source: main/trunk/ibisph-view/src/main/webapp/WEB-INF/config/spring/common.xml @ 24670

Last change on this file since 24670 was 24670, checked in by GarthBraithwaite_STG, 4 months ago

view - Updated jquery to 3.6 and leaflet to 1.7.1. Kendo grid button color to std color. Updated info table to use heading colors and increased width of the Cleaned up QM and overviews xsd. Changed QB map script. Added "remove" messages for the SectionSelections?.xslt and ConfigurationIncludeCriteriaExclude?.xslt EXCLUDE. QM selection/Page.xslt simplified SHOW control.

File size: 36.5 KB
1<?xml version="1.0" encoding="UTF-8"?>
4        IBIS-PH View System's common Spring properties. This Spring application
5        context file contains properties are commonly used by more than one module/
6        packages within the system.  These common properties include core base
7        XML/XSLT paths and other resources used by the apps controllers.
10        <property name="someName"><null/></property>
11        <property name="someName" value="${some_system_property_name}"/>
12        <value type="">  Beans can't have a type.
14        If property starts with all CAPS - something like XMLPath which has a setter
15        like setXMLPath then the property needs to be name="XMLPath" (the bean naming
16        more than one first letters capped rule) otherwise it's lowercase then mixed
17        case like normal properties.
19        Use the "parent" attribute for child objects that are of the same type.  This basically
20        does a clone on an object so that the existing parent object's objects are copied
21        to the child - thus providing a populated base class that all child objects can
22        be implicitly populated without explicitly setting the properties.
25        All paths shall have a trailing "/".  Sub paths should never have a leading "/"
26        but will always have the trailing "/".  Base paths can have a leading "/" as
27        this represents the root of the file system.
30<beans default-lazy-init="false" default-autowire="no"
31        xmlns=""
32        xmlns:xsi=""
33        xsi:schemaLocation=""
35        <!--  C O N T E X T S   A N D   P A T H S -->
36        <!-- NOTE: Spring 3.0 provides a default servlet context bean that can be
37                used to access ServletContext properties via EL:
38                #{servletContext.servletContextName}.
39        -->
40        <bean id="commonContentBasePath" class="org.ibisph.model.StringHolder">
41                <description>
42                        Base "content" file path that points to the content root directory.
43                        This includes static content like images, pdfs, json, XML, etc. 
44                        The default configuration also uses this path as the basis for all
45                        dynamic XML files - published and preview.  This value can be in to
46                        form of a complete HTTP request URL or file path that is either
47                        relative to the webapp's context or an explicit file directory. 
48                        This value should always be a local file path if possible so that it
49                        can be used for saving XML files.  If the value is an HTTP request
50                        URL then commonLocalBasePath must be set to a local file path. 
51                        The default value is a peer ibisph-content webapp directory.  A ""/
52                        blank property value results in the content located within the view
53                        webapp's directory structure (not recommended).
54                </description>
55                <constructor-arg value="../ibisph-content"/>
56        </bean>
57        <bean id="commonContentBasePathURL" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
58                <description>
59                        Full/explicit base "content" file path as a URL value.  The Saxon
60                        XSLT engine safely and consistently processes URL type values. 
61                        The java code converts these paths to URL values with most URL type
62                        services using the URL as a URL string (not an URL object).  These
63                        services do this because most paths are base paths and need to have
64                        actual sub path and file names concatenated to the base URL path.
65                        The Java URL object doesn't support adding a suffix - hence converting
66                        to a string so sub paths and be appended to the base path.
67                </description>
68                <property name="targetObject" ref="commonContextAndPathService"/>
69                <property name="targetMethod" value="getPathURL"/>
70                <property name="arguments"><list><value>#{commonContentBasePath.string}</value></list></property>
71        </bean>
72        <bean id="commonContentXMLBasePathURL" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
73                <property name="targetObject" ref="commonContextAndPathService"/>
74                <property name="targetMethod" value="getPathURL"/>
75                <property name="arguments"><list><value>#{commonContentBasePath.string}xml/</value></list></property>
76        </bean>
77        <bean id="commonRestrictedXMLBasePathURL" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
78                <property name="targetObject" ref="commonContextAndPathService"/>
79                <property name="targetMethod" value="getPathURL"/>
80                <property name="arguments"><list><value>#{commonContentBasePath.string}WEB-INF/xml/</value></list></property>
81        </bean>
83        <bean id="commonXSLTBasePathURL" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
84                <property name="targetObject" ref="commonContextAndPathService"/>
85                <property name="targetMethod" value="getPathURL"/>
86                <property name="arguments"><list><value>xslt/</value></list></property>
87        </bean>
89        <bean id="commonPublishedXMLBasePath" class="org.ibisph.model.StringHolder">
90                <description>
91                        Base "Published XML" file path that points to the root of all admin
92                        app published XML.  This includes indicator profiles and validation
93                        xmls.  This value can be in to form of a complete request URL or
94                        a relative file path to the webapp's context.  This value should be
95                        a file path value if admin and view are on the same box or share the
96                        same file server AND if possible based on file access privs.  This
97                        should only be a request URL if on different servers or not possible
98                        to implement with a file path.  This string value is used by the
99                        commonPublishedXMLBasePathURL bean which is the actual base used.
