Package overit.geocall.ux.config
Class PropertiesUI
java.lang.Object
overit.geocall.ux.config.PropertiesUI
class containing the configurations related to the user interface
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final overit.geocall.config.Property<Boolean> enables the standard web page context menu.define the default configuration for the form's fields seekstatic final overit.geocall.config.Property<String> define the html page document type tagstatic final overit.geocall.config.Property<Boolean> enable TableView columns reordering through columns' header drag and dropstatic final overit.geocall.config.Property<String> defines the mode with which manage the 504 Gateway timeout HTTP code raised by WAF, after 60 seconds of elaboration.static final overit.geocall.config.Property<Boolean> Defines if the area title on the application pages must be hidden or not.static final overit.geocall.config.Property<Boolean> defines the possibility to allow generating a comment in the HTML page reporting the information on the current nodestatic final overit.geocall.config.Property<String> defines the path of the html file of the customized login window.static final overit.geocall.config.Property<String> defines the login page's background image.
Possible values are: standard (default one) wfm plantstatic final overit.geocall.config.Property<String> defines the src path of the favicon image to set into the login page browser's tab.static final overit.geocall.config.Property<String> defines the src path of the logo image to set into the login page.static final overit.geocall.config.Property<String> defines the path of the html file of the customized login window for mobile devices.static final overit.geocall.config.Property<String> defines the mobile login page's background image.
Possible values are: standard (default one) wfm plantstatic final overit.geocall.config.Property<String> defines the src path of the favicon image to set into the mobile login page browser's tab.static final overit.geocall.config.Property<String> defines the src path of the logo image to set into the mobile login page.static final overit.geocall.config.Property<String> defines the page's title to set into the mobile login page browser's tab.static final overit.geocall.config.Property<String> defines the page's title to set into the login page browser's tab.static final overit.geocall.config.Property<String> defines the name of the web page (or servlet) the user is redirected to when logging outstatic final overit.geocall.config.Property<String> the name of the xml file containing the menu entries The file is solved through the factory and must be placed in the root of the application layer.static final overit.geocall.config.Property<String> the name of the xml file containing the web application menu entries The file is solved through the factory and must be placed in the root of the application layer.static final overit.geocall.config.Property<String> defines the type of session persistence (inner at the moment)static final overit.geocall.config.Property<String> defines the event processor for the current UI.static final overit.geocall.config.Property<Boolean> Controls the activation of the SafeInlineEngine JavaScript module that provides a secure alternative to inline event handlers and style attributes.
When set totrue, the system will: Replace traditional inline event handlers (likeonclick="..."static final overit.geocall.config.Property<Boolean> Controls the activation of the SafeInlineEngine JavaScript module that provides a secure alternative to Window.eval() function call.
When set totrue, the system will: Replace traditional window.eval() function calls with a custom and safe management of the function This approach allows the application to function properly while maintaining compatibility with strict Content Security Policy (CSP) settings that forbid the use of'unsafe-eval'directive, significantly enhancing security against Cross-Site Scripting (XSS) attacks.
When enabled, thescript-src 'unsafe-eval'CSP directives can be removed from the CSP policy.static final overit.geocall.config.Property<Boolean> Controls the activation of the SafeInlineEngine JavaScript module that provides a secure alternative to inline event handlers and style attributes.
When set totrue, the system will: Replace traditional inline event handlers (likeonclick="..."static final overit.geocall.config.Property<Boolean> Defines if it's active or not, the injection of the nonce into the script-src CSP directive to allow the execution of the inline script tags.static final overit.geocall.config.Property<Boolean> Defines if it's active or not, the injection of the nonce into the style-src CSP directive to allow the execution of the inline style tags.static final overit.geocall.config.Property<Integer> define the threshold beyond which the InputLookup components allow to search among the options defined, using an input filter field.static final overit.geocall.config.Property<String> defines the user session serialization type, it can be k,kd,s,sd (s for standard, k for kryo, d for deflated)static final overit.geocall.config.Property<Boolean> enables continuous serialization testingstatic final overit.geocall.config.Property<Boolean> displays the component-id beside each ux component -
Method Summary
Modifier and TypeMethodDescriptionstatic StringcspAddition(Company company) defines additional Content Security Policy (CSP) directives that will be combined with the default ones.
