source: trunk/config/dist/web.xml @ 7635

Last change on this file since 7635 was 7635, checked in by Nicklas Nordborg, 3 years ago

References #2136: Remove support for spot images

Removed spot-image related functionality from the web client.

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Date Id
File size: 14.9 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<web-app xmlns="http://java.sun.com/xml/ns/javaee"
3  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
5  http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
6   version="3.0">
7   
8<!--
9  $Id: web.xml 7635 2019-03-11 10:01:10Z nicklas $
10
11  Copyright (C) 2006, 2007 Nicklas Nordborg
12
13  This file is part of BASE - BioArray Software Environment.
14  Available at http://base.thep.lu.se/
15
16  BASE is free software; you can redistribute it and/or
17  modify it under the terms of the GNU General Public License
18  as published by the Free Software Foundation; either version 3
19  of the License, or (at your option) any later version.
20
21  BASE is distributed in the hope that it will be useful,
22  but WITHOUT ANY WARRANTY; without even the implied warranty of
23  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
24  GNU General Public License for more details.
25
26  You should have received a copy of the GNU General Public License
27  along with BASE. If not, see <http://www.gnu.org/licenses/>.
28-->
29
30  <display-name>BASE</display-name>
31  <description>
32    The BASE web application.
33  </description>
34 
35  <error-page>
36    <exception-type>java.lang.Throwable</exception-type>
37    <location>/exception/exception.jsp</location>
38  </error-page>
39 
40  <error-page>
41    <error-code>404</error-code>
42    <location>/exception/404.jsp</location>
43  </error-page>
44 
45  <jsp-config>
46    <jsp-property-group>
47      <url-pattern>*.jsp</url-pattern>
48      <page-encoding>UTF-8</page-encoding>
49    </jsp-property-group>
50  </jsp-config>
51 
52  <!--
53    If BASE Javascript encounters an URL that is longer than
54    specified by this setting when assigning it to for example
55    location.href = url, BASE will instead try to rewrite the document
56    to generate a POST request instead. This is to avoid problem with
57    web servers that doesn't accept URL:s longer than a specified size
58    For example, Apache has a default max length of 8190. If this setting
59    is 0, the rewrite functionality is disabled.
60  -->
61  <context-param>
62    <param-name>max-url-length</param-name>
63    <param-value>8000</param-value>
64  </context-param>
65 
66  <!--
67    Listener implementation that start and stop BASE
68    when the Tomcat is starting/stopping.
69  -->
70  <listener>
71    <description>Starts and stops BASE when Tomcat is starting and stopping</description>
72    <display-name>BASE Start/Stop servlet</display-name>
73    <listener-class>net.sf.basedb.clients.web.servlet.StartStopServlet</listener-class>
74  </listener>
75 
76  <!-- The View servlet used to download files in view mode -->
77  <servlet>
78    <description>Servlet for viewing files in the BASE file system</description>
79    <display-name>File view servlet</display-name>
80    <servlet-name>view</servlet-name>
81    <servlet-class>
82      net.sf.basedb.clients.web.servlet.Download
83    </servlet-class>
84    <init-param>
85      <param-name>default_mime_type</param-name>
86      <param-value>text/plain</param-value>
87    </init-param>
88    <init-param>
89      <param-name>use_path_info</param-name>
90      <param-value>false</param-value>
91    </init-param>
92  </servlet>
93  <servlet-mapping>
94    <servlet-name>view</servlet-name>
95    <url-pattern>/filemanager/files/view/*</url-pattern>
96  </servlet-mapping>
97
98  <!-- The Download servlet used to download files in download mode -->
99  <servlet>
100    <description>
101      Servlet for downloading files from the BASE file system. Is the same as
102      the 'view' servlet but sets the 'Content-Disposition' response header to
103      force browsers to prompt with a 'Save As' dialog.
104    </description>
105    <display-name>File download servlet</display-name>
106    <servlet-name>download</servlet-name>
107    <servlet-class>
108      net.sf.basedb.clients.web.servlet.Download
109    </servlet-class>
110    <init-param>
111      <param-name>default_mime_type</param-name>
112      <param-value>text/plain</param-value>
113    </init-param>
114    <init-param>
115      <param-name>download</param-name>
116      <param-value>true</param-value>
117    </init-param>
118    <init-param>
119      <param-name>use_path_info</param-name>
120      <param-value>false</param-value>
121    </init-param>
122  </servlet>
123  <servlet-mapping>
124    <servlet-name>download</servlet-name>
125    <url-pattern>/filemanager/files/download/*</url-pattern>
126  </servlet-mapping>
127
128  <!-- The Upload servlet used to upload files  -->
129  <servlet>
130    <description>Servlet that handles file upload</description>
131    <display-name>File upload servlet</display-name>
132    <servlet-name>upload</servlet-name>
133    <servlet-class>
134      net.sf.basedb.clients.web.servlet.Upload
135    </servlet-class>
136  </servlet>
137  <servlet-mapping>
138    <servlet-name>upload</servlet-name>
139    <url-pattern>/filemanager/upload/Upload</url-pattern>
140  </servlet-mapping>
141
142  <!-- The Generic PlotServlet for the HTML plot tool -->
143  <servlet>
144    <description>A generic plotter for analyzed data</description>
145    <display-name>Plot servlet</display-name>
146    <servlet-name>plotter</servlet-name>
147    <servlet-class>
148      net.sf.basedb.clients.web.servlet.PlotServlet
149    </servlet-class>
150    <init-param>
151      <param-name>maxWidth</param-name>
152      <param-value>1000</param-value>
153    </init-param>
154    <init-param>
155      <param-name>maxHeight</param-name>
156      <param-value>800</param-value>
157    </init-param>
158    <init-param>
159      <param-name>defaultWidth</param-name>
160      <param-value>600</param-value>
161    </init-param>
162    <init-param>
163      <param-name>defaultHeight</param-name>
164      <param-value>400</param-value>
165    </init-param>
166    <init-param>
167      <param-name>defaultFormat</param-name>
168      <param-value>png</param-value>
169    </init-param>
170  </servlet>
171  <servlet-mapping>
172    <servlet-name>plotter</servlet-name>
173    <url-pattern>/views/experiments/plotter/plot</url-pattern>
174  </servlet-mapping>
175
176  <!-- The ExperimentExplorer PlotServlet  -->
177  <servlet>
178    <description>A specialied plot servlet for the experiment explorer</description>
