| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| |
| Copyright (c) 2010, 2018 Oracle and/or its affiliates. All rights reserved. |
| |
| This program and the accompanying materials are made available under the |
| terms of the Eclipse Public License v. 2.0, which is available at |
| http://www.eclipse.org/legal/epl-2.0. |
| |
| This Source Code may also be made available under the following Secondary |
| Licenses when the conditions for such availability set forth in the |
| Eclipse Public License v. 2.0 are satisfied: GNU General Public License, |
| version 2 with the GNU Classpath Exception, which is available at |
| https://www.gnu.org/software/classpath/license.html. |
| |
| SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 |
| |
| --> |
| |
| <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="3.0" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> |
| <context-param> |
| <param-name>com.sun.jsftemplating.DEBUG</param-name> |
| <param-value>false</param-value> |
| </context-param> |
| <context-param> |
| <param-name>com.sun.faces.enableMultiThreadedStartup</param-name> |
| <param-value>true</param-value> |
| </context-param> |
| <context-param> |
| <param-name>com.sun.jsftemplating.FS_DENY_PATHS</param-name> |
| <param-value>META-INF/:WEB-INF/:*.jsf:*.inc:*.xhtml:*.xml</param-value> |
| </context-param> |
| <context-param> |
| <param-name>com.sun.jsftemplating.CLASSLOADER</param-name> |
| <param-value>org.glassfish.admingui.common.plugin.ConsoleClassLoader</param-value> |
| </context-param> |
| <context-param> |
| <param-name>com.sun.jsftemplating.RESOURCE_PREFIX</param-name> |
| <param-value>/html</param-value> |
| </context-param> |
| <context-param> |
| <param-name>com.sun.faces.enableRestoreView11Compatibility</param-name> |
| <param-value>true</param-value> |
| </context-param> |
| <context-param> |
| <param-name>jakarta.faces.VALIDATE_EMPTY_FIELDS</param-name> |
| <param-value>false</param-value> |
| </context-param> |
| <context-param> |
| <param-name>jakarta.faces.validator.DISABLE_DEFAULT_BEAN_VALIDATOR</param-name> |
| <param-value>true</param-value> |
| </context-param> |
| |
| <filter> |
| <filter-name>UploadFilter</filter-name> |
| <filter-class>com.sun.webui.jsf.util.UploadFilter</filter-class> |
| <init-param> |
| <param-name>maxSize</param-name> |
| <param-value>-1</param-value> |
| </init-param> |
| </filter> |
| <filter-mapping> |
| <filter-name>UploadFilter</filter-name> |
| <servlet-name>FacesServlet</servlet-name> |
| </filter-mapping> |
| <servlet> |
| <servlet-name>FacesServlet</servlet-name> |
| <servlet-class>jakarta.faces.webapp.FacesServlet</servlet-class> |
| <load-on-startup>1</load-on-startup> |
| </servlet> |
| <servlet> |
| <servlet-name>ThemeServlet</servlet-name> |
| <servlet-class>com.sun.webui.theme.ThemeServlet</servlet-class> |
| <load-on-startup>2</load-on-startup> |
| </servlet> |
| <servlet> |
| <servlet-name>DownloadServlet</servlet-name> |
| <servlet-class>org.glassfish.admingui.common.servlet.DownloadServlet</servlet-class> |
| <init-param> |
| <param-name>ContentSources</param-name> |
| <param-value> |
| org.glassfish.admingui.common.servlet.LBConfigContentSource, |
| org.glassfish.admingui.common.servlet.ClientStubsContentSource, |
| org.glassfish.admingui.common.servlet.LogFilesContentSource |
| org.glassfish.admingui.common.servlet.LogViewerContentSource |
| </param-value> |
| </init-param> |
| <init-param> |
| <param-name>contentSourceId</param-name> |
| <param-value>LBConfig</param-value> |
| </init-param> |
| </servlet> |
| <servlet-mapping> |
| <servlet-name>DownloadServlet</servlet-name> |
| <url-pattern>/download/*</url-pattern> |
| </servlet-mapping> |
| <servlet-mapping> |
| <servlet-name>FacesServlet</servlet-name> |
| <url-pattern>/resource/*</url-pattern> |
| </servlet-mapping> |
| <servlet-mapping> |
| <servlet-name>FacesServlet</servlet-name> |
| <url-pattern>/html/*</url-pattern> |
| </servlet-mapping> |
| <servlet-mapping> |
| <servlet-name>FacesServlet</servlet-name> |
| <url-pattern>/faces/*</url-pattern> |
| </servlet-mapping> |
| <servlet-mapping> |
| <servlet-name>FacesServlet</servlet-name> |
| <url-pattern>*.jsf</url-pattern> |
| </servlet-mapping> |
| <servlet-mapping> |
| <servlet-name>ThemeServlet</servlet-name> |
| <url-pattern>/theme/*</url-pattern> |
| </servlet-mapping> |
| <session-config> |
| <cookie-config> |
| <http-only>true</http-only> |
| </cookie-config> |
| </session-config> |
| <!-- following mapping added to avoid JSF warning. refer to GLASSFISH-19403 --> |
| <mime-mapping> |
| <extension>jsp</extension> |
| <mime-type>text/html</mime-type> |
| </mime-mapping> |
| |
| <welcome-file-list> |
| <welcome-file>/index.jsf</welcome-file> |
| </welcome-file-list> |
| <error-page> |
| <exception-type>jakarta.faces.application.ViewExpiredException</exception-type> |
| <location>/</location> |
| </error-page> |
| |
| <!-- only user from admin realm can access any URL pattern --> |
| <security-constraint> |
| <web-resource-collection> |
| <web-resource-name>protected</web-resource-name> |
| <url-pattern>/*</url-pattern> |
| </web-resource-collection> |
| <auth-constraint> |
| <role-name>admin</role-name> |
| </auth-constraint> |
| </security-constraint> |
| |
| |
| <!-- resources like images, css, etc. there is no executable code, and everyone should be able to do a GET , this is for presenting the login page. --> |
| <security-constraint> |
| <web-resource-collection> |
| <web-resource-name>public</web-resource-name> |
| <url-pattern>/theme/com/*</url-pattern> |
| <url-pattern>/theme/org/*</url-pattern> |
| <url-pattern>/resource/*</url-pattern> |
| <url-pattern>/theme/META-INF/*</url-pattern> |
| <http-method>GET</http-method> |
| </web-resource-collection> |
| </security-constraint> |
| |
| <!-- The following constraint is added to avoid the WARNING or INFO msg for uncovered http method. This will not allow *anyone* to do any method |
| except GET on these resources. --> |
| <security-constraint> |
| <web-resource-collection> |
| <web-resource-name>public</web-resource-name> |
| <url-pattern>/theme/com/*</url-pattern> |
| <url-pattern>/theme/org/*</url-pattern> |
| <url-pattern>/resource/*</url-pattern> |
| <url-pattern>/theme/META-INF/*</url-pattern> |
| <http-method-omission>GET</http-method-omission> |
| </web-resource-collection> |
| <auth-constraint/> |
| </security-constraint> |
| |
| |
| |
| <login-config> |
| <auth-method>FORM</auth-method> |
| <realm-name>admin-realm</realm-name> |
| <form-login-config> |
| <form-login-page>/login.jsf</form-login-page> |
| <form-error-page>/loginError.jsf</form-error-page> |
| </form-login-config> |
| </login-config> |
| <security-role> |
| <role-name>admin</role-name> |
| </security-role> |
| </web-app> |