Commit e99c39fd authored by Misagh Moayyed's avatar Misagh Moayyed
Browse files

update security filter to 2.0.4

parent 6b8a6044
......@@ -230,6 +230,15 @@ tgc.signing.key=szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dW
# applying it as default response encoding as well.
# httprequest.web.encoding.force=true
##
# Response Headers
#
# httpresponse.header.cache=false
# httpresponse.header.hsts=false
# httpresponse.header.xframe=false
# httpresponse.header.xcontent=false
# httpresponse.header.xss=false
##
# Reports
#
......@@ -399,4 +408,4 @@ tgc.signing.key=szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dW
# cas.spnego.ntlm=false
# cas.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit
# cas.spnego.mixed.mode.authn=false
# cas.spnego.send.401.authn.failure=false
\ No newline at end of file
# cas.spnego.send.401.authn.failure=false
......@@ -30,6 +30,13 @@
p:encoding="${httprequest.web.encoding:UTF-8}"
p:forceEncoding="${httprequest.web.encoding.force:true}" />
<bean id="responseHeadersSecurityFilter" class="org.jasig.cas.security.ResponseHeadersEnforcementFilter"
p:enableCacheControl="${httpresponse.header.cache:false}"
p:enableStrictTransportSecurity="${httpresponse.header.hsts:false}"
p:enableXFrameOptions="${httpresponse.header.xframe:false}"
p:enableXContentTypeOptions="${httpresponse.header.xcontent:false}"
p:enableXSSProtection="${httpresponse.header.xss:false}" />
<bean id="requestParameterSecurityFilter"
class="org.jasig.cas.security.RequestParameterPolicyEnforcementFilter"
p:allowMultiValueParameters="${cas.http.allow.multivalue.params:false}">
......
......@@ -68,6 +68,15 @@
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>responseHeadersSecurityFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>responseHeadersSecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
......
......@@ -1561,7 +1561,7 @@
<xml.apis.version>1.4.01</xml.apis.version>
<jstl.version>1.2</jstl.version>
<openid4java.version>0.9.8</openid4java.version>
<cas-server-security-filter.version>2.0.3</cas-server-security-filter.version>
<cas-server-security-filter.version>2.0.4-SNAPSHOT</cas-server-security-filter.version>
<google.guava.version>18.0</google.guava.version>
<javax.el-api.version>3.0.0</javax.el-api.version>
<javax.el-impl.version>2.2.6</javax.el-impl.version>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment