Added CorsFilter to enable secure cross site scripting

[controller.git] / opendaylight / northbound / staticrouting / src / main / resources / WEB-INF / web.xml

diff --git a/opendaylight/northbound/staticrouting/src/main/resources/WEB-INF/web.xml b/opendaylight/northbound/staticrouting/src/main/resources/WEB-INF/web.xml
index 4a040c1a1f861e3f38e0bf762cb5170832710b19..0bf186b50e0c6616504c896219252d0f6ef4d52c 100644 (file)
--- a/opendaylight/northbound/staticrouting/src/main/resources/WEB-INF/web.xml
+++ b/opendaylight/northbound/staticrouting/src/main/resources/WEB-INF/web.xml
@@ -13,21 +13,60 @@
   </servlet>
 
         <servlet-mapping>
-                <servlet-name>JAXRSStaticRouting</servlet-name>
-                <url-pattern>/*</url-pattern>
+          <servlet-name>JAXRSStaticRouting</servlet-name>
+          <url-pattern>/*</url-pattern>
         </servlet-mapping>
 
+        <filter>
+          <filter-name>CorsFilter</filter-name>
+          <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
+          <init-param>
+            <param-name>cors.allowed.origins</param-name>
+            <param-value>*</param-value>
+          </init-param>
+          <init-param>
+            <param-name>cors.allowed.methods</param-name>
+            <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
+          </init-param>
+          <init-param>
+            <param-name>cors.allowed.headers</param-name>
+            <param-value>Content-Type,X-Requested-With,accept,authorization, origin,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
+          </init-param>
+          <init-param>
+            <param-name>cors.exposed.headers</param-name>
+            <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
+          </init-param>
+          <init-param>
+            <param-name>cors.support.credentials</param-name>
+            <param-value>true</param-value>
+          </init-param>
+          <init-param>
+            <param-name>cors.preflight.maxage</param-name>
+            <param-value>10</param-value>
+          </init-param>
+        </filter>
+        <filter-mapping>
+          <filter-name>CorsFilter</filter-name>
+          <url-pattern>/*</url-pattern>
+        </filter-mapping>
+
         <security-constraint>
-                <web-resource-collection>
-                        <web-resource-name>NB api</web-resource-name>
-                        <url-pattern>/*</url-pattern>
-                </web-resource-collection>
-                <auth-constraint>
-                        <role-name>System-Admin</role-name>
-                        <role-name>Network-Admin</role-name>
-                        <role-name>Network-Operator</role-name>
-                        <role-name>Container-User</role-name>
-                </auth-constraint>
+          <web-resource-collection>
+            <web-resource-name>NB api</web-resource-name>
+            <url-pattern>/*</url-pattern>
+            <http-method>POST</http-method>
+            <http-method>GET</http-method>
+            <http-method>PUT</http-method>
+            <http-method>PATCH</http-method>
+            <http-method>DELETE</http-method>
+            <http-method>HEAD</http-method>
+          </web-resource-collection>
+          <auth-constraint>
+            <role-name>System-Admin</role-name>
+            <role-name>Network-Admin</role-name>
+            <role-name>Network-Operator</role-name>
+            <role-name>Container-User</role-name>
+          </auth-constraint>
         </security-constraint>
 
         <security-role>