100                        By default preview requests also use this base path as the admin
101                        app creates both published and preview IP XML files.
102                </description>
103                <constructor-arg value="#{commonContentBasePathURL}xml/"/>
104        </bean>
105        <bean id="commonPublishedXMLBasePathURL" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
106                <description>
107                        Full/explicit base "Published XML" file path URL. 
108                </description>
109                <property name="targetObject" ref="commonContextAndPathService"/>
110                <property name="targetMethod" value="getPathURL"/>
111                <property name="arguments"><list><value>#{commonPublishedXMLBasePath.string}</value></list></property>
112        </bean>
114        <bean id="commonLocalBasePath" class="org.ibisph.model.StringHolder">
115                <description>
116                        Base file path that points to the root of all local saved content.
117                        This local area contains any and all saved query, self registered
118                        users, and cached query module index type files.  This value can
119                        be in to form of a complete URL or relative to the webapp's context.
120                        This path MUST be local so that the view app can write files to this
121                        location.  This path defaults to the content base path for those
122                        deployments that have the content on the same server as the webapp.
123                        For deployments where the content is located on a different server
124                        this value MUST be specficied and should NOT be an app sub directory
125                        so that backups are easier and to keep those files without manual
126                        intervention during new app deployments.
127                </description>
128                <constructor-arg value="#{commonContentBasePath.string}"/>
129        </bean>
130        <bean id="commonLocalBasePathURL" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
131                <description>
132                        Full/explicit base "local" file path.  The commonLocalBasePath
133                        string value, if not a URL, is processed based on the webapp's
134                        context path which is returned as a URL which is one of the accepted
135                        values the XML/XSLT translation is able to process.  This path is
136                        the root of all static content - json, images, pdf, XML etc.
137                </description>
138                <property name="targetObject" ref="commonContextAndPathService"/>
139                <property name="targetMethod" value="getPathURL"/>
140                <property name="arguments"><list><value>#{commonLocalBasePath.string}</value></list></property>
141        </bean>
143        <bean id="commonWebAppBaseRequestPath" class="org.ibisph.model.StringHolder">
144                <description>
145                        Base application request URL path injected into the XSLT via the
146                        commonWebAppBasePathModelMap.  This value is the URL prefix passed
147                        to the XSLT code via the Java transformation that the XSLT uses to
148                        build full, explicit HTTP URL request paths.
150                        The path value is optional.  It is only required in those instances 
151                        when the default internal servlet's request URL is not sufficient to
152                        get HTTP requests to the webapp (i.e. when the webapp is behind a
153                        proxy etc.).  When specified the value MUST be the complete root URL
154                        prefix value consisting of the protocol, server name/address
155                        (with port if applicable), and the outside application context path. 
156                        If the value is not set (null/default) then the webapp's servet and context
157                        path is used (via commonWebAppBasePathModelMap).  If set to a blank
158                        string i.e., '', then the path is a vaild string which results in the
159                        WebAppBaseRequestPathFromHTTPRequest not processing for the servlet
160                        context and results in the page having all resource requests use a
161                        [base] of blank so all refs will be relative to the page's request.
162                </description>
163                <constructor-arg value=""/>
164        </bean>
167        <!-- F I L E   S E R V I C E S -->
168        <bean id="commonContextAndPathService" class="org.ibisph.web.ContextAndPathService"/>
170        <bean id="commonXMLFilePathModelService" class="org.ibisph.model.URLPathGetModelService">
171                <description>
172                        This is the main component of the primary model for most view app
173                        requests.  Most view app requests are XML/XSLT transformations.
174                        The XML/XSLT transformation process can be a parsed XML document, a
175                        complete XML string, or a URI string that is a complete file path and
176                        name that points to an XML file.  For most requests, the primary XML
177                        file is specified as part of the request URL.  Each specific model
178                        map is coded/configured to determine a specific XML file.  This
179                        service is constructed with a base file path URL.  The model map uses
180                        this service to concat its base path with the model map's more
181                        specific filename to build the complete XML file path and name to be
182                        used in the transformation. 