CSP enables control over the resources the browser is allowed to load for a given page.static StringcspDefault(Company company) defines CSP (Content Security Policy) directives that will replace the default ones.
CSP enables control over the resources the browser is allowed to load for a given page.static StringfieldCleaner(String fieldName) defines the cleaner that must be used for a specific input field (sanitizing fields against xss attacks).static StringfieldDisplayUnit(String fieldName) static StringfieldLetterCase(String fieldName) defines whether the value entered the field must be turned into uppercase or lowercase lettersstatic String
-
Field Details
-
CONTEXT_MENU
enables the standard web page context menu. -
SHOW_ID
displays the component-id beside each ux component -
INFO_COMMENT
defines the possibility to allow generating a comment in the HTML page reporting the information on the current node -
MENU
the name of the xml file containing the menu entries The file is solved through the factory and must be placed in the root of the application layer. -
MENU_WA
the name of the xml file containing the web application menu entries The file is solved through the factory and must be placed in the root of the application layer. -
PROCESSOR
defines the event processor for the current UI. -
SERIALIZATION
defines the user session serialization type, it can be k,kd,s,sd (s for standard, k for kryo, d for deflated) -
SERIALIZATION_TEST
enables continuous serialization testing -
PERSISTENCE
defines the type of session persistence (inner at the moment) -
DOC_TYPE
define the html page document type tag -
LOGIN_PAGE
defines the path of the html file of the customized login window. -
LOGIN_PAGE_LOGO
defines the src path of the logo image to set into the login page. -
LOGIN_PAGE_TITLE
defines the page's title to set into the login page browser's tab. -
LOGIN_PAGE_FAVICON
defines the src path of the favicon image to set into the login page browser's tab. -
LOGIN_PAGE_BACKGROUND
defines the login page's background image.
Possible values are:- standard (default one)
- wfm
- plant
-
LOGIN_PAGE_MOBILE
defines the path of the html file of the customized login window for mobile devices. -
LOGIN_PAGE_MOBILE_TITLE
defines the page's title to set into the mobile login page browser's tab. -
LOGIN_PAGE_MOBILE_FAVICON
defines the src path of the favicon image to set into the mobile login page browser's tab. -
LOGIN_PAGE_MOBILE_LOGO
defines the src path of the logo image to set into the mobile login page. -
LOGIN_PAGE_MOBILE_BACKGROUND
defines the mobile login page's background image.
Possible values are:- standard (default one)
- wfm
- plant
-
LOGOUT_RESOURCE
defines the name of the web page (or servlet) the user is redirected to when logging out -
ENABLE_COLUMN_CONTROL_DD
enable TableView columns reordering through columns' header drag and drop -
DEFAULT_SEEK
define the default configuration for the form's fields seek -
SEARCH_THRESHOLD
define the threshold beyond which the InputLookup components allow to search among the options defined, using an input filter field. -
GATEWAY_TIMEOUT_HANDLER
defines the mode with which manage the 504 Gateway timeout HTTP code raised by WAF, after 60 seconds of elaboration. -
HIDE_AREA_TITLE
Defines if the area title on the application pages must be hidden or not. -
SAFE_CSP
Controls the activation of the SafeInlineEngine JavaScript module that provides a secure alternative to inline event handlers and style attributes.
When set totrue, the system will:- Replace traditional inline event handlers (like
onclick="...") with data attributes (data-event-click="...") - Replace inline style attributes (
style="...") with data attributes (data-style="...") - Add special CSS classes (
activableScriptingandactivableStyling) to elements - Use JavaScript to apply these handlers and styles at runtime
- Use JavaScript to safe evaluate js code instead using the window.eval() function
- Add a nonce to the script-src CSP directive to allow the execution of the inline script and style tags
'unsafe-inline'directive, significantly enhancing security against Cross-Site Scripting (XSS) attacks.
