source: main/adopters/ut/branches/1.8/src/main/webapps/secure-view/WEB-INF/web.xml @ 3609

Last change on this file since 3609 was 3609, checked in by Garth Braithwaite, 11 years ago

ut ut secure view - committed ZW's secure view webapp. This version was what ZW and Scott worked on with the AGRC map being used for selection and final output. It also provides low level LHD selection security via a MySQL db table. THIS TIME FROM THE TEST SERVER NOT THE DEV SERVER.

File size: 17.0 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?> 
2
3<web-app 
4        version="2.5"
5        xmlns="http://java.sun.com/xml/ns/j2ee" 
6        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
7    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
8>
9
10<!-- IMPORTANT: This file's contents are position dependent for 2.3 DTD.   
11        To see what elements in what positions see:
12        http://e-docs.bea.com/wls/docs61/webapp/web_xml.html
13-->
14
15        <icon>
16                <small-icon>image/ibisph-view_16x16.ico</small-icon>
17                <large-icon>image/ibisph-view.ico</large-icon>
18        </icon>
19        <display-name>IBIS-PH - Public View</display-name>
20        <description>
21                Indicator Based Information System for Public Health (IBIS-PH).  This
22                system provides internet access for the public to view health indicator
23                data and to create and execute custom data queries.  The data presented
24                are stored in XML files with the HTML view being created by XSLTs and
25                controlled via Java controllers built on the Spring framework.
26        </description>
27
28
29        <context-param>
30                <param-name>contextConfigLocation</param-name>
31                <param-value>
32                        /WEB-INF/config/spring/filter.xml
33                        /WEB-INF/config/spring/security.xml
34                        /WEB-INF/config/spring/common.xml
35                        /WEB-INF/config/spring/chart.xml
36
37                        /WEB-INF/config/spring/home.xml
38                        /WEB-INF/config/spring/query.xml
39                        /WEB-INF/config/spring/secure.xml
40                </param-value>
41                <description>
42                        List of bean configuration files which will be loaded by the Spring
43                        Bean Factory.  Another way - specifies the bean definition/configuration
44                        files for this web app context for Spring MVC Framework's Dispatcher
45                        Servlet.  These bean config files can also contain bean definitions
46                        which because are instantiated at startup enable an app load mechanism.
47                        See the context listener defined below which uses this param.
48                </description>
49        </context-param>
50
51
52        <context-param>
53                <description>
54                        Needed to remove conflict for when two apps are on the same app server
55                        using spring and log4j (ibisph-view and ibisph-admin) see:
56                        http://drglennn.blogspot.com/2008/08/problems-with-webapproot-system.html
57                </description>
58                <param-name>webAppRootKey</param-name>
59                <param-value>ibisph-view</param-value>
60        </context-param>
61<!--
62        <context-param>
63                <param-name>log4jConfigLocation</param-name>
64                <param-value>WEB-INF/config/log4j.xml</param-value>
65        </context-param>
66        <context-param>
67                <param-name>log4jRefreshInterval</param-name>
68                <param-value>1000</param-value>
69        </context-param>
70-->
71
72        <!-- ========================================================= F I L T E R S
73                The IBIS Filters can either be specified in this web.xml file or handled
74                within the Spring environment.  To allow filters to have their values
75                set via property files or Spring bean injection configuration files as
76                well as to utilize the more robust filter url mapping mechanism the
77                Spring filter mechanism is used.
78
79                The IBIS filters used by the system is implemented by using these of 2
80                types of Spring filters:
81                - DelegatingFilterProxy - part of the core spring web package.  This
82                  filter proxy simply wraps a normal filter object and allows spring
83                  bean managemement/injection.  It does NOT provide any filter mapping.
84
85                - FilterChainProxy is part of the security package.  In addition to what
86                  the DelegatingFilterProxy object provides, it adds a filter mapping
87                  and chaining mechanmism.  This chaining is specified as a property in
88                  an ANT style url configuration.  This approach has been implemented for
89                  this app since it is easier to doc and understand the URL mapping vs
90                  normal web.xml filter mappings.
91
92                Both are used for IBIS-PH.  The initial "real" filter is the delegate
93                which simply passes things off to the bean enabled chain proxy.  This
94                provides the ability to use the life cycle init parameter and allows
95                the properties to be set via the configuration xml file.
96
97                NOTE: For "Delegated" IBIS filters that extend/are based on the Abstract
98                PathPatternFilter, the filterLifecycle property must be set to true. 
99                This can also be done via the "targetFilterLifecycle" init-param.  This
100                must be set to true so that the filters will have their required the
101                init methods called properly.
