BASE
The BASE web application.
java.lang.Throwable
/exception/exception.jsp
404
/exception/404.jsp
*.jsp
UTF-8
max-url-length
8000
Starts and stops BASE when Tomcat is starting and stopping
BASE Start/Stop servlet
net.sf.basedb.clients.web.servlet.StartStopServlet
Servlet for viewing files in the BASE file system
File view servlet
view
net.sf.basedb.clients.web.servlet.Download
default_mime_type
text/plain
use_path_info
false
view
/filemanager/files/view/*
Servlet for downloading files from the BASE file system. Is the same as
the 'view' servlet but sets the 'Content-Disposition' response header to
force browsers to prompt with a 'Save As' dialog.
File download servlet
download
net.sf.basedb.clients.web.servlet.Download
default_mime_type
text/plain
download
true
use_path_info
false
download
/filemanager/files/download/*
Servlet that handles file upload
File upload servlet
upload
net.sf.basedb.clients.web.servlet.Upload
upload
/filemanager/upload/Upload
Servlet for viewing spot images created from raw bioassay data
Spot images servlet
spotimage
net.sf.basedb.clients.web.servlet.ViewSpotImage
spotimage
/views/rawbioassays/rawdata/spotimage/*
A generic plotter for analyzed data
Plot servlet
plotter
net.sf.basedb.clients.web.servlet.PlotServlet
maxWidth
1000
maxHeight
800
defaultWidth
600
defaultHeight
400
defaultFormat
png
plotter
/views/experiments/plotter/plot
A specialied plot servlet for the experiment explorer
Experiment explorer plot servlet
eeplotter
net.sf.basedb.clients.web.servlet.ExperimentExplorerPlotServlet
eeplotter
/views/experiments/explorer/plot
Generate an RSS feed from public BASE news
News RSS feed servlet
news-feed
net.sf.basedb.clients.web.servlet.RssNewsFeed
1
news-feed
/info/news.rss
Handles request for servlets inside extensions.
Web client extensions manager
ExtensionsServlet
net.sf.basedb.clients.web.servlet.ExtensionsServlet
ExtensionsServlet
*.servlet
ExtensionsServlet
/extensions/servlet/*
Handles compilation of *.xjsp files which are like normal *.jsp files but the
classpath also include the JAR(s) for the extension.
XJSP compiler for extensions (experimental!)
xjsp
org.apache.jasper.servlet.JspServlet
fork
false
compilerClassName
net.sf.basedb.clients.web.extensions.XJspCompiler
xjsp
*.xjsp
Filter that set the character encoding in the Content-Type response header.
Character encoding filter
characterEncoding
net.sf.basedb.clients.web.servlet.CharacterEncodingFilter
characterEncoding
UTF-8
characterEncoding
*.jsp
characterEncoding
*.xjsp
A filter that can be used to set the 'Content-Security-Policy' response header.
Primary use is to reduce the risk of cross-site scripting attacks. By default
only content from the same BASE server is allowed but we also need inline
style definitions and data: image URLs and disallow browser plug-ins (flash, etc.)
completely.
Note that extensions to BASE may need more permissions, for example
use of inline javascript. If (and only if) the extension itself declare
'safe-resources="0"' in it's configuration, requests to /extensions/ subirectory
uses the 'unsafe-resources-policy' setting. For extensions that need inline scripts also
within BASE pages, the 'policy' setting must be modified to include:
script-src 'self' 'unsafe-inline';
See http://www.html5rocks.com/en/tutorials/security/content-security-policy/
for a good tutorial about content security policy
Violations to the policy are normally not logged. To enable logging add the
report-uri directive to the 'policy' setting:
report-uri /{context}/csp-report;
Replace {context} with the path under which your BASE installation is installed.
You also need to enabled the 'csp-report' defined below.
Content security policy filter
csp-filter
net.sf.basedb.clients.web.servlet.ContentSecurityPolicyFilter
policy
default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none';
unsafe-resources-policy
default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; script-src 'self' 'unsafe-inline';
csp-filter
*
This filter is used to support provide support for skins to re-map
images to their own versions. If this filter is disabled, skins will
not be able to remap images. Use the cachce-control parameter to control
the time client browsers are allowed to cache images. Skin changes
may not be visible until after this time (seconds) has passed.
Image remap filter
ImageRemap
net.sf.basedb.clients.web.servlet.ImageRemapFilter
cache-control
max-age=3600
ImageRemap
*.png
ImageRemap
*.gif