]> source.dussan.org Git - archiva.git/commitdiff
projects / archiva.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 283092a)
[MRM-1460] configure XSS parameter check interceptor added in Redback 1.2.7
authorMaria Odea B. Ching <oching@apache.org>
Sun, 13 Mar 2011 13:56:55 +0000 (13:56 +0000)
committerMaria Odea B. Ching <oching@apache.org>
Sun, 13 Mar 2011 13:56:55 +0000 (13:56 +0000)
git-svn-id: https://svn.apache.org/repos/asf/archiva/branches/archiva-1.3.x@1081116 13f79535-47bb-0310-9956-ffa450edef68

archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml patch | blob | history

diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml
index 7c5c09ffde182978adcdb096e06f4ed7d577a948..fb2db21593c5ff40aee432ebd506a0b479e3897d 100644 (file)
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml
@@ -33,11 +33,13 @@
       <interceptor name="redbackAutoLogin" class="redbackAutoLoginInterceptor"/>
       <interceptor name="redbackPolicyEnforcement" class="redbackPolicyEnforcementInterceptor"/>
       <interceptor name="paramFilter" class="com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor"/>
+      <interceptor name="redbackXssParameterCheck" class="redbackXSSParameterCheckInterceptor"/>
 
       <interceptor-stack name="configuredArchivaStack">
         <interceptor-ref name="redbackForceAdminUser"/>
         <interceptor-ref name="redbackAutoLogin"/>
         <interceptor-ref name="defaultStack"/>
+        <interceptor-ref name="redbackXssParameterCheck"/>
         <interceptor-ref name="paramFilter">
           <param name="blocked">externalResult</param>
         </interceptor-ref>
@@ -58,6 +60,7 @@
         <interceptor-ref name="redbackForceAdminUser"/>
         <interceptor-ref name="redbackAutoLogin"/>
         <interceptor-ref name="defaultStack"/>
+        <interceptor-ref name="redbackXssParameterCheck"/>
         <interceptor-ref name="redbackPolicyEnforcement"/>
         <interceptor-ref name="redbackSecureActions">
           <param name="enableReferrerCheck">false</param>
@@ -124,6 +127,8 @@
         <param name="namespace">/security</param>
       </result>
 
+      <result name="possible-xss-attack">/WEB-INF/jsp/redback/possibleXssAttack.jsp</result>
+      
       <!-- Generic Catchall for those action configurations that forget to
            include a result for 'error' -->
       <result name="error">/WEB-INF/jsp/generalError.jsp</result>
Apache Archiva Repository: https://github.com/apache/archiva