THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
The Context Security Filter (CSF) defined in /WEB-INF/web.xml is used to restrict access to the web application files. In the future it may be used for debugging and/or logging requests. This is the starting point for all web requests to the application. By default all paths are rejected and only paths specifically defined are allowed direct access. The CSF is set to allow all requests to the Control Servlet by setting the mount point of the Servlet in the 'allow list'. The allow list is defined as an init-param named allowedPaths.The value is a single string of paths separated by a colon. The example webapps allow '/control:/index.html:/index.jsp:/default.html:/default.jsp:/images' paths. A path may be a directory name (starting from the root directory of the webapp) or a path to a specific file.
Example: '/images' will allow all files in the /images directory to be directly accessed.
Example: '/site-pages/contactus.html' will allow only the contactus.html file found in the /site-pages directory to be directly accessed.
Example: '/site-pages/info/*' will allow only the files in the subdirectory 'info' to be directly accessed.
When a direct request to a protected path is made the filter will do one of two things. One, the filter can redirect the user to a page defined in web.xml. This is defined by setting the init-param redirectPath to properly formatted URL. Two, the filter will throw a server error which can be defined by the init-param errorCode. The error is thrown only if there is no redirect defined. If no errorCode is defined, the filter will throw a 404 server error.
The configuration looks like this:
...