102
103                <init-param>
104                        <description>
105                                Enforces invocation of the Filter.init and Filter.destroy lifecycle
106                                methods on the target bean, letting the servlet container manage the
107                                filter lifecycle. 
108                        </description>
109                        <param-name>targetFilterLifecycle</param-name>
110                        <param-value>true</param-value>
111                </init-param>
112
113          SEE: Version 1.7 and prior, April, 2008 for the older web.xml that had the
114          filter and filter mappings completely defined within the web.xml w/o spring.
115        -->
116        <filter>
117                <filter-name>StandardFilters</filter-name>
118                <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
119                <init-param>
120                        <param-name>targetBeanName</param-name>
121                        <param-value>Filter.FilterChainProxy</param-value>
122                </init-param> 
123        </filter>
124        <filter>
125                <filter-name>SecurityFilters</filter-name>
126                <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
127                <init-param>
128                        <param-name>targetBeanName</param-name>
129                        <param-value>Security.FilterChainProxy</param-value>
130                </init-param> 
131        </filter>
132
133
134
135        <!-- ========================================= F I L T E R   M A P P I N G S -->
136        <filter-mapping>
137                <filter-name>SecurityFilters</filter-name>
138                <url-pattern>/secure/*</url-pattern>
139        </filter-mapping>
140        <filter-mapping>
141                <filter-name>SecurityFilters</filter-name>
142                <url-pattern>/authenticate</url-pattern>
143        </filter-mapping>
144
145        <filter-mapping>
146                <filter-name>StandardFilters</filter-name>
147                <url-pattern>/home/*</url-pattern>
148        </filter-mapping>
149        <filter-mapping>
150                <filter-name>StandardFilters</filter-name>
151                <url-pattern>/query/*</url-pattern>
152        </filter-mapping>
153
154
155
156        <!-- ===================================================== L I S T E N E R S -->
157
158        <!--
159                Loads a listener that uses the context-param named contextConfigLocation
160                defined above to load the bean definitions when the context is loaded.
161       
162                - Loads the root application context of this web app at startup.
163                - The application context is then available via
164                        WebApplicationContextUtils.getWebApplicationContext(servletContext).
165
166                - This also allows for custom objects that can load global property
167                        files at startup etc. see/implement: ServletContextListener
168
169                NOTE: Some containers (like Tomcat) prefer listeners, some like Websphere
170                like servlets.  Listed below is the servlet code for such enviros.
171
172                <servlet>
173                        <servlet-name>Log4jConfigServlet</servlet-name>
174                        <servlet-class>org.springframework.web.util.Log4jConfigServlet</servlet-class>
175                        <load-on-startup>1</load-on-startup>
176                </servlet>
177                <servlet>
178                        <servlet-name>ContextLoaderServlet</servlet-name>
179                        <servlet-class>org.springframework.web.context.ContextLoaderServlet</servlet-class>
180                        <load-on-startup>2</load-on-startup>
181                </servlet>
182        -->
183        <listener>
184                <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
185        </listener>
186
187        <!-- Publishes events for session creation and destruction through the app
188                context.  Optional unless concurrent session control is being used.
189        -->
190        <listener>
191                <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
192        </listener>
193       
194        <listener>
195                <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
196        </listener>   
197
198
199
200        <!-- ======================================================= S E R V L E T S -->
201        <servlet>
202                <servlet-name>Dispatcher.Servlet</servlet-name>
203                <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
204                <init-param>
205                        <param-name>contextConfigLocation</param-name>
206                        <param-value>/WEB-INF/config/spring/dispatcher_servlet.xml</param-value>
207                </init-param>
208                <load-on-startup>10</load-on-startup>
209        </servlet>
210
211
212
213        <!-- ======================================= S E R V L E T   M A P P I N G S
214                NOTE: need to map each system and NOT have a general /* mapping because
215                the servlet will then receive requests for image files, js, css etc...
216        -->
217        <servlet-mapping>
218                <servlet-name>Dispatcher.Servlet</servlet-name>
219                <url-pattern>/home/*</url-pattern>
220        </servlet-mapping>
221        <servlet-mapping>
222                <servlet-name>Dispatcher.Servlet</servlet-name>
223                <url-pattern>/query/*</url-pattern>
224        </servlet-mapping>
225        <servlet-mapping>
226                <servlet-name>Dispatcher.Servlet</servlet-name>
227                <url-pattern>/secure/*</url-pattern>
228        </servlet-mapping>
229
230        <!-- NOTE: These mappings are mainly used as a mechanism to remove a path prefix.
231                For this to work, the request's getPathInfo() method is used, not the get
232                URL method.  Also, for Spring's dispatcher_request servlet to property resolve/
233                handle full paths the "alwaysUseFullPath" property must be set to "true".
