From 1a2e6b980446830bf2f1758d5fba591306a4f0d6 Mon Sep 17 00:00:00 2001
From: Christopher hubing <chubing@internet2.edu>
Date: Tue, 24 Oct 2017 17:49:24 +0000
Subject: [PATCH] modified web.xml as per
 https://spaces.internet2.edu/display/Grouper/Newcastle+University+-+Protecting+UI+With+Shib

---
 test-compose/ui/Dockerfile                    |   3 +-
 .../classes/grouper-loader.properties         |   0
 .../classes/grouper.hibernate.properties      |   0
 .../{ => WEB-INF}/classes/grouper.properties  |   0
 .../ui/{ => WEB-INF}/classes/sources.xml      |   8 +-
 test-compose/ui/WEB-INF/web.xml               | 203 ++++++++++++++
 test-compose/ui/WEB-INF/web.xml.dist          | 265 ++++++++++++++++++
 test-compose/ui/tomcat/server.xml             |   4 +
 8 files changed, 478 insertions(+), 5 deletions(-)
 rename test-compose/ui/{ => WEB-INF}/classes/grouper-loader.properties (100%)
 rename test-compose/ui/{ => WEB-INF}/classes/grouper.hibernate.properties (100%)
 rename test-compose/ui/{ => WEB-INF}/classes/grouper.properties (100%)
 rename test-compose/ui/{ => WEB-INF}/classes/sources.xml (98%)
 create mode 100644 test-compose/ui/WEB-INF/web.xml
 create mode 100644 test-compose/ui/WEB-INF/web.xml.dist

diff --git a/test-compose/ui/Dockerfile b/test-compose/ui/Dockerfile
index c3375df..377e901 100644
--- a/test-compose/ui/Dockerfile
+++ b/test-compose/ui/Dockerfile
@@ -6,5 +6,6 @@ MAINTAINER tier-packaging@internet2.edu <tier-packaging@internet2.edu>
 ENV TOMCAT_MAJOR=8
 ENV TOMCAT_VERSION="8.5.23"
 
-COPY classes/ /opt/apache-tomcat-$TOMCAT_VERSION/webapps/grouper/WEB-INF/classes
+COPY WEB-INF/classes/ /opt/apache-tomcat-$TOMCAT_VERSION/webapps/grouper/WEB-INF/classes
+COPY WEB-INF/web.xml /opt/apache-tomcat-$TOMCAT_VERSION/webapps/grouper/WEB-INF/
 COPY tomcat/ /opt/apache-tomcat-$TOMCAT_VERSION/conf/
diff --git a/test-compose/ui/classes/grouper-loader.properties b/test-compose/ui/WEB-INF/classes/grouper-loader.properties
similarity index 100%
rename from test-compose/ui/classes/grouper-loader.properties
rename to test-compose/ui/WEB-INF/classes/grouper-loader.properties
diff --git a/test-compose/ui/classes/grouper.hibernate.properties b/test-compose/ui/WEB-INF/classes/grouper.hibernate.properties
similarity index 100%
rename from test-compose/ui/classes/grouper.hibernate.properties
rename to test-compose/ui/WEB-INF/classes/grouper.hibernate.properties
diff --git a/test-compose/ui/classes/grouper.properties b/test-compose/ui/WEB-INF/classes/grouper.properties
similarity index 100%
rename from test-compose/ui/classes/grouper.properties
rename to test-compose/ui/WEB-INF/classes/grouper.properties
diff --git a/test-compose/ui/classes/sources.xml b/test-compose/ui/WEB-INF/classes/sources.xml
similarity index 98%
rename from test-compose/ui/classes/sources.xml
rename to test-compose/ui/WEB-INF/classes/sources.xml
index 349fa51..9c884ae 100644
--- a/test-compose/ui/classes/sources.xml
+++ b/test-compose/ui/WEB-INF/classes/sources.xml
@@ -125,7 +125,7 @@ $Id: sources.example.xml,v 1.8 2009-08-11 20:18:09 mchyzer Exp $
     </init-param>
     <init-param>
       <param-name>SECURITY_PRINCIPAL</param-name>
-      <param-value>cn=admin,dc=example,dc=edu</param-value>
+      <param-value>cn=admin,dc=internet2,dc=edu</param-value>
     </init-param>
     <init-param>
       <param-name>SECURITY_CREDENTIALS</param-name>
@@ -168,7 +168,7 @@ $Id: sources.example.xml,v 1.8 2009-08-11 20:18:09 mchyzer Exp $
         <param>
             <param-name>base</param-name>
             <param-value>
-                ou=people,dc=example,dc=edu
+                ou=people,dc=internet2,dc=edu
             </param-value>
         </param>
     </search>
@@ -190,7 +190,7 @@ $Id: sources.example.xml,v 1.8 2009-08-11 20:18:09 mchyzer Exp $
         <param>
             <param-name>base</param-name>
             <param-value>
-                ou=people,dc=example,dc=edu
+                ou=people,dc=internet2,dc=edu
             </param-value>
         </param>
     </search>
@@ -212,7 +212,7 @@ $Id: sources.example.xml,v 1.8 2009-08-11 20:18:09 mchyzer Exp $
          <param>
             <param-name>base</param-name>
             <param-value>
-                ou=people,dc=example,dc=edu
+                ou=people,dc=internet2,dc=edu
             </param-value>
         </param>
     </search>
diff --git a/test-compose/ui/WEB-INF/web.xml b/test-compose/ui/WEB-INF/web.xml
new file mode 100644
index 0000000..92d4125
--- /dev/null
+++ b/test-compose/ui/WEB-INF/web.xml
@@ -0,0 +1,203 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:j2ee="http://java.sun.com/xml/ns/j2ee" version="2.4" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.s
+un.com/xml/ns/j2ee/web-app_2_4.xsd">
+<!--DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN. CHANGE YOUR FILE specified by the build.properties value [additional.web.xml]. The contents of that file are merged into ${grouper-ui}/w
+ebapp/WEB-INF/web.core.xml-->
+<!--In webapp-->
+<!--Processing context-param-->
+<!--Processing filter-->
+<!--Inserting tag from merge file-->
+<filter>
+    <filter-name>GrouperUi</filter-name>
+    <filter-class>edu.internet2.middleware.grouper.ui.GrouperUiFilter</filter-class>
+</filter>
+<!--Inserting tag from merge file-->
+<filter>
+  	<filter-name>Error Catcher</filter-name>
+  	<filter-class>edu.internet2.middleware.grouper.ui.ErrorFilter</filter-class>
+  </filter>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter>
+  	<filter-name>Login check</filter-name>
+  	<filter-class>edu.internet2.middleware.grouper.ui.LoginCheckFilter</filter-class>
+  	<init-param>    
+  		<param-name>failureUrl</param-name>    
+  		<param-value>/index.jsp</param-value>  
+  	</init-param>
+	 	<init-param>    
+  	<param-name>ignore</param-name>    
+  		<param-value>:/populateIndex.do:/callLogin.do:/error.do:/logout.do:/status:</param-value>  
+  	</init-param>
+  	<init-param>    
+  		<param-name>grouperRole</param-name>    
+  		<param-value>*</param-value>  
+  	</init-param>
+  </filter>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter>
+  	<filter-name>Caller page</filter-name>
+  	<filter-class>edu.internet2.middleware.grouper.ui.CallerPageFilter</filter-class>
+    </filter>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter>
+    <filter-name>CSRFGuard</filter-name>
+    <filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
+  </filter>
+<!--Processing filter-mapping-->
+<!--Inserting tag from merge file-->
+<filter-mapping>
+    <filter-name>GrouperUi</filter-name>
+    <url-pattern>*.do</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from merge file-->
+<filter-mapping>
+    <filter-name>GrouperUi</filter-name>
+    <url-pattern>*.jsp</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from merge file-->
+<filter-mapping>
+  	<filter-name>Error Catcher</filter-name>
+  	<url-pattern>*.do</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from merge file-->
+<filter-mapping>
+  	<filter-name>Error Catcher</filter-name>
+  	<url-pattern>/gotoCallerPage</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+    <filter-name>GrouperUi</filter-name>
+    <url-pattern>/grouperUi/app/*</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+    <filter-name>GrouperUi</filter-name>
+    <url-pattern>/grouperUi/appHtml/*</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+    <filter-name>GrouperUi</filter-name>
+    <url-pattern>/grouperExternal/app/*</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+    <filter-name>GrouperUi</filter-name>
+    <url-pattern>/grouperExternal/appHtml/*</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+    <filter-name>GrouperUi</filter-name>
+    <url-pattern>/grouperExternal/public/UiV2Public.index</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+    <filter-name>GrouperUi</filter-name>
+    <url-pattern>/grouperExternal/public/UiV2Public.postIndex</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+  	<filter-name>Caller page</filter-name>
+  	<url-pattern>/gotoCallerPage</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+  	<filter-name>Login check</filter-name>
+  	<url-pattern>*.do</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+    <filter-name>CSRFGuard</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
+<!--Processing listener-->
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<listener>
+  	<listener-class>edu.internet2.middleware.grouper.ui.GrouperSessionAttributeListener</listener-class>
+</listener>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<listener>
+    <listener-class>org.owasp.csrfguard.CsrfGuardServletContextListener</listener-class>
+  </listener>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<listener>
+    <listener-class>org.owasp.csrfguard.CsrfGuardHttpSessionListener</listener-class>
+  </listener>
+<!--Processing servlet-->
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet>
+    <servlet-name>StatusServlet</servlet-name>
+    <display-name>Status Servlet</display-name>
+    <servlet-class>edu.internet2.middleware.grouper.j2ee.status.GrouperStatusServlet</servlet-class>
+    <load-on-startup>1</load-on-startup>
+  </servlet>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet>
+  <!-- Map the filter to a Servlet or URL -->
+
+    <servlet-name>UiServlet</servlet-name>
+    <servlet-class>edu.internet2.middleware.grouper.j2ee.GrouperUiRestServlet</servlet-class>
+    <load-on-startup>1</load-on-startup>
+  </servlet>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet>
+     <servlet-name>OwaspJavaScriptServlet</servlet-name>
+     <servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
+  </servlet>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet>
+    <servlet-name>action</servlet-name>
+    <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
+    <init-param>
+      <param-name>config</param-name>
+      <param-value>/WEB-INF/struts-config.xml</param-value>
+    </init-param>
+    <load-on-startup>2</load-on-startup>
+  </servlet>
+<!--Processing servlet-mapping-->
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet-mapping>
+    <servlet-name>StatusServlet</servlet-name>
+    <url-pattern>/status</url-pattern>
+  </servlet-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet-mapping>
+    <servlet-name>UiServlet</servlet-name>
+    <url-pattern>/grouperUi/app/*</url-pattern>
+  </servlet-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet-mapping>
+    <servlet-name>UiServlet</servlet-name>
+    <url-pattern>/grouperExternal/app/*</url-pattern>
+  </servlet-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet-mapping>
+    <servlet-name>UiServlet</servlet-name>
+    <url-pattern>/grouperExternal/public/UiV2Public.index</url-pattern>
+  </servlet-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet-mapping>
+    <servlet-name>UiServlet</servlet-name>
+    <url-pattern>/grouperExternal/public/UiV2Public.postIndex</url-pattern>
+  </servlet-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet-mapping>
+     <servlet-name>OwaspJavaScriptServlet</servlet-name>
+     <url-pattern>/grouperExternal/public/OwaspJavaScriptServlet</url-pattern>
+  </servlet-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet-mapping>
+    <servlet-name>action</servlet-name>
+    <url-pattern>*.do</url-pattern>
+  </servlet-mapping>
+<!--Processing mime-mapping-->
+<!--Processing error-page-->
+<!--Processing error-page-->
+<!--Processing taglib-->
+<!--Processing resource-env-ref-->
+<!--Processing resource-ref-->
+<!--Processing security-constraint-->
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<!--Processing env-entry-->
+<!--Processing ejb-ref-->
+<!--Processing ejb-local-ref-->
+</web-app>
diff --git a/test-compose/ui/WEB-INF/web.xml.dist b/test-compose/ui/WEB-INF/web.xml.dist
new file mode 100644
index 0000000..3b3bc2a
--- /dev/null
+++ b/test-compose/ui/WEB-INF/web.xml.dist
@@ -0,0 +1,265 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:j2ee="http://java.sun.com/xml/ns/j2ee" version="2.4" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.s
+un.com/xml/ns/j2ee/web-app_2_4.xsd">
+<!--DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN. CHANGE YOUR FILE specified by the build.properties value [additional.web.xml]. The contents of that file are merged into ${grouper-ui}/w
+ebapp/WEB-INF/web.core.xml-->
+<!--In webapp-->
+<!--Processing context-param-->
+<!--Processing filter-->
+<!--Inserting tag from merge file-->
+<filter>
+    <filter-name>GrouperUi</filter-name>
+    <filter-class>edu.internet2.middleware.grouper.ui.GrouperUiFilter</filter-class>
+</filter>
+<!--Inserting tag from merge file-->
+<filter>
+  	<filter-name>Error Catcher</filter-name>
+  	<filter-class>edu.internet2.middleware.grouper.ui.ErrorFilter</filter-class>
+  </filter>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter>
+  	<filter-name>Login check</filter-name>
+  	<filter-class>edu.internet2.middleware.grouper.ui.LoginCheckFilter</filter-class>
+  	<init-param>    
+  		<param-name>failureUrl</param-name>    
+  		<param-value>/index.jsp</param-value>  
+  	</init-param>
+	 	<init-param>    
+  	<param-name>ignore</param-name>    
+  		<param-value>:/populateIndex.do:/callLogin.do:/error.do:/logout.do:/status:</param-value>  
+  	</init-param>
+  	<init-param>    
+  		<param-name>grouperRole</param-name>    
+  		<param-value>*</param-value>  
+  	</init-param>
+  </filter>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter>
+  	<filter-name>Caller page</filter-name>
+  	<filter-class>edu.internet2.middleware.grouper.ui.CallerPageFilter</filter-class>
+    </filter>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter>
+    <filter-name>CSRFGuard</filter-name>
+    <filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
+  </filter>
+<!--Processing filter-mapping-->
+<!--Inserting tag from merge file-->
+<filter-mapping>
+    <filter-name>GrouperUi</filter-name>
+    <url-pattern>*.do</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from merge file-->
+<filter-mapping>
+    <filter-name>GrouperUi</filter-name>
+    <url-pattern>*.jsp</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from merge file-->
+<filter-mapping>
+  	<filter-name>Error Catcher</filter-name>
+  	<url-pattern>*.do</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from merge file-->
+<filter-mapping>
+  	<filter-name>Error Catcher</filter-name>
+  	<url-pattern>/gotoCallerPage</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+    <filter-name>GrouperUi</filter-name>
+    <url-pattern>/grouperUi/app/*</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+    <filter-name>GrouperUi</filter-name>
+    <url-pattern>/grouperUi/appHtml/*</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+    <filter-name>GrouperUi</filter-name>
+    <url-pattern>/grouperExternal/app/*</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+    <filter-name>GrouperUi</filter-name>
+    <url-pattern>/grouperExternal/appHtml/*</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+    <filter-name>GrouperUi</filter-name>
+    <url-pattern>/grouperExternal/public/UiV2Public.index</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+    <filter-name>GrouperUi</filter-name>
+    <url-pattern>/grouperExternal/public/UiV2Public.postIndex</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+  	<filter-name>Caller page</filter-name>
+  	<url-pattern>/gotoCallerPage</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+  	<filter-name>Login check</filter-name>
+  	<url-pattern>*.do</url-pattern>
+  </filter-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<filter-mapping>
+    <filter-name>CSRFGuard</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
+<!--Processing listener-->
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<listener>
+  	<listener-class>edu.internet2.middleware.grouper.ui.GrouperSessionAttributeListener</listener-class>
+</listener>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<listener>
+    <listener-class>org.owasp.csrfguard.CsrfGuardServletContextListener</listener-class>
+  </listener>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<listener>
+    <listener-class>org.owasp.csrfguard.CsrfGuardHttpSessionListener</listener-class>
+  </listener>
+<!--Processing servlet-->
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet>
+    <servlet-name>StatusServlet</servlet-name>
+    <display-name>Status Servlet</display-name>
+    <servlet-class>edu.internet2.middleware.grouper.j2ee.status.GrouperStatusServlet</servlet-class>
+    <load-on-startup>1</load-on-startup>
+  </servlet>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet>
+  <!-- Map the filter to a Servlet or URL -->
+
+    <servlet-name>UiServlet</servlet-name>
+    <servlet-class>edu.internet2.middleware.grouper.j2ee.GrouperUiRestServlet</servlet-class>
+    <load-on-startup>1</load-on-startup>
+  </servlet>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet>
+     <servlet-name>OwaspJavaScriptServlet</servlet-name>
+     <servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
+  </servlet>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet>
+    <servlet-name>action</servlet-name>
+    <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
+    <init-param>
+      <param-name>config</param-name>
+      <param-value>/WEB-INF/struts-config.xml</param-value>
+    </init-param>
+    <load-on-startup>2</load-on-startup>
+  </servlet>
+<!--Processing servlet-mapping-->
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet-mapping>
+    <servlet-name>StatusServlet</servlet-name>
+    <url-pattern>/status</url-pattern>
+  </servlet-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet-mapping>
+    <servlet-name>UiServlet</servlet-name>
+    <url-pattern>/grouperUi/app/*</url-pattern>
+  </servlet-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet-mapping>
+    <servlet-name>UiServlet</servlet-name>
+    <url-pattern>/grouperExternal/app/*</url-pattern>
+  </servlet-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet-mapping>
+    <servlet-name>UiServlet</servlet-name>
+    <url-pattern>/grouperExternal/public/UiV2Public.index</url-pattern>
+  </servlet-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet-mapping>
+    <servlet-name>UiServlet</servlet-name>
+    <url-pattern>/grouperExternal/public/UiV2Public.postIndex</url-pattern>
+  </servlet-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet-mapping>
+     <servlet-name>OwaspJavaScriptServlet</servlet-name>
+     <url-pattern>/grouperExternal/public/OwaspJavaScriptServlet</url-pattern>
+  </servlet-mapping>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<servlet-mapping>
+    <servlet-name>action</servlet-name>
+    <url-pattern>*.do</url-pattern>
+  </servlet-mapping>
+<!--Processing mime-mapping-->
+<!--Processing error-page-->
+<!--Processing error-page-->
+<!--Processing taglib-->
+<!--Processing resource-env-ref-->
+<!--Processing resource-ref-->
+<!--Processing security-constraint-->
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<security-constraint>
+    <web-resource-collection>
+      <web-resource-name>UI</web-resource-name>
+      <url-pattern>/grouperUi/app/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>*</role-name>
+    </auth-constraint>
+  </security-constraint>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<security-constraint>
+    <web-resource-collection>
+      <web-resource-name>UI</web-resource-name>
+      <url-pattern>/grouperUi/appHtml/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>*</role-name>
+    </auth-constraint>
+  </security-constraint>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<security-constraint>
+    <web-resource-collection>
+      <web-resource-name>UI</web-resource-name>
+      <url-pattern>/grouperExternal/app/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>*</role-name>
+    </auth-constraint>
+  </security-constraint>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<security-constraint>
+    <web-resource-collection>
+      <web-resource-name>UI</web-resource-name>
+      <url-pattern>/grouperExternal/appHtml/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>*</role-name>
+    </auth-constraint>
+  </security-constraint>
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<security-constraint>
+    <web-resource-collection>
+      <web-resource-name>Tomcat login</web-resource-name>
+      <url-pattern>/login.do</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+       <!-- NOTE:  This role is not present in the default users file -->
+       <role-name>*</role-name>
+    </auth-constraint>
+  </security-constraint>
+<login-config>
+    <auth-method>BASIC</auth-method>
+    <realm-name>Grouper Application</realm-name>
+  </login-config>
+<!--Processing security-role-->
+<!--Inserting tag from base file. Merge file was file:/opt/grouper.ui-2.3.0/temp/99.web.core-filters.xml-->
+<security-role>
+    <description>
+      The role that is required to log in to the Grouper UI
+    </description>
+    <role-name>*</role-name>
+  </security-role>
+<!--Processing env-entry-->
+<!--Processing ejb-ref-->
+<!--Processing ejb-local-ref-->
+</web-app>
diff --git a/test-compose/ui/tomcat/server.xml b/test-compose/ui/tomcat/server.xml
index 0375e2b..b3b82e5 100644
--- a/test-compose/ui/tomcat/server.xml
+++ b/test-compose/ui/tomcat/server.xml
@@ -38,11 +38,13 @@
     <!-- Editable user database that can also be used by
          UserDatabaseRealm to authenticate users
     -->
+<!--
     <Resource name="UserDatabase" auth="Container"
               type="org.apache.catalina.UserDatabase"
               description="User database that can be updated and saved"
               factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
               pathname="conf/tomcat-users.xml" />
+-->
   </GlobalNamingResources>
 
   <!-- A "Service" is a collection of one or more "Connectors" that share
@@ -141,8 +143,10 @@
              resources under the key "UserDatabase".  Any edits
              that are performed against this UserDatabase are immediately
              available for use by the Realm.  -->
+<!--
         <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
                resourceName="UserDatabase"/>
+-->
       </Realm>
 
       <Host name="localhost"  appBase="webapps"