Check secure single-jsp app with confidential transport guarantee

kwart · Oct 31, 2016 · 863e46b · 863e46b
1 parent 3de44c3
commit 863e46b
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 12 deletions.
diff --git a/pom.xml b/pom.xml
@@ -11,7 +11,7 @@
 	<url>https://github.com/kwart/secured-webapp-template</url>
 
 	<build>
-		<finalName>counter-distributable</finalName>
+		<finalName>checksecure-confidential</finalName>
 
 		<plugins>
 			<plugin>

diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
@@ -5,6 +5,14 @@
       xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
       version="3.1">
 
-    <distributable/>
+    <security-constraint>
+    	<web-resource-collection>
+    		<web-resource-name>All confidential</web-resource-name>
+    		<url-pattern>/*</url-pattern>
+    	</web-resource-collection>
+    	<user-data-constraint>
+    		<transport-guarantee>CONFIDENTIAL</transport-guarantee>
+    	</user-data-constraint>
+    </security-constraint>
 
 </web-app>
diff --git a/src/main/webapp/index.jsp b/src/main/webapp/index.jsp
@@ -1,10 +1,4 @@
-<%@ page language="java" pageEncoding="UTF-8" contentType="text/plain;charset=utf-8"
-%><%
-    Integer requestCount = (Integer)session.getAttribute("requestCount");
-    if (requestCount == null) {
-        requestCount = 0;
-    }
-    session.setAttribute("requestCount", ++requestCount);
-
-%>Host=<%= System.getProperty("jboss.node.name") %>
-Request count=<%= requestCount %>
+<%@ page language="java" pageEncoding="UTF-8" contentType="text/plain;charset=utf-8" session="false"
+%>Secure=<%= request.isSecure() %>
+Scheme=<%= request.getScheme() %>
+Protocol=<%= request.getProtocol() %>