234                Example of usage is for ip charts it strips off the /indicator/graphic/ from
235                the path so it's one less item to parse - exposing the chart name as the first
236                item.  This also makes it easier if at some point for the charting
237                functionality to be moved to a seperate servlet.
238        -->
239        <servlet-mapping>
240                <servlet-name>Dispatcher.Servlet</servlet-name> 
241                <url-pattern>/query/selection/*</url-pattern> 
242        </servlet-mapping>
243        <servlet-mapping>
244                <servlet-name>Dispatcher.Servlet</servlet-name> 
245                <url-pattern>/query/configuration/*</url-pattern> 
246        </servlet-mapping>
247        <servlet-mapping>
248                <servlet-name>Dispatcher.Servlet</servlet-name> 
249                <url-pattern>/query/sasResult/*</url-pattern> 
250        </servlet-mapping>
251        <servlet-mapping>
252                <servlet-name>Dispatcher.Servlet</servlet-name> 
253                <url-pattern>/query/builder/*</url-pattern> 
254        </servlet-mapping>
255        <servlet-mapping>
256                <servlet-name>Dispatcher.Servlet</servlet-name> 
257                <url-pattern>/query/result/*</url-pattern> 
258        </servlet-mapping>
259        <servlet-mapping>
260                <servlet-name>Dispatcher.Servlet</servlet-name> 
261                <url-pattern>/query/result/graphic/*</url-pattern> 
262        </servlet-mapping>
263
264        <servlet-mapping>
265                <servlet-name>Dispatcher.Servlet</servlet-name> 
266                <url-pattern>/secure/query/selection/*</url-pattern> 
267        </servlet-mapping>
268        <servlet-mapping>
269                <servlet-name>Dispatcher.Servlet</servlet-name> 
270                <url-pattern>/secure/query/builder/*</url-pattern> 
271        </servlet-mapping>
272        <servlet-mapping>
273                <servlet-name>Dispatcher.Servlet</servlet-name> 
274                <url-pattern>/secure/query/result/*</url-pattern> 
275        </servlet-mapping>
276
277        <servlet-mapping>
278                <servlet-name>Dispatcher.Servlet</servlet-name> 
279                <url-pattern>/Welcome</url-pattern> 
280        </servlet-mapping>
281
282<!--
283        <servlet-mapping>
284        <servlet-name>ibisq-cgi</servlet-name>
285        <url-pattern>/cgi-bin/*</url-pattern>
286    </servlet-mapping>
287-->
288
289
290
291        <!-- =================================================== J S P   C O N F I G -->
292        <jsp-config>
293                <jsp-property-group>
294                        <description>Property group for common configuration for all the JSP's</description>
295                        <url-pattern>*.jsp</url-pattern>
296                        <scripting-invalid>false</scripting-invalid>
297                        <el-ignored>false</el-ignored>
298                        <page-encoding>ISO-8859-1</page-encoding>
299                        <trim-directive-whitespaces>true</trim-directive-whitespaces>
300                </jsp-property-group>
301        </jsp-config>
302
303 
304 
305        <!-- =========================================== S E S S I O N   C O N F I G -->
306        <session-config>
307                <!-- Inactive timeout value for a user's session.  Value is in minutes. -->