179    <display-name>Experiment explorer plot servlet</display-name>
180    <servlet-name>eeplotter</servlet-name>
181    <servlet-class>
182      net.sf.basedb.clients.web.servlet.ExperimentExplorerPlotServlet
183    </servlet-class>
184  </servlet>
185  <servlet-mapping>
186    <servlet-name>eeplotter</servlet-name>
187    <url-pattern>/views/experiments/explorer/plot</url-pattern>
188  </servlet-mapping>
189
190  <!-- The News feed servlet  -->
191  <!-- Comment out this servlet to disable the RSS feed -->
192  <servlet>
193    <description>Generate an RSS feed from public BASE news</description>
194    <display-name>News RSS feed servlet</display-name>
195    <servlet-name>news-feed</servlet-name>
196    <servlet-class>
197      net.sf.basedb.clients.web.servlet.RssNewsFeed
198    </servlet-class>
199    <load-on-startup>1</load-on-startup>
200  </servlet>
201  <servlet-mapping>
202    <servlet-name>news-feed</servlet-name>
203    <url-pattern>/info/news.rss</url-pattern>
204  </servlet-mapping>
205
206  <!-- Extensions servlet for managing extensions to the web client -->
207  <servlet>
208    <description>
209      Handles request for servlets inside extensions.
210    </description>
211    <display-name>Web client extensions manager</display-name>
212    <servlet-name>ExtensionsServlet</servlet-name>
213    <servlet-class>net.sf.basedb.clients.web.servlet.ExtensionsServlet</servlet-class>
214  </servlet>
215  <servlet-mapping>
216    <servlet-name>ExtensionsServlet</servlet-name>
217    <url-pattern>*.servlet</url-pattern>
218  </servlet-mapping>
219  <servlet-mapping>
220    <servlet-name>ExtensionsServlet</servlet-name>
221    <url-pattern>/extensions/servlet/*</url-pattern>
222  </servlet-mapping>
223
224  <!-- Replaces the default *.jsp servlet mapping in the global web.xml -->
225  <!-- Our JSP:s will not compile unless:   -->
226  <!-- strictQuoteEscaping=false (default is true)-->
227  <!-- compilerSourceVM=1.8 (default is 1.7) -->
228  <!-- compilerTargetVM=1.8 (default is 1.7) -->
229  <servlet>
230    <servlet-name>jsp</servlet-name>
231    <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
232    <init-param>
233      <param-name>strictQuoteEscaping</param-name>
234      <param-value>false</param-value>
235    </init-param>
236    <init-param>
237      <param-name>compilerSourceVM</param-name>
238      <param-value>1.8</param-value>
239    </init-param>
240    <init-param>
241      <param-name>compilerTargetVM</param-name>
242      <param-value>1.8</param-value>
243    </init-param>
244    <init-param>
245      <param-name>fork</param-name>
246      <param-value>false</param-value>
247    </init-param>
248    <init-param>
249      <param-name>xpoweredBy</param-name>
250      <param-value>false</param-value>
251    </init-param>
252    <load-on-startup>3</load-on-startup>
253  </servlet>
254 
255  <!-- Mapping *.xjsp files to a custom JSP compiler that adds extension JAR file to classpath -->
256  <!-- EXPERIMENTAL!! -->
257    <servlet>
258      <description>
259        Handles compilation of *.xjsp files which are like normal *.jsp files but the
260        classpath also include the JAR(s) for the extension.
261      </description>
262      <display-name>XJSP compiler for extensions (experimental!)</display-name>
263        <servlet-name>xjsp</servlet-name>
264        <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
265    <init-param>
266      <param-name>strictQuoteEscaping</param-name>
267      <param-value>false</param-value>
268    </init-param>
269    <init-param>
270      <param-name>compilerSourceVM</param-name>
271      <param-value>1.8</param-value>
272    </init-param>
273    <init-param>
274      <param-name>compilerTargetVM</param-name>
275      <param-value>1.8</param-value>
276    </init-param>
277        <init-param>
278            <param-name>fork</param-name>
279            <param-value>false</param-value>
280        </init-param>
281        <init-param>
282          <param-name>compilerClassName</param-name>
283          <param-value>net.sf.basedb.clients.web.extensions.XJspCompiler</param-value>
284        </init-param>
285    </servlet>
286    <servlet-mapping>
287        <servlet-name>xjsp</servlet-name>
288        <url-pattern>*.xjsp</url-pattern>
289    </servlet-mapping>
290
291 
292  <!-- The CompileAll servlet used to compile all JSP pages -->
293  <!-- EXPERIMENTAL!! -->
294  <!--
295  <servlet>
296    <servlet-name>compile</servlet-name>
297    <servlet-class>
298      net.sf.basedb.clients.web.servlet.CompileAll
299    </servlet-class>
300  </servlet>
301  <servlet-mapping>
302    <servlet-name>compile</servlet-name>
303    <url-pattern>/compile</url-pattern>
304  </servlet-mapping>
305  -->
306
307  <!-- A filter that sets the character encoding on all *.jsp and *.xjsp files -->
308  <filter>
309    <description>Filter that set the character encoding in the Content-Type response header.</description>
310    <display-name>Character encoding filter</display-name>
311    <filter-name>characterEncoding</filter-name>
312    <filter-class>net.sf.basedb.clients.web.servlet.CharacterEncodingFilter</filter-class>
313    <init-param>
314      <param-name>characterEncoding</param-name>
315      <param-value>UTF-8</param-value>
316    </init-param>
317  </filter>
318  <filter-mapping>
319    <filter-name>characterEncoding</filter-name>
320    <url-pattern>*.jsp</url-pattern>
321  </filter-mapping>
322  <filter-mapping>
323    <filter-name>characterEncoding</filter-name>
324    <url-pattern>*.xjsp</url-pattern>
325  </filter-mapping>
326
327  <!-- A filter that disable client-side caching -->
328  <!-- Use for developing only -->
329  <!--
330  <filter>
331    <description>
332      A filter that can be used to set the 'Cache-Control' response header.
333      Primary use is to disable caching of *.css and *.js files in development
334      mode.