183                </description>
184                <property name="basePath" ref="commonContentXMLBasePathURL"/>
185        </bean>
186        <bean id="commonVerifiedXMLFilePathModelService" class="org.ibisph.model.VerifiedURLPathGetModelService">
187                <property name="basePath" ref="commonContentXMLBasePathURL"/>
188        </bean>
189        <bean id="commonXSLTFilePathModelService" class="org.ibisph.model.VerifiedURLPathGetModelService">
190                <property name="basePath" ref="commonXSLTBasePathURL"/>
191        </bean>
193        <bean id="commonPublishedDocumentModelService" class="org.ibisph.xml.service.W3CDocumentGetModel">
194                <description>
195                        Provides mechanism to get a w3c document instead of using the Dom4j
196                        based DocumentDAO service.  This service is implemented mainly for
197                        injecting published XML files into the XSLT as parameters.  When
198                        putting XML docs into XSLT as parameters SAXON 9.x only accepts w3c
199                        type documents.  XML string passes but is not processed with dom4j
200                        having issues with the SAXON XSLT processor.  The alternative is to
201                        simply inject those published XML files as URL parameters and allow
202                        SAXON to process via a document call.  Prior to implementing this
203                        the Translation class had to check for dom4j docs and convert to
204                        w3c docs.
205                </description>
206                <property name="basePath" ref="commonPublishedXMLBasePathURL"/>
207        </bean>
208        <bean id="commonPublishedDocumentDAOService" class="org.ibisph.xml.service.FileStoredDocumentDAO">
209                <description>
210                        Dom4j based DocumentDAO service.  This service is implemented for
211                        down stream model map processing of XML document nodes.  Other
212                        options include simply using the XMLLib.getNode(modelObject),
213                        using Dom4j for everything and letting the transform convert params
214                        to w3c, or purchasing SAXON PE (which should be done anyway).
215                </description>
216                <property name="basePath" ref="commonPublishedXMLBasePathURL"/>
217                <property name="escapeTextWhenSaving" value="true"/>
218                <property name="dateFormat"   ref="commonDateFormat"/>
219                <property name="outputFormat" ref="commonXMLOutputFormat"/>
220        </bean>
221        <bean id="commonPublishedFilePathModelService" class="org.ibisph.model.URLPathGetModelService">
222                <description>
223                        Service that builds the fully specified, explicit URL path based on
224                        this service's basePath and the filePathAndName passed into the
225                        service (via the model map code when calling this service).  This
226                        service is mainly used for determining a published IP URL (or the IP
227                        preview URL).  It is also passed into XSLT's that use the XSLT
228                        document call to access published XML files.  Note that the basePath
229                        does not need to be predefined as a formal URL as this service
230                        converts it to a proper URL object.
231                </description>
232                <property name="basePath" ref="commonPublishedXMLBasePathURL"/>
233        </bean>
235        <bean id="commonLocalDocumentDAOService" class="org.ibisph.xml.service.FileStoredDocumentDAO">
236                <description>
237                        Provides a local disk based document get, save, delete service. Used
238                        for saved queries, self registered user xmls, and future qm indexes.
239                        This service also implements GetModelService so get(filename) works
240                        and can be used in place of the commonXMLFilePathModelService
241                        defined above when an actual XML document is wanted. 
243                        SPEED NOTE: This results in an "DOM4j DOCUMENT".  As such it *MIGHT* 
244                        be best to only use this for the a model when the XML needs to be
245                        traversed etc.  Speed appears to be slower compared to having the
