|
Parameter
|
Description
|
|
websecurity.logger.factory
|
The implementation class name of the com.savvion.sbm.websecurity.common.api. IWebSecurityLoggerFactory.
This parameter allows you to change logger capability, for example do logging into database, or merge security logging with the rest of the system logging. The factory class has to implement interface IWebSecurityLoggerFactory and logger implementation has to interface IWebSecurityLogger. Both interfaces are defined in package com.savvion.sbm.websecurity.common.api.
|
|
websecurity.xss.enabled
|
This property enables or disables the XSS. The default value is false.
|
|
websecurity.xss.trace
|
Enables DEBUG logging into bmwebsecurity.log along with info messages, when set to true.
|
|
websecurity.xss. handler. defaultconfig
|
The default xss configuration to use when no configuration is explicitly provided to the xss filter. The configuration can be defined using the prefix "websecurity.xss.handler.config.<config-name>".
|
|
websecurity.xss. handler.config. default.handlerfactory
|
The implementation class name of the com.savvion.sbm.websecurity.xss.api.IXSSHandlerFactory for the configuration "default".
This parameter allows you to customize the business interface of the security filter. Handler implementation provides actual business of a security filter. Factory class has to implement interface IHandlerFactory. The interface gets extended to a concrete interface specific to the type of handler used in a particular type of security filter. This interface is IXSSHandlerFactory for XSS filter. Concrete implementation of XSS handler has to implement interface IXSSHandler. All the XSS filter specific interfaces defined in package com.savvion.sbm.websecurity.xss.api.
Note: It is recommended not to modify the default handler values.
|
|
websecurity.xss.handler. config.default. configfile
|
The XSS config file location for "default" configuration.
|
|
websecurity.xsrf.enabled
|
Enables the XSRF checking when set to true
|
|
websecurity.xsrf.trace
|
Enables DEBUG logging into bmwebsecurity.log along with info messages, when set to true.
|
|
websecurity.xsrf. handler.defaultconfig
|
The default xsrf configuration to use when no configuration is explicitly provided to the xsrf filter. The configuration can be defined using the prefix websecurity.xsrf.handler.config.<config-name>.
|
|
websecurity.xsrf.handler. config.default .handlerfactory
|
The implementation class name of the com.savvion.sbm.websecurity.xsrf.impl. DefaultXSRFHandlerFactory the configuration default.
This parameter allows you to redefine XSRF filter business implementation. Handler mechanism is similar to XSS filter. Interfaces names are IXSRFHandler for handler and IXSRFHandlerFactory for its factory. Package name is com.savvion.sbm.websecurity.xsrf.api.
Note: It is recommended not to modify the default handler values.
|
|
websecurity.xsrf.handler. config.default.configfile
|
The XSRF config file location for default configuration.
|
|
Parameter
|
Description
|
|
oebps.front.host
|
Value for this parameter is a comma separated list of hosts which are exposed to access the system. See Setting up oebps.front.host parameter for more information. This parameter value has to be changed after the installation of the system.
Important: This parameter does not appear in config file by default. You have to add this while enabling ref filter.
|
|
bpmportal.post. sensitive.parameters
|
If set to true, this enables POST HTTP requests for sensitive parameters passed from BP Server to BPM WebFlow or from BPM WebFlow to another BPM WebFlow Subprocess. The default value for this parameter is false.
|
