From b582df38ac8456d65aba868923dd18872f97ddf5 Mon Sep 17 00:00:00 2001
From: Andrea Campanella <andrea@onlab.us>
Date: Fri, 5 May 2017 09:08:11 -0700
Subject: [PATCH] OS-3 fixing exploit to upload malicious apps through UI rest
 APIs

Change-Id: Ia5f14b6667d7843a80cccb2794e3de5038eaa0be
---
 web/gui/src/main/webapp/WEB-INF/web.xml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/web/gui/src/main/webapp/WEB-INF/web.xml b/web/gui/src/main/webapp/WEB-INF/web.xml
index 10a18d2a87..d64f936516 100644
--- a/web/gui/src/main/webapp/WEB-INF/web.xml
+++ b/web/gui/src/main/webapp/WEB-INF/web.xml
@@ -32,6 +32,10 @@
             <web-resource-name>Secured</web-resource-name>
             <url-pattern>/index.html</url-pattern>
         </web-resource-collection>
+        <web-resource-collection>
+            <web-resource-name>Secured API</web-resource-name>
+            <url-pattern>/rs/applications/*</url-pattern>
+        </web-resource-collection>
         <auth-constraint>
             <role-name>admin</role-name>
         </auth-constraint>