Code Review / aaa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Disable invalidRequest.blockTraversal
[aaa.git] / aaa-shiro / impl / src / main / resources / initial / aaa-app-config.xml
diff --git a/aaa-shiro/impl/src/main/resources/initial/aaa-app-config.xml b/aaa-shiro/impl/src/main/resources/initial/aaa-app-config.xml
index fe5806b1e3503bec7d175fea74683e88729d98ff..dfa0a48832c3e7befb2e394dec42ee406ecb60bc 100644 (file)
--- a/aaa-shiro/impl/src/main/resources/initial/aaa-app-config.xml
+++ b/aaa-shiro/impl/src/main/resources/initial/aaa-app-config.xml
@@ -275,6 +275,23 @@
         <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value>
     </main>
 
+    <!--
+        Disable parts of invalidRequest filter, as these are blocking valid RESTCONF requests.
+
+        RESTCONF routinely transmits data in URLs. The encoding requires that all reserved URI
+        characters, as defined in https://www.rfc-editor.org/rfc/rfc3986#section-2.2, be
+        percent-encoded. See https://jira.opendaylight.org/browse/AAA-265.
+     -->
+    <main>
+        <!-- ';' is a RFC3986 reserved character -->
+        <pair-key>invalidRequest.blockSemicolon</pair-key>
+        <pair-value>false</pair-value>
+    </main>
+    <main>
+        <!-- '/' is a RFC3986 reserved character -->
+        <pair-key>invalidRequest.blockTraversal</pair-key>
+        <pair-value>false</pair-value>
+    </main>
 
     <!--
       ===================================================================================
Authentication, Authorization, Accounting