335    </description>
336    <display-name>Cache control filter</display-name>
337    <filter-name>noCache</filter-name>
338    <filter-class>net.sf.basedb.clients.web.servlet.CacheControlFilter</filter-class>
339    <init-param>
340      <param-name>cache-control</param-name>
341      <param-value>no-cache, max-age=0</param-value>
342    </init-param>
343  </filter>
344  <filter-mapping>
345    <filter-name>noCache</filter-name>
346    <url-pattern>*.css</url-pattern>
347  </filter-mapping>
348  <filter-mapping>
349    <filter-name>noCache</filter-name>
350    <url-pattern>*.js</url-pattern>
351  </filter-mapping>
352  -->
353
354  <!-- A filter that add Content-Security-Policy header -->
355  <filter>
356    <description>
357      A filter that can be used to set the 'Content-Security-Policy' response header.
358      Primary use is to reduce the risk of cross-site scripting attacks. By default
359      only content from the same BASE server is allowed but we also need inline
360      style definitions and data: image URLs and disallow browser plug-ins (flash, etc.)
361      completely.
362     
363      Note that extensions to BASE may need more permissions, for example
364      use of inline javascript. If (and only if) the extension itself declare
365      'safe-resources="0"' in it's configuration, requests to /extensions/ subirectory
366      uses the 'unsafe-resources-policy' setting. For extensions that need inline scripts also
367      within BASE pages, the 'policy' setting must be modified to include:
368     
369      script-src 'self' 'unsafe-inline';
370     
371      See http://www.html5rocks.com/en/tutorials/security/content-security-policy/
372      for a good tutorial about content security policy
373
374      Violations to the policy are normally not logged. To enable logging add the
375      report-uri directive to the 'policy' setting:
376     
377      report-uri /{context}/csp-report;
378     
379      Replace {context} with the path under which your BASE installation is installed.
380      You also need to enabled the 'csp-report' defined below.
381    </description>
382    <display-name>Content security policy filter</display-name>
383    <filter-name>csp-filter</filter-name>
384    <filter-class>net.sf.basedb.clients.web.servlet.ContentSecurityPolicyFilter</filter-class>
385    <init-param>
386      <param-name>policy</param-name>
387      <param-value>default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none';</param-value>
388    </init-param>
389    <init-param>
390      <param-name>unsafe-resources-policy</param-name>
391      <param-value>default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; script-src 'self' 'unsafe-inline';</param-value>
392    </init-param>
393  </filter>
394  <filter-mapping>
395    <filter-name>csp-filter</filter-name>
396    <url-pattern>*</url-pattern>
397  </filter-mapping>
398
399  <!--
400    By default, logging of CSP violations is not enabled. See above how to enable the logging and
401    then uncomment the servlet definition below.
402  -->
403  <!--
404  <servlet>
405    <description>
406      A servlet for logging violations to the Content Security Policy.
407    </description>
408    <display-name>Content security policy reporter</display-name>
409    <servlet-name>csp-report</servlet-name>
410    <servlet-class>
411      net.sf.basedb.clients.web.servlet.ContentSecurityPolicyReportServlet
412    </servlet-class>
413  </servlet>
414  <servlet-mapping>
415    <servlet-name>csp-report</servlet-name>
416    <url-pattern>/csp-report</url-pattern>
417  </servlet-mapping>
418  -->
419 
420  <!-- A filter that remaps requests to images to skin-controlled variants -->
421  <filter>
422    <description>
423      This filter is used to support provide support for skins to re-map
424      images to their own versions. If this filter is disabled, skins will
425      not be able to remap images. Use the cachce-control parameter to control
426      the time client browsers are allowed to cache images. Skin changes
427      may not be visible until after this time (seconds) has passed.
428    </description>
429    <display-name>Image remap filter</display-name>
430    <filter-name>ImageRemap</filter-name>
431    <filter-class>net.sf.basedb.clients.web.servlet.ImageRemapFilter</filter-class>
432    <init-param>
433      <!-- max-age=time in seconds -->
434      <param-name>cache-control</param-name>
435      <param-value>max-age=3600</param-value>
436    </init-param>
437  </filter>
438  <filter-mapping>
439    <filter-name>ImageRemap</filter-name>
440    <url-pattern>*.png</url-pattern>
441  </filter-mapping>
442  <filter-mapping>
443    <filter-name>ImageRemap</filter-name>
444    <url-pattern>*.gif</url-pattern>
445  </filter-mapping>
446
447</web-app>
Note: See TracBrowser for help on using the repository browser.