246                        XSLT access a file via the "document()" call.
247                </description>
248                <property name="basePath"     ref="commonLocalBasePathURL"/>
249                <property name="escapeTextWhenSaving" value="true"/>
250                <property name="dateFormat"   ref="commonDateFormat"/>
251                <property name="outputFormat" ref="commonXMLOutputFormat"/>
252        </bean>
255        <!--  L O C A L S,  D A T E,  F O R M A T S  -->
256        <bean id="commonLocale" class="java.util.Locale">
257                <constructor-arg value="en"/>
258                <constructor-arg value="US"/>
259        </bean>
261        <!-- Date Format Patterns:
262                To specify the time format use a time pattern string. In this pattern, all
263                ASCII letters are reserved as pattern letters, which are defined as the following:
265                 Symbol   Meaning                 Presentation        Example
266                 ======   =====================   =================   ===================
267                 G        era designator          (Text)              AD
268                 y        year                    (Number)            1996
269                 M        month in year           (Text & Number)     July & 07
270                 d        day in month            (Number)            10
271                 h        hour in am/pm (1~12)    (Number)            12
272                 H        hour in day (0~23)      (Number)            0
273                 m        minute in hour          (Number)            30
274                 s        second in minute        (Number)            55
275                 S        millisecond             (Number)            978
276                 E        day in week             (Text)              Tuesday
277                 D        day in year             (Number)            189
278                 F        day of week in month    (Number)            2 (2nd Wed in July)
279                 w        week in year            (Number)            27
280                 W        week in month           (Number)            2
281                 a        am/pm marker            (Text)              PM
282                 k        hour in day (1~24)      (Number)            24
283                 K        hour in am/pm (0~11)    (Number)            0
284                 z        time zone               (Text)              Pacific Standard Time
285                 '        escape for text         (Delimiter)
286                 ''       single quote            (Literal)           '
288                Examples Using the US Locale:
290                Format Pattern                    Result
291                ==============================    ======================================
292                "yyyy.MM.dd G 'at' hh:mm:ss z"    1996.07.10 AD at 15:08:56 PDT
293                "EEE, MMM d, ''yy"                Wed, July 10, '96
294                "h:mm a"                          12:08 PM
295                "hh 'o''clock' a, zzzz"           12 o'clock PM, Pacific Daylight Time
296                "K:mm a, z"                       0:00 PM, PST
297                "yyyyy.MMMMM.dd GGG hh:mm aaa"    1996.July.10 AD 12:08 PM
299                "dd.MM.yy"                        09.04.98
300                "H:mm"                            18:15
301                "H:mm:ss:SSS"                     18:15:55:624
302                "K:mm a,z"                        6:15 PM,PDT
304                Serial Number: yyyy-MM-dd-HH-mm-ss-SS
305        -->
306        <bean id="commonDateFormat" class="java.text.SimpleDateFormat">
307                <constructor-arg value="EEE, d MMM yyyy HH:mm:ss z"/>
308                <constructor-arg type="java.util.Locale" ref="commonLocale"/>
309        </bean>
310        <bean id="commonBackupFileDateSerialNumberDateFormat" class="java.text.SimpleDateFormat">
311                <constructor-arg value="yyyy-MM-dd-HH-mm-ss-SS"/>
312                <constructor-arg type="java.util.Locale" ref="commonLocale"/>
313        </bean>
316        <!--  M O D E L   M A P   R E S O U R C E S -->
317        <bean id="commonCurrentUserService" class="org.ibisph.user.service.CurrentUser"/>
319        <bean id="commonXMLModelMapKey" class="org.ibisph.model.StringHolder">
320                <constructor-arg value="XML"/>
321        </bean>
323        <bean id="commonSimpleBlankXMLModelMap" class="org.ibisph.modelmap.SimpleGetModelMap">
324                <description>
325                        Provides an XML model map for those XSLT/XML transformations where
326                        an XML documnt/file does not exist - like the user/* pages.
327                </description>
328                <property name="modelMapKey" value="#{commonXMLModelMapKey.string}"/>
329                <property name="model"><value><![CDATA[<?xml version="1.0" encoding="UTF-8"?><BLANK/>]]></value></property>
330        </bean>
332        <bean id="commonXMLServiceModelMapProperties" abstract="true">
333                <description>
334                        Core XML model map properties used by IP, Query, CP and other beans.
335                </description>
336                <property name="modelMapKey" value="#{commonXMLModelMapKey.string}"/>
337                <property name="getModelService" ref="commonXMLFilePathModelService"/>
338        </bean>
341        <!-- S T A T I C / C A C H E D   X M L   M O D E L   M A P S -->
342        <!-- The ModelFromFilePathAndNameService has an option to cache and clear
343                the cache XML docs.  As of 11/1/2018 the caching is not set.  At some
344                future point this caching can be set to true.  This should only be done
345                once a data admin publish request is implemented that clears the cached
346                XML doc object e.g. reloads it. 
348                Currently, because there is not a reload the cache when published mechanism,
349                this implmentation is not efficienet.  Previous versions used the XLST
350                file/document.  It is now coded to use java to load the doc for each req
351                simply so that the future configurations and XSLT does not have to be
352                reworked.
