Setting the java allowlist

To set the java allowlist:

  1. Acquire the CSRF token before adding a new command into the allowlist.

    On the command line, run:

    curl -G https://127.0.0.1:15067/clapi/api/security/csrf -k 
    --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" -c cookie.out -v

    Results:

    • There is feedback “HTTP/1.1 200 OK” on the command line.
    • The file cookie.out is created.
    • There is feedback on the command line.
      { "csrf": "04c0d8c5-de00-4f3c-bffb-a7ef292921ef" }
      Note: The CSRF token session is different for each call. You must replace the next step's CSRF token session of cases with the actual one.
  2. Update the allowlist. There are four APIs for updating the jar/jars.
    • Update the entire java allowlist.

      On the command line, run:

      curl https://127.0.0.1:15067/clapi/v3/api/admin/{siteName}/server-admin/allowlist-config?type=java 
      -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" --header "X-CSRF-TOKEN: 
      04c0d8c5-de00-4f3c-bffb-a7ef292921ef" -b cookie.out -d @$SITEDIR/test/serveradmin_setAllowListConfig.json -v

      This results in “HTTP/1.1 200 OK” feedback on the command line.

      If you require adding the ls command, then the file content in $SITEDIR/test/ serveradmin_setAllowListConfig.json is:

      {"entries": [{"name": "dt.jar","note": "this is note for jar dt","path":
      "C:\\Program Files\\Amazon Corretto\\jdk1.8.0_252\\lib\\dt.jar"}]}
    • Add a new jar/class.

      On the command line, run:

      curl https://127.0.0.1:15067/clapi/v3/api/server-admin/{siteName}/allowlist-config/
      entries?type=java -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" 
      --header "X-CSRF-TOKEN: 04c0d8c5-de00-4f3c-bffb-a7ef292921ef" -b cookie.out 
      -H "Content-Type:application/json" -d @$HCISITEDIR/test/serveradmin_addAllowlistEntry.json 
      --request POST -v

      This results in “HTTP/1.1 200 OK” feedback on the command line.

      If you require adding the ls command, then the file content in $SITEDIR/test/serveradmin_addAllowlistEntry.json is:

      {"name": "dt.jar","note": "this is note for jar dt","path":
      "C:\\Program Files\\Amazon Corretto\\jdk1.8.0_252\\lib\\dt.jar"}
    • Update the node of a jar/class.

      On the command line, run:

      curl https://127.0.0.1:15067/clapi/v3/api/server-admin/{siteName}/allowlist-config/entries/{entryId}
      ?type=java -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" 
      -d @$HCISITEDIR/test/serveradmin_updateAllowlistEntry.json --header "X-CSRF-TOKEN: 
      04c0d8c5-de00-4f3c-bffb-a7ef292921ef" -b cookie.out --request PUT -v

      This results in “HTTP/1.1 200 OK” feedback on the command line.

      If you require updating the ls command note, then the file content in $SITEDIR/test/serveradmin_updateAllowlistEntry.json is:

      {"note": "this is updated note for dt.jar"}
    • Delete a jar/class.

      On the command line, run:

      curl https://127.0.0.1:15067/clapi/v3/api/server-admin/{siteName}/allowlist-config/entries/
      {entryId}?type=java -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" 
      --header "X-CSRF-TOKEN: 04c0d8c5-de00-4f3c-bffb-a7ef292921ef" -b cookie.out 
      -H "Content-Type:application/json" –request DELETE -v

      This results in “HTTP/1.1 200 OK” feedback on the command line.

  3. Acquire the allowlist to confirm the jar has been successfully set.

    On the command line, run:

    curl -G https://127.0.0.1:15067/clapi/v3/api/admin/server-admin/{siteName}/
    allowlist-config?type=java -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" -v

    This results in “HTTP/1.1 200 OK” feedback on the command line.

    Additional feedback is on the command line:

    “{"entries": [{"id": 1, "name": "dt.jar","note": "this is note for jar dt","path":
    "C:\\Program Files\\Amazon Corretto\\jdk1.8.0_252\\lib\\dt.jar ", "digest":
    "8fbf43eb41fe057bcad2be1f1f688f1c31d90ee08118eae26ca176d60cd9b69c"}]}”