You are looking at documentation for an older release. Not what you want? See the current release documentation.
In eXo Platform, you could allow gadgets to load remote resources. However, this could be a potential security risk, as it will make the Gadget deployed as an open web proxy. So, you can set up the anonymous proxy to accept or deny certain hosts by configuring the ProxyFilterService.
Configuring the ProxyFilterService
By default, the white-list is set to *, which means that the proxy allows any host
except those specified in the black-list.
To specify domains that you want to allow or deny, you should override the default configuration, defined in:
$PLATFORM_TOMCAT_HOME/webapps/portal.war/WEB-INF/conf/common/common-configuration.xml (in Tomcat).
$PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear/exo.portal.web.portal.war/WEB-INF/conf/common/common-configuration.xml (in JBoss).
For that purpose, please follow this procedure:
Create your extension following this tutorial.
In your extension configuration, copy the default proxy configuration, then adapt the values of the parameters white-list
and black-list:
<component>
<key>org.exoplatform.web.security.proxy.ProxyFilterService</key>
<type>org.exoplatform.web.security.proxy.ProxyFilterService</type>
<init-params>
<values-param>
<!-- The white list -->
<name>white-list</name>
<!-- We accept anything not black listed -->
<value>*</value>
</values-param>
<values-param>
<name>black-list</name>
<value>*.evil.org</value>
</values-param>
</init-params>
</component>
Each value must be defined in its own tag. For example:
<component>
<key>org.exoplatform.web.security.proxy.ProxyFilterService</key>
<type>org.exoplatform.web.security.proxy.ProxyFilterService</type>
<init-params>
<values-param>
<!-- The white list -->
<name>white-list</name>
<!-- We accept only my-server-1.com and my-server-2.com -->
<value>my-server-1.com</value>
<value>my-server-2.com</value>
</values-param>
<values-param>
<name>black-list</name>
<value>*.evil.org</value>
</values-param>
</init-params>
</component>
Deploy your extension.
The default configuration is:
<component>
<key>org.exoplatform.web.security.proxy.ProxyFilterService</key>
<type>org.exoplatform.web.security.proxy.ProxyFilterService</type>
<init-params>
<values-param>
<!-- The white list -->
<name>white-list</name>
<!-- We accept anything not black listed -->
<value>*</value>
</values-param>
<values-param>
<name>black-list</name>
<value>*.evil.org</value>
</values-param>
</init-params>
</component>
How does it work?
Any domain name in black list is denied.
Any domain name NOT in white list is denied.
Only domain names in white list and NOT in black list are allowed.
Multiple values can be added (by adding more value tags) and wildcards can be used, as in the following example:
<component>
<key>org.exoplatform.web.security.proxy.ProxyFilterService</key>
<type>org.exoplatform.web.security.proxy.ProxyFilterService</type>
<init-params>
<values-param>
<name>white-list</name>
<value>*.example.com</value>
<value>www.example.net</value>
</values-param>
<values-param>
<name>black-list</name>
<value>evil.example.com</value>
</values-param>
</init-params>
</component>
See also