When enabled, thescript-src 'unsafe-inline' 'unsafe-eval'andstyle-src 'unsafe-inline'CSP directives can be removed from the CSP policy.Default:
false(traditional inline handlers are used) - Replace traditional inline event handlers (like
-
SAFE_INLINE_SCRIPT
Defines if it's active or not, the injection of the nonce into the script-src CSP directive to allow the execution of the inline script tags. -
SAFE_INLINE_STYLE
Defines if it's active or not, the injection of the nonce into the style-src CSP directive to allow the execution of the inline style tags. -
SAFE_INLINE_EVENT_HANDLERS
Controls the activation of the SafeInlineEngine JavaScript module that provides a secure alternative to inline event handlers and style attributes.
When set totrue, the system will:- Replace traditional inline event handlers (like
onclick="...") with data attributes (data-event-click="...") - Replace inline style attributes (
style="...") with data attributes (data-style="...") - Add special CSS classes (
activableScriptingandactivableStyling) to elements - Use JavaScript to apply these handlers and styles at runtime
'unsafe-inline'directive, significantly enhancing security against Cross-Site Scripting (XSS) attacks.
When enabled, thescript-src 'unsafe-inline'andstyle-src 'unsafe-inline'CSP directives can be removed from the CSP policy.Default:
false(traditional inline handlers are used) - Replace traditional inline event handlers (like
-
SAFE_EVAL
Controls the activation of the SafeInlineEngine JavaScript module that provides a secure alternative to Window.eval() function call.
When set totrue, the system will: Replace traditional window.eval() function calls with a custom and safe management of the function This approach allows the application to function properly while maintaining compatibility with strict Content Security Policy (CSP) settings that forbid the use of'unsafe-eval'directive, significantly enhancing security against Cross-Site Scripting (XSS) attacks.
When enabled, thescript-src 'unsafe-eval'CSP directives can be removed from the CSP policy.Default:
false(traditional eval call is used)
-
-
Method Details
-
cspDefault
defines CSP (Content Security Policy) directives that will replace the default ones.
CSP enables control over the resources the browser is allowed to load for a given page. This property can be used to specify new directives or modify existing ones, thus providing fine-grained control over security policies.This property allows configuring only a subset of CSP directives, which will then replace the following default directives:
default-src 'self'; img-src * data:; font-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'; -
cspAddition
defines additional Content Security Policy (CSP) directives that will be combined with the default ones.
CSP enables control over the resources the browser is allowed to load for a given page. This property can be used to specify new directives or modify existing ones, thus providing fine-grained control over security policies.This property allows configuring additional CSP directives that will be added to the default directives configured.
-
fieldLetterCase
defines whether the value entered the field must be turned into uppercase or lowercase letters- Parameters:
fieldName- The field whose LetterCase we want to know.- Returns:
ufor upper caselfor lower case
-
fieldCleaner
defines the cleaner that must be used for a specific input field (sanitizing fields against xss attacks).- Parameters:
fieldName- The field whose cleaner we want to know.- Returns:
- The name of the cleaner to use for the passed field
- none: No preventive measures are taken therefore the field allows entering any type of text, formatting, active and/or malicious html code, script, etc.
- rtf: The content of the field will be sanitized by deleting the entire html code, though RTF text is left, thus requiring minimum formatting. This type of cleaner relies on all the policies defined by OWASP policies.
- html: The content of the field will be sanitized, leaving the html code and deleting the active or possibly malicious html code. This type of cleaner relies on all the policies defined by OWASP policies, too.
- text: The content of the field will be sanitized by deleting all formatting and codes and will then be handled as mere plain text. This is the strongest preventive measure and it relies on a technique known as character escaping (which will soon replace certain special characters that may be interpreted differently).
-
fieldUnit
-
fieldDisplayUnit
-