Author: deepak Date: Sat Jan 16 07:15:09