Setting the java allowlist
To set the java allowlist:
-
Acquire the CSRF token before adding a new command into the allowlist.
On the command line, run:
curl -G https://127.0.0.1:15067/clapi/api/security/csrf -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" -c cookie.out -v
Results:
- There is feedback “HTTP/1.1 200 OK” on the command line.
- The file cookie.out is created.
- There is feedback on the command
line.
{ "csrf": "04c0d8c5-de00-4f3c-bffb-a7ef292921ef" }
Note: The CSRF token session is different for each call. You must replace the next step's CSRF token session of cases with the actual one.
-
Update the allowlist. There are four APIs for updating the
jar/jars.
- Update the entire java allowlist.
On the command line, run:
curl https://127.0.0.1:15067/clapi/v3/api/admin/{siteName}/server-admin/allowlist-config?type=java -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" --header "X-CSRF-TOKEN: 04c0d8c5-de00-4f3c-bffb-a7ef292921ef" -b cookie.out -d @$SITEDIR/test/serveradmin_setAllowListConfig.json -v
This results in “HTTP/1.1 200 OK” feedback on the command line.
If you require adding the ls command, then the file content in $SITEDIR/test/ serveradmin_setAllowListConfig.json is:
{"entries": [{"name": "dt.jar","note": "this is note for jar dt","path": "C:\\Program Files\\Amazon Corretto\\jdk1.8.0_252\\lib\\dt.jar"}]}
- Add a new jar/class.
On the command line, run:
curl https://127.0.0.1:15067/clapi/v3/api/server-admin/{siteName}/allowlist-config/ entries?type=java -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" --header "X-CSRF-TOKEN: 04c0d8c5-de00-4f3c-bffb-a7ef292921ef" -b cookie.out -H "Content-Type:application/json" -d @$HCISITEDIR/test/serveradmin_addAllowlistEntry.json --request POST -v
This results in “HTTP/1.1 200 OK” feedback on the command line.
If you require adding the ls command, then the file content in $SITEDIR/test/serveradmin_addAllowlistEntry.json is:
{"name": "dt.jar","note": "this is note for jar dt","path": "C:\\Program Files\\Amazon Corretto\\jdk1.8.0_252\\lib\\dt.jar"}
- Update the node of a
jar/class.
On the command line, run:
curl https://127.0.0.1:15067/clapi/v3/api/server-admin/{siteName}/allowlist-config/entries/{entryId} ?type=java -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" -d @$HCISITEDIR/test/serveradmin_updateAllowlistEntry.json --header "X-CSRF-TOKEN: 04c0d8c5-de00-4f3c-bffb-a7ef292921ef" -b cookie.out --request PUT -v
This results in “HTTP/1.1 200 OK” feedback on the command line.
If you require updating the ls command note, then the file content in $SITEDIR/test/serveradmin_updateAllowlistEntry.json is:
{"note": "this is updated note for dt.jar"}
- Delete a jar/class.
On the command line, run:
curl https://127.0.0.1:15067/clapi/v3/api/server-admin/{siteName}/allowlist-config/entries/ {entryId}?type=java -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" --header "X-CSRF-TOKEN: 04c0d8c5-de00-4f3c-bffb-a7ef292921ef" -b cookie.out -H "Content-Type:application/json" –request DELETE -v
This results in “HTTP/1.1 200 OK” feedback on the command line.
- Update the entire java allowlist.
-
Acquire the allowlist to confirm the jar has been
successfully set.
On the command line, run:
curl -G https://127.0.0.1:15067/clapi/v3/api/admin/server-admin/{siteName}/ allowlist-config?type=java -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" -v
This results in “HTTP/1.1 200 OK” feedback on the command line.
Additional feedback is on the command line:
“{"entries": [{"id": 1, "name": "dt.jar","note": "this is note for jar dt","path": "C:\\Program Files\\Amazon Corretto\\jdk1.8.0_252\\lib\\dt.jar ", "digest": "8fbf43eb41fe057bcad2be1f1f688f1c31d90ee08118eae26ca176d60cd9b69c"}]}”