case)
###########################################################################################################################################################


################################################################################################################################################################
# Standard URLs Section - This category contains the URLs for common functionality #like such as Log in- Login, Log outLogout, Session Timeout, etc.
################################################################################################################################################################

# This key is used to identify the LogLogin in page URL. The URL should not include the context root.
# For example, if the context root is "dummy" and the loglogin in page is within a folder 
# called "jsp" in the WAR file, then the value would be "/jsp/login.jsp"
LOGIN_PAGE_URL=/index.jsp 

# This key is used to identify the Log inLogin page URL routing mode.
# The possible values are "FORWARD", "REDIRECT"
LOGIN_LOGIN_PAGE_URL_ROUTING_MODE=FORWARD


#This key is used to identify the Landing page / Home page
HOME_PAGE_URL=/CT_Home.jsp


# This key is used to identify the Log inLogin page URL routing mode.
#
The possible values are "FORWARD", "REDIRECT"
HOME_PAGE_URL_ROUTING_MODE=REDIRECT


#This key is used to identify the Expiry page
EXPIRY_PAGE_URL=/indexSESSION_EXPIRE.jsp 

# This key is used to identify the LogLogin in page URL routing mode.
# The possible values are "FORWARD", "REDIRECT"
EXPIRY_PAGE_URL_ROUTING_MODE=REDIRECT 

# This EXPIRY_PAGE_URL_ROUTING_MODE=REDIRECT
# This key is used to identify the Error Page
ERROR_PAGE_URL=/index.jsp 

# This key is used to identify the LogLogin in page URL routing mode.
# The possible
values are "FORWARD", "REDIRECT"
ERROR_PAGE_URL_ROUTING_MODE=REDIRECT


# This key is used to identify the LogLogout out page URL. The URL should not include the 
# context root. For example, if the context root is "dummy" and the loglogout outpage page is 
# within a folder called "jsp" in the WAR file, then the value would be "/jsp/logout.jsp"
LOGOUT_PAGE_URL=/indexlogout.jsp 

# This key is used to identify the LogLogout out page URL routing mode.
LOGOUT_PAGE_URL_ROUTING_MODE=REDIRECT


# This key is used to identify the Invalid Session page URL. The URL should not include 
# the context root. For example, if the context root is "dummy" and the loglogin in page is 
# within a folder called "jsp" in the WAR file, then the value would be "/jsp/invalidsession.jsp"
INVALID_SESSION_PAGE_URL=/index.jsp 

# This key is used to identify the Invalid session page URL routing mode.
INVALID_SESSION_PAGE_URL_ROUTING_MODE=REDIRECT


# This key is used to identify the Simulation Mode launch page URL. The URL should not 
# include the context root. For example, if the context root is "dummy" and the loglogin in 
# page is within a folder called "jsp" in the WAR file, then the value would be "/jsp/simulationlaunch.jsp"
SIMULATION_MODE_PAGE_URL=/index.jsp


# This key is used to indicate the key under which the user token will be shared as 
# part of the Simulation mode launch page URL.
#
The possible values are "FORWARD", "REDIRECT"
SIMULATION_MODE_PAGE_USER_TOKEN_NAME=FORWARD 

# This key is used to identify the Force Change Password page URL. The URL should not include 
# the context root. For example, if the context root is "dummy" and the loglogin in page is within a #ca folder called "jsp" in the WAR file, then the value would be "/jsp/changepassword.jsp"
FORCE_CHANGE_PWD_PAGE_URL=/index.jsp


# This key is used to identify the Force Change Password page URL routing mode.
# The possible values are "FORWARD",
"REDIRECT"
FORCE_CHANGE_PWD_PAGE_URL_ROUTING_MODE=FORWARD

##############################################################################
# CSRF Configuration - Configuration specific to CSRF Validation for the application
##################################################################################################################################################################

# This is the key under which the CSRF Token will be sent by the browser to the server.
CSRF_TOKEN_FIELD_NAME=_dinsess


# This is a boolean configuration to indicate whether CSRF Validation is enabled or not.
CSRF_VALIDATION_ENABLED=Y


# This is a comma separated list of URIs. This should not include the context root of the application.
CSRF_IGNORE_URLS=/index.jsp,/PortalLoginServlet,/pfus

##############################################################################
# Session Configuration - Configuration specific to session handling of the application
##############################################################################
# This indicates the idle session time out interval in seconds that should be monitored at 
# the browser level. This has to be
less than the value configured under MAX_SESSION_TIMOUT_SEC.
IDLE_SESSION_TIMEOUT_SEC=60 6

# This is a boolean configuration to indicate whether multiple concurrent sessions for a 
# single loglogin in IDid of the user should be allowed or not.
ALLOW_MULTI_LOGIN=Y 

# This is the default authentication provider that is to be used during LogLogin in,/ loglogout out/ or re-authentication purposes.
AUTH_SERV_PROV_CLASS=com.intellectdesign.canvas.authentication.providers.CTAuthenticationProvider