353        -->
354        <bean id="commonAncillaryValuesModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
355                <description>Document version of the published AncillaryValues XML.</description>
356                <property name="modelMapKey"     value="AncillaryValues"/>
357                <property name="getModelService" ref="commonPublishedDocumentModelService"/>
358                <property name="filePathAndName" value="ancillary_values.xml"/>
359        </bean>
360        <bean id="commonDataSourcesModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
361                <description>Document version of the published DataSources XML.</description>
362                <property name="modelMapKey"     value="DataSources"/>
363                <property name="getModelService" ref="commonPublishedDocumentModelService"/>
364                <property name="filePathAndName" value="data_sources.xml"/>
365        </bean>
366        <bean id="commonDimensionsModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
367                <description>Document version of the published Dimensions XML.</description>
368                <property name="modelMapKey"     value="Dimensions"/>
369                <property name="getModelService" ref="commonPublishedDocumentModelService"/>
370                <property name="filePathAndName" value="dimensions.xml"/>
371        </bean>
372        <bean id="commonMeasuresModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
373                <description>Document version of the published Measures XML.</description>
374                <property name="modelMapKey"     value="Measures"/>
375                <property name="getModelService" ref="commonPublishedDocumentModelService"/>
376                <property name="filePathAndName" value="measures.xml"/>
377        </bean>
378        <bean id="commonValueTypesModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
379                <description>Document version of the published ValueTypes XML.</description>
380                <property name="modelMapKey"     value="ValueTypes"/>
381                <property name="getModelService" ref="commonPublishedDocumentModelService"/>
382                <property name="filePathAndName" value="value_types.xml"/>
383        </bean>
384        <bean id="commonValueAttributesModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
385                <description>Document version of the published ValueAttributes XML.</description>
386                <property name="modelMapKey"     value="ValueAttributes"/>
387                <property name="getModelService" ref="commonPublishedDocumentModelService"/>
388                <property name="filePathAndName" value="value_attributes.xml"/>
389        </bean>
390        <bean id="commonChartsModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
391                <description>Document version of the published Charts XML.</description>
392                <property name="modelMapKey"     value="Charts"/>
393                <property name="getModelService" ref="commonPublishedDocumentModelService"/>
394                <property name="filePathAndName" value="charts.xml"/>
395        </bean>
396        <bean id="commonMapsModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
397                <description>Document version of the published Maps XML.</description>
398                <property name="modelMapKey"     value="Maps"/>
399                <property name="getModelService" ref="commonPublishedDocumentModelService"/>
400                <property name="filePathAndName" value="maps.xml"/>
401        </bean>
402        <bean id="commonOrgUnitsModelMap" class="org.ibisph.modelmap.ModelFromFilePathAndNameService">
403                <description>
404                        Injects the XML doc.  This helps with speed as the doc
405                        is only read/parsed once.  Con of this approach is that
406                        bean needs an event listener to reload when published.
407                </description>
408                <property name="modelMapKey"     value="OrgUnits"/>
409                <property name="getModelService" ref="commonPublishedDocumentModelService"/>
410                <property name="filePathAndName" value="org_units.xml"/>
411        </bean>
414        <!-- P A T H   A N D   R E Q U E S T   M O D E L   M A P S -->
415        <bean id="commonContentBasePathModelMap" class="org.ibisph.modelmap.SimpleGetModelMap">
416                <description>
417                        Used ibis:getContentPath xslt function that allows XSLT code to build
418                        content paths for static content/resource requests.
419                </description>
420                <property name="modelMapKey" value="ContentBasePath"/>
421                <property name="model"       ref="commonContentBasePathURL"/>
422        </bean>
424        <bean id="commonPublishedXMLBasePathModelMap" class="org.ibisph.modelmap.SimpleGetModelMap">
425                <description>
426                        Used ibis:getPublishedXMLPath xslt function that allows XSLT code
427                        to build paths to published XML files.
428                </description>
429                <property name="modelMapKey" value="PublishedXMLBasePath"/>
430                <property name="model"       ref="commonPublishedXMLBasePathURL"/>
431        </bean>
433        <bean id="commonWebAppBasePathModelMap" class="org.ibisph.web.modelmap.WebAppBaseRequestPathFromHTTPRequest">
434                <description>
435                        Complete remote/external webapp HTTP request base path prefix used
436                        to access internet content and webapp requests (e.g. prefix used
437                        for all requests from a user's browswer).  This model map is injected
438                        into all XSLT type page requests so that the code can build the
439                        explicit, fully qualified request paths for content and links.
441                        If the webappBaseRequestPath is blank then the value is built based
442                        on the first HTTP request's URL and optional injected properties.
