1<?xml version="1.0" encoding="UTF-8"?> 2<!-- 3 4 Copyright (c) 2010, 2018 Oracle and/or its affiliates. All rights reserved. 5 6 This program and the accompanying materials are made available under the 7 terms of the Eclipse Public License v. 2.0, which is available at 8 http://www.eclipse.org/legal/epl-2.0. 9 10 This Source Code may also be made available under the following Secondary 11 Licenses when the conditions for such availability set forth in the 12 Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 13 version 2 with the GNU Classpath Exception, which is available at 14 https://www.gnu.org/software/classpath/license.html. 15 16 SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 17 18--> 19 20<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="3.0" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> 21 <context-param> 22 <param-name>com.sun.jsftemplating.DEBUG</param-name> 23 <param-value>false</param-value> 24 </context-param> 25 <context-param> 26 <param-name>com.sun.faces.enableMultiThreadedStartup</param-name> 27 <param-value>true</param-value> 28 </context-param> 29 <context-param> 30 <param-name>com.sun.jsftemplating.FS_DENY_PATHS</param-name> 31 <param-value>META-INF/:WEB-INF/:*.jsf:*.inc:*.xhtml:*.xml</param-value> 32 </context-param> 33 <context-param> 34 <param-name>com.sun.jsftemplating.CLASSLOADER</param-name> 35 <param-value>org.glassfish.admingui.common.plugin.ConsoleClassLoader</param-value> 36 </context-param> 37 <context-param> 38 <param-name>com.sun.jsftemplating.RESOURCE_PREFIX</param-name> 39 <param-value>/html</param-value> 40 </context-param> 41 <context-param> 42 <param-name>com.sun.faces.enableRestoreView11Compatibility</param-name> 43 <param-value>true</param-value> 44 </context-param> 45 <context-param> 46 <param-name>javax.faces.VALIDATE_EMPTY_FIELDS</param-name> 47 <param-value>false</param-value> 48 </context-param> 49 <context-param> 50 <param-name>javax.faces.validator.DISABLE_DEFAULT_BEAN_VALIDATOR</param-name> 51 <param-value>true</param-value> 52 </context-param> 53 54 <filter> 55 <filter-name>UploadFilter</filter-name> 56 <filter-class>com.sun.webui.jsf.util.UploadFilter</filter-class> 57 <init-param> 58 <param-name>maxSize</param-name> 59 <param-value>-1</param-value> 60 </init-param> 61 </filter> 62 <filter-mapping> 63 <filter-name>UploadFilter</filter-name> 64 <servlet-name>FacesServlet</servlet-name> 65 </filter-mapping> 66 <servlet> 67 <servlet-name>FacesServlet</servlet-name> 68 <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> 69 <load-on-startup>1</load-on-startup> 70 </servlet> 71 <servlet> 72 <servlet-name>ThemeServlet</servlet-name> 73 <servlet-class>com.sun.webui.theme.ThemeServlet</servlet-class> 74 <load-on-startup>2</load-on-startup> 75 </servlet> 76 <servlet> 77 <servlet-name>DownloadServlet</servlet-name> 78 <servlet-class>org.glassfish.admingui.common.servlet.DownloadServlet</servlet-class> 79 <init-param> 80 <param-name>ContentSources</param-name> 81 <param-value> 82 org.glassfish.admingui.common.servlet.LBConfigContentSource, 83 org.glassfish.admingui.common.servlet.ClientStubsContentSource, 84 org.glassfish.admingui.common.servlet.LogFilesContentSource 85 org.glassfish.admingui.common.servlet.LogViewerContentSource 86 </param-value> 87 </init-param> 88 <init-param> 89 <param-name>contentSourceId</param-name> 90 <param-value>LBConfig</param-value> 91 </init-param> 92 </servlet> 93 <servlet-mapping> 94 <servlet-name>DownloadServlet</servlet-name> 95 <url-pattern>/download/*</url-pattern> 96 </servlet-mapping> 97 <servlet-mapping> 98 <servlet-name>FacesServlet</servlet-name> 99 <url-pattern>/resource/*</url-pattern> 100 </servlet-mapping> 101 <servlet-mapping> 102 <servlet-name>FacesServlet</servlet-name> 103 <url-pattern>/html/*</url-pattern> 104 </servlet-mapping> 105 <servlet-mapping> 106 <servlet-name>FacesServlet</servlet-name> 107 <url-pattern>/faces/*</url-pattern> 108 </servlet-mapping> 109 <servlet-mapping> 110 <servlet-name>FacesServlet</servlet-name> 111 <url-pattern>*.jsf</url-pattern> 112 </servlet-mapping> 113 <servlet-mapping> 114 <servlet-name>ThemeServlet</servlet-name> 115 <url-pattern>/theme/*</url-pattern> 116 </servlet-mapping> 117 <session-config> 118 <cookie-config> 119 <http-only>true</http-only> 120 </cookie-config> 121 </session-config> 122 <!-- following mapping added to avoid JSF warning. refer to GLASSFISH-19403 --> 123 <mime-mapping> 124 <extension>jsp</extension> 125 <mime-type>text/html</mime-type> 126 </mime-mapping> 127 128 <welcome-file-list> 129 <welcome-file>/index.jsf</welcome-file> 130 </welcome-file-list> 131 <error-page> 132 <exception-type>javax.faces.application.ViewExpiredException</exception-type> 133 <location>/</location> 134 </error-page> 135 136 <!-- only user from admin realm can access any URL pattern --> 137 <security-constraint> 138 <web-resource-collection> 139 <web-resource-name>protected</web-resource-name> 140 <url-pattern>/*</url-pattern> 141 </web-resource-collection> 142 <auth-constraint> 143 <role-name>admin</role-name> 144 </auth-constraint> 145 </security-constraint> 146 147 148 <!-- resources like images, css, etc. there is no executable code, and everyone should be able to do a GET , this is for presenting the login page. --> 149 <security-constraint> 150 <web-resource-collection> 151 <web-resource-name>public</web-resource-name> 152 <url-pattern>/theme/com/*</url-pattern> 153 <url-pattern>/theme/org/*</url-pattern> 154 <url-pattern>/resource/*</url-pattern> 155 <url-pattern>/theme/META-INF/*</url-pattern> 156 <http-method>GET</http-method> 157 </web-resource-collection> 158 </security-constraint> 159 160 <!-- The following constraint is added to avoid the WARNING or INFO msg for uncovered http method. This will not allow *anyone* to do any method 161 except GET on these resources. --> 162 <security-constraint> 163 <web-resource-collection> 164 <web-resource-name>public</web-resource-name> 165 <url-pattern>/theme/com/*</url-pattern> 166 <url-pattern>/theme/org/*</url-pattern> 167 <url-pattern>/resource/*</url-pattern> 168 <url-pattern>/theme/META-INF/*</url-pattern> 169 <http-method-omission>GET</http-method-omission> 170 </web-resource-collection> 171 <auth-constraint/> 172 </security-constraint> 173 174 175 176 <login-config> 177 <auth-method>FORM</auth-method> 178 <realm-name>admin-realm</realm-name> 179 <form-login-config> 180 <form-login-page>/login.jsf</form-login-page> 181 <form-error-page>/loginError.jsf</form-error-page> 182 </form-login-config> 183 </login-config> 184 <security-role> 185 <role-name>admin</role-name> 186 </security-role> 187</web-app> 188