# This is the default hybrid policy provider that is to be used during log in.
# #AUTH_SERV_PROV_CLASS=com.intellectdesign.canvas.authenticationprovider.providersauth.CTOneToOneHybridPolicyProviderldap.LDAPAuthenticationProvider
HYBRID#AUTH_POLICYSERV_PROV_CLASS=NONE com.intellectdesign.canvas.provider.auth.arx.ARXAuthenticationProvider
#AUTH_SERV_PROV_CLASS=com.intellectdesign.canvas.provider.auth.arx.ARXCookieBasedAuthenticationProvider

# This indicates howis the logdefault inhybrid intopolicy theprovider systemthat shouldis happento ifbe thereused isduring aLogin direct
access to 
# # com.intellectdesign.canvas.authentication.providers.CTOneToOneHybridPolicyProvider
HYBRID_POLICY_PROV_CLASS=NONE
# This indicates how the login into the system should happen if there is a direct access to protected content. Possible values are - AUTO, FORM, BLOCK. Default is BLOCK.
LOGIN_MODE=AUTO


# This is a boolean configuration to indicate whether the unique Request IDId generated by  # Canvas for each request should be displayed to the end user in case of any errors faced.
LOG_REQUESTID_AS_REFERENCE=Y 

# This is a boolean configuration to indicate whether for every request the Client IP should 
# be validated with that detected at the time of application launch.
CHECK_CLIENT_IP_FOR_SESSION_VALIDATION=Y 

# This key is used only if the CHECK_CLIENT_IP_FOR_SESSION_VALIDATION is enabled. This key is 
# optional and can be used to tell the Canvas platform as to how it can retrieve the Client IP from.
CLIENT_IP_PARAM_NAME= CANVAS


# This key is used only if the CHECK_CLIENT_IP_FOR_SESSION_VALIDATION is enabled. This key is 
# optional and used to indicate the exact location from where the custom Client IP key should 
# be read from. The possible values are "HEADER" (indicating from Request Header) or 
# "PARAM" (indicating from Request parameters).
CLIENT_IP_PARAM_SCOPE=PARAM 

##############################################################################################################################################################
# Other Configuration - Other configurations related to security and validations
################################################################################
##############################################################################
# This key is used to identify the current application context path
# This provides a comma separated list of all context roots enabled for the application. 
# The context roots are the basis by which the ProtectionDomain as well as context root level 
# validations get configured.
#
# DEFAULT#DEFAULT_CONTEXT_ROOT=
# ALL_CONTEXT_ROOTS=
# [CONTEXT_ROOT]_VALIDATE_REFERRER_ACTION_FLAG=
# [CONTEXT_ROOT]_VALID_REFERERS==
# [CONTEXT_ROOT]_SKIP_REFERRER_SOURCE_URLS=

DEFAULT_CONTEXT_ROOT=/CTModelHousectmodelhouse
ALL_CONTEXT_ROOTS=CTModelHousectmodelhouse


# This key is used to indicate whether Referrer URL needs to be validation for a particular 
# context root. If this is not configured, by default it is treated as "false".
CTModelHousectmodelhouse_VALIDATE_REFERRER_ACTION_FLAG=false 

# This key is used to provide the list of valid referrer URLs applicable for that particular 
# Context root. For this key to be detected, the context root should have been included in the ALL_CONTEXT_ROOTS list
CTModelHousectmodelhouse_VALID_REFERERS=/,/index.jsp,/CT_HOME.jsp


# This key is used to provide the list of URLsURL's for which the referrer validation need not 
# be done. For this key to be detected, the context root should have been included in the ALL_CONTEXT_ROOTS list.
CTModelHousectmodelhouse_SKIP_REFERRER_SOURCE_URLS=/printtemplate.jsp 

# This is the default value for X-FRAME-OPTIONS that should be set in all responses. The possible 
# valid values for this option are "DENY" and "SAMEORIGIN" If this is not provided, 
# the default value is assumed to be "DENY".
XFRAMEOPTION_DEFAULT=DENY
# 
# This contains the comma separated list of URL patterns for which the X-FRAME-OPTIONS header should not be emitted.
XFRAMEOPTION_IGNOREURLS=/index.jsp,/index.jsp,/pfus
#This is a boolean configuration to indicate whether to encrypt the network calls based on keys from certificate or through default keypair.
LOAD_KEYS_FROM_CERTIFICATE=N
#This is the path from where the keystore is fetched.
#Example : modelhouse.keystore
KEYSTORE_PATH=modelhouse.keystore
#This is the alias name which is required to fetch the certificate from the keystore
KEYSTORE_ALIAS=modelhouse
#This is a secure password which is needed while loading the keystore from the path
#Make sure environmental variable is set.
KEYSTORE_PASSWORD=${env.KEYSTORE_PASSWORD}
#This is a secure password which is needed to get key from keystore based on alias name
ALIAS_PASSWORD=${env.ALIAS_PASSWORD}

#This is used to get JWT Token key
JWT_TOKEN_KEY=${env.JWT_TOKEN_KEY}
#This is used to enable web socket connection
WEB_SOCKET_ENABLED=${env.WEB_SOCKET_ENABLED}
#This is used to get CSRF key in service based execution
SERVICE_CSRF_KEY=${env.SERVICE_CSRF_KEY}