443                        The reason for building based on the first HTTP request is so that
444                        a real path is captured for use. 
446                        Why Needed ?:  IBIS is a build once deploy many webapp.  The  webapp
447                        can be deployed into different enviros - local dev, stand alone server,
448                        or behind the recommended reverse proxy.  Request paths can't simply
449                        be root relative because app can be deployed into a multiuse app
450                        server enviro.  If generic, hard coded context is used (ibisph-view)
451                        then all deployments would need "that" mapping.  The implemented
452                        solution for all non relative requests is to use a variable request
453                        prefix value.  This is more complex because all page request URLs
454                        must be prefixed with the value to work reliably. 
456                        Issue: If not specified i.e. blank and built from first HTTP request
457                        and the first request is NOT the wanted value then is set wrong. 
458                        An example of this being a problem is in a local dev environment where
459                        a developer also want to access the app from another PC for testing.
460                        The first request is made from the localhost which results in a path
461                        "http://localhost/ibisph-view/".  When the request is made from the
462                        2nd PC the page content will return but all links to other pages
463                        and resources (like css and graphic files) will not work.  The solution
464                        for this is to always access the webapp on the dev PC with the IP
465                        or the PC's DNS name.
466                </description>
467                <property name="modelMapKey" value="WebAppBaseRequestPath"/>
468                <property name="webappBaseRequestPath" value="#{commonWebAppBaseRequestPath.string}"/>
469        </bean>
471        <bean id="commonHTTPRequestParametersModelMap" class="org.ibisph.web.modelmap.HTTPRequestParameters">
472                <description>
473                        Provides a simple mechanism to pass URL req params to the XSLT
474                        code.  Note that this does NOT differentiate between GET and
475                        POST so might have to remove this in some special cases - like
476                        not needed for the query module builder post etc.
477                </description>
478                <property name="modelMapKey" value="HTTPRequestParameters"/>
479        </bean>
480        <bean id="commonHTTPRequestPathSegmentsModelMap" class="org.ibisph.web.modelmap.PathSegmentsFromHTTPRequest">
481                <description>
482                        Provides the path segments to the view.  This is needed
483                        for context menu file name and the request path bread
484                        crumbs.
485                </description>
486                <property name="modelMapKey" value="PathSegments"/>
487        </bean>
488        <bean id="commonModifiedDateModelMap" class="org.ibisph.modelmap.AddModelDateModelToModelMap">
489                <property name="sourceModelModelMapKey"   value="#{commonXMLModelMapKey.string}"/>
490                <property name="formattedDateModelMapKey" value="XMLModifedDate"/>
491                <property name="dateFormat"               ref="commonDateFormat"/>
492                <property name="sourceModelDateXPathList">
493                        <list>
494                                <value>PUBLISHED_DATE</value>
495                                <value>MODIFIED_DATE</value>
496                                <value>LAST_MODIFIED</value>
497                                <value>DATA_AS_OF_DATE</value>
498                        </list>
499                </property>
500        </bean>
502        <bean id="commonUserProfileModelMap" class="org.ibisph.user.modelmap.CurrentUserDocument">
503                <property name="modelMapKey"        value="UserProfile"/>
504                <property name="currentUserService" ref="commonCurrentUserService"/>
505        </bean>
508        <!-- C O N T R O L L E R   R E S O U R C E S -->
509        <bean id="commonNoCacheHTTPResponseHeaders" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
510                <description>
511                        no cache type headers
512                </description>
513                <property name="properties">
514                        <props>
515                                <prop key="Pragma">no-cache</prop>
516                                <prop key="Expires">Fri, 12 Dec 1980 23:23:23 GMT</prop>
517                                <prop key="Cache-Control">no-cache, private, s-maxage=0, max-age=0, must-revalidate, proxy-revalidate, no-store</prop>
518                                <prop key="Cache-Control">post-check=0, pre-check=0</prop>
519                        </props>
520                </property>
521        </bean>
522        <bean id="commonHTTPResponseHeaders" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
523                <description>
524                        Common, standard headers that are included in a "page" request response. 
525                        Currently these are XSS related.  The CORS and Cookie response headers
526                        are handled via the filterAddResponseHeaders filter (which are configured
527                        for all IBIS resource requsts - not needed but saves seeing all the
528                        warning messages).  See the response_header_notes.txt file for more
529                        notes on CORS and SOP (8/31/2021).