308                <session-timeout>30</session-timeout>
309        </session-config>
310
311
312
313        <!-- ============================================= M I M E   M A P P I N G S -->
314        <mime-mapping>
315                <extension>htm</extension>
316                <mime-type>text/html</mime-type>
317        </mime-mapping>
318        <mime-mapping>
319                <extension>html</extension>
320                <mime-type>text/html</mime-type>
321        </mime-mapping>
322        <mime-mapping>
323                <extension>xml</extension>
324                <mime-type>application/xml</mime-type>
325        </mime-mapping>
326        <mime-mapping>
327                <extension>css</extension>
328                <mime-type>text/css</mime-type>
329        </mime-mapping>
330        <mime-mapping>
331                <extension>ico</extension>
332                <mime-type>image/vnd.microsoft.icon</mime-type>
333        </mime-mapping>
334        <mime-mapping>
335                <extension>js</extension>
336                <mime-type>text/javascript</mime-type>
337        </mime-mapping>
338        <mime-mapping>
339                <extension>jsp</extension>
340                <mime-type>text/html</mime-type>
341        </mime-mapping>
342        <mime-mapping>
343                <extension>log</extension>
344                <mime-type>text/plain</mime-type>
345        </mime-mapping>
346        <mime-mapping>
347                <extension>gif</extension>
348                <mime-type>image/gif</mime-type>
349        </mime-mapping>
350        <mime-mapping>
351                <extension>jpg</extension>
352                <mime-type>image/jpeg</mime-type>
353        </mime-mapping>
354        <mime-mapping>
355                <extension>jpeg</extension>
356                <mime-type>image/jpeg</mime-type>
357        </mime-mapping>
358        <mime-mapping>
359                <extension>png</extension>
360                <mime-type>image/png</mime-type>
361        </mime-mapping>
362        <mime-mapping>
363                <extension>tiff</extension>
364                <mime-type>image/tiff</mime-type>
365        </mime-mapping>
366        <mime-mapping>
367                <extension>tif</extension>
368                <mime-type>image/tiff</mime-type>
369        </mime-mapping>
370        <mime-mapping>
371                <extension>svg</extension>
372                <mime-type>image/svg+xml</mime-type>
373        </mime-mapping>
374        <mime-mapping>
375                <extension>svgz</extension>
376                <mime-type>image/svg+xml</mime-type>
377        </mime-mapping>
378
379        <mime-mapping>
380                <extension>pdf</extension>
381                <mime-type>image/pdf</mime-type>
382        </mime-mapping>
383
384        <mime-mapping>
385                <extension>xls</extension>
386                <mime-type>application/vnd.ms-excel</mime-type>
387        </mime-mapping>
388
389
390
391        <!-- =============================== D E F A U L T / W E L C O M E   P A G E
392                NOTE: This has to be a physical file for anything prior to Servlet API 2.4.
393                If 2.4+ you can map the servlet then use the servlet name in the welcome
394                list.
395        -->
396        <welcome-file-list>
397                <welcome-file>Welcome</welcome-file>
398        </welcome-file-list>
399
400
401
402        <!-- ======================================= H T T P   E R R O R   P A G E S -->
403        <error-page><error-code>401</error-code><location>/jsp/ErrorPage.jsp?message=You are not authorized to view the requested resource.</location></error-page>
404        <error-page><error-code>403</error-code><location>/jsp/ErrorPage.jsp?message=You are trying to view a restricted resource.  The request was understood by the server but a response was refused.</location></error-page>
405        <error-page><error-code>404</error-code><location>/jsp/ErrorPage.jsp?message=Requested resource was not found.  It has either moved or is unavailable.</location></error-page>
406        <error-page><error-code>405</error-code><location>/jsp/ErrorPage.jsp?message=The page tried to use a method which is not supported for this URL.</location></error-page>
407        <error-page><error-code>406</error-code><location>/jsp/ErrorPage.jsp?message=The requested resource exists, but not in a format/type that your browser will accept.</location></error-page>
408        <error-page><error-code>407</error-code><location>/jsp/ErrorPage.jsp?message=The proxy server needs authorization before it can proceed.</location></error-page>
409        <error-page><error-code>408</error-code><location>/jsp/ErrorPage.jsp?message=Request timed out.  The resource is in use or is temporarily unavailable or there is a network problem.</location></error-page>
410        <error-page><error-code>414</error-code><location>/jsp/ErrorPage.jsp?message=The requested URI (URL) is too long for the server to handle.</location></error-page>
411        <error-page><error-code>415</error-code><location>/jsp/ErrorPage.jsp?message=The server can not process the request because the request body is in an unsupported media format.</location></error-page>
412
413        <error-page><error-code>500</error-code><location>/jsp/ErrorPage.jsp?message=An unexpected error occurred inside the server that prevented it from fulfilling the request.</location></error-page>
414        <error-page><error-code>501</error-code><location>/jsp/ErrorPage.jsp?message=Requested function is not implemented by this application on this server.</location></error-page>
415        <error-page><error-code>502</error-code><location>/jsp/ErrorPage.jsp?message=Bad internet gateway.  A server acting as a gateway or proxy did not receive a valid response from an upstream server.</location></error-page>
416        <error-page><error-code>503</error-code><location>/jsp/ErrorPage.jsp?message=The service (server) is temporarily unavailable but should be restored in the future.</location></error-page>
417        <error-page><error-code>504</error-code><location>/jsp/ErrorPage.jsp?message=A gateway timout error has occured.  A server acting as a gateway or proxy did not receive a valid response in time.</location></error-page>
418        <error-page><error-code>505</error-code><location>/jsp/ErrorPage.jsp?message=The server does not support the version of the HTTP protocol used in the request.</location></error-page>
419
420        <error-page><exception-type>java.lang.Throwable</exception-type><location>/jsp/ErrorPage.jsp?message=Uncaught System Run Time Exception</location></error-page>
421<!-- must have either the exception-type or error-code
422        <error-page><location>/jsp/ErrorPage.jsp?message=General system problem.  This is not a problem with the network or an HTTP issue.  This is typically a problem with the IBIS application.</location></error-page>
423-->
424</web-app>
425
Note: See TracBrowser for help on using the repository browser.