531                        X-Frame-Options is used to defend against Clickjacking. See:
534                        Same Origin Policies (SOP):
535                        Modern broswers implement SOP which by default requires any ajax
536                        request to be to the Same Origin (SO) which is defined as a tuple
537                        (protocol, server, port).  Note that SOP does not control accessing
538                        outside img, script, css, iframe, object type resource requests -
539                        just javascript ajax requests.
541                        Cross-origin resource sharing (CORS):
542                        Provides a cross origin ajax (and font) request mechanism that
543                        overrides the SOP.  The way this works is that when a NON IBIS page
544                        makes an AJAX (or font) request to an IBIS app the browser makes an
545                        a preflight req to the server which returns header values.  The
546                        browser then checks and determines if the request is allowed.
547                        There are basically 3 options here:
548                        1) No CORS header = results in strict SOP for all ajax/font requests.
549                        2) Open to the world = any non IBIS page can make any ajax request
550                        to the IBIS apps (Access-Control-Allow-Origin=*).
551                        3) Write special IBIS java filter code that dynamically sets the
552                        header based on the requesting page's domain etc.
554                        IBIS Considerations:
555                        1) Most IBIS deployments will likely be self contained i.e. any
556                        visualization request will come from HTML_CONTENT story pages etc.
557                        If this is the case then CORS does not need to be configured - the
558                        browser's SOP keeps things locked down. 
560                        2) The IBIS View webapp is a public data app that does not have any
561                        open access to any sensative data.  All sensative data requsets are
562                        filtered by the app's spring security. The app does not have ajax
563                        web apis requests other than public facing visualizations and data
564                        which is available anyway through direct XML file requests.
566                        As long as secure requests are properly configured to use the app's
567                        spring security (which is user session based (token)) an outside app
568                        can not fake or forge itself so on the surface there seems to be
569                        very little risk if an adopter wants to open up their ajax requests
570                        to the world. 
572                        3) Another safer mechanism is to only allow SO but dynamaically
573                        create the visualization script code and json as a .js file request.
574                        i.e. an api call where all the values are specified as part of the
575                        request and parsed via a controller which then does the transformation
576                        and building to the dynamic code and streams back the contents.
578                        4) NOTE: web.xml handles securing the app's session id cookie (sets
579                        the http-only response header) which is the only cookie that IBIS
580                        uses. 
581                </description>
582                <property name="properties">
583                        <props>
584                                <prop key="X-XSS-Protection">1</prop>
585                                <prop key="X-Content-Type-Options">nosniff</prop>
586                                <prop key="X-Frame-Options">DENY</prop>
587                                <prop key="Strict-Transport-Security">max-age=31536000</prop>
588                        </props>
589                </property>
590        </bean> 
592        <bean id="commonModelMapListController" abstract="true" class="org.ibisph.web.springmvc.ModelMapListProcessingController">
593                <description>
594                        Provides base of all HTML page type controllers.  Defines the
595                        ModelMapListProcessingController class, the ADDITIONAL modelmaps
596                        that most pages use, and the HTTPResponseHeaders (typically setup
597                        to handle XSS security).
598                </description>
599                <property name="additionalModelMapList">
600                        <list>
601                                <ref bean="commonWebAppBasePathModelMap"/>
602                                <ref bean="commonContentBasePathModelMap"/>
603                                <ref bean="commonPublishedXMLBasePathModelMap"/>
604                                <ref bean="commonHTTPRequestPathSegmentsModelMap"/>
605                                <ref bean="commonHTTPRequestParametersModelMap"/>
606                                <ref bean="commonUserProfileModelMap"/>
607                                <ref bean="commonModifiedDateModelMap"/>
608                        </list>
609                </property>
610                <property name="HTTPResponseHeaders" ref="commonHTTPResponseHeaders"/>
611        </bean>
614        <!--  X M L   R E S O U R C E S  -->
615        <bean id="commonXMLEncodingScheme" class="org.ibisph.model.StringHolder">
616                <description>
617                        XML encoding scheme used when creating an XML file and Request character
618                        encoding.  Both of these should work: "UTF-8", "ISO-8859-1", however, UTF-8
619                        had some problems with some data.  ISO-8859-1 is an 8 bit subset of the 16
620                        bit unicode UTF-8 character set and is used for western english characters.
621                </description>
622                <constructor-arg value="ISO-8859-1"/>
623        </bean>
625        <bean id="commonXMLOutputFormat" class="">
626                <property name="encoding"   value="#{commonXMLEncodingScheme.string}"/>
627                <property name="indentSize" value="1"/>     <!-- count of indents -->
628                <property name="indent"     value="&#09;"/> <!-- tab value: &#09; = horizontal tab or spaces etc -->
629                <property name="newlines"   value="true"/>  <!-- if true puts next element on new line -->
630                <property name="padText"    value="false"/> <!-- if true just adds extra blank line inbetween... -->
631                <property name="trimText"   value="true"/>  <!-- strips white space.  Do NOT set to true for IPs as embedded CRs will be lost -->
632        </bean>
635        <!--  X S L T   T R A N S F O R M A T I O N   R E S O U R C E S  -->
636        <!-- The main function is to set the XSLT transformation factory to be used.
637                This mechanism allows for a pluggable XSLT engine to be explicitly used.
638                This can be set as a system property but doing so can impact other apps
639                that are installed on the same app server which require/rely on other
640                versions of an XSLT processor (typically XALAN).  If the factory is not
641                explicitly set then the app server's/JVM's default XSLT engine will be
642                used (via JAXP - typically XALAN which will NOT work for IBIS as of 2008). 
644                NOTES:
645                - This factory must be XSLT v2.0 (at this point Saxon is the best
646                solution - XALAN 2.x will NOT work for IBIS as it is v1.x). 
648                - Removed the IBIS transformer factory type classes in late 2008 as they
649                were not needed.  If XALAN ever goes to 2.0 and adopters want to use then
650                those objects can be resurrected or new XALAN objects can be created as
651                needed.
653                PRODUCTION: It is highly recommended to use the caching Saxon XSLT engine:
654                <bean id="commonXSLTTransformerFactory" class="org.ibisph.xslt.CachedSaxonTransformerFactory"/>
656                XSLT DEVELOPMENT: Use the normal, thread safe non caching Saxon XSLT
657                Transformation Factory.  This avoids having to restart the app or touch
658                the core XSLT file.
659                <bean id="commonXSLTTransformerFactory" class="net.sf.saxon.TransformerFactoryImpl"/>
660        -->
661        <bean id="commonXSLTTransformerFactory" class="org.ibisph.xslt.CachedSaxonTransformerFactory"/>
662        <bean id="commonXSLTTransformation" class="org.ibisph.xslt.Transformation">
663                <constructor-arg ref="commonXSLTTransformerFactory"/>
664        </bean>
665        <bean id="commonXSLTTransformationView" class="org.ibisph.xml.springmvc.XSLTXMLTransformationView">
666                <description>
667                        Core transformation view that almost all views use/extend from.
668                </description>
669                <constructor-arg ref="commonXSLTTransformation"/>
670                <property name="XMLModelMapKey"     value="#{commonXMLModelMapKey.string}"/>
671                <property name="XSLTURLModelMapKey" value="XSLT"/>
672                <property name="XSLTURLGetModelService" ref="commonXSLTFilePathModelService"/> 
673        </bean>
676        <bean id="commonXSSStringValidator" class="org.ibisph.util.ExclusionRegexFindStringValidator">
677                <description>
678                        Series of regex that attempts to detect XSS - injected javascript. 
679                        If any of the patterns match false is returned and the calling code
680                        is responsible to handle/throw exception etc.
682                        For IBIS the main issue is that you could embed some script into a
683                        saved query and a user could then share that saved query def with
684                        another user.  When that user opens the saved query it could execute
685                        some script that could do a few things. 
687                        This validator will catch very basic XSS and is provided mostly for
688                        IT departments to feel better about things.  To do this right the
689                        text MUST be processed as HTML and parsed to being valid etc.
690                </description>
691                <property name="regEx">
692                        <list>
693                                <value>javascript:|&lt;\s*script.*?\s*&gt;</value>
694                        </list>
695                </property>
696        </bean>
698        <bean id="commonXMLStringCleaner" class="org.ibisph.util.ReplacementStringCleaner">
699                <description>
700                        Cleans/replaces characters used when creating/saving XML.  Stubbed
701                        out for now...
702                </description>
703                <property name="replacementCharsMap">
704                        <map>
705                                <entry key="‘" value="'"/>
706                                <entry key="’" value="'"/>
707                        </map>
708                </property> 
709        </bean>
712        <!--  E X C E P T I O N   R E S O L V E R  -->
714        <!-- Exception Resolvers are typically a list of exceptions with associated
715                views to be used to display an error for a given type of exception. 
716                Note that the resolver is ONLY used for exceptions thrown/uncaught
717                within controller objects e.g. objects controlled by the Request Dispatcher
718                servlet/container.  For "view" related errors use a HandlerInterceptor.
719                See commits prior to 3/2021 for error handling bean defs and notes.
720        -->
Note: See TracBrowser for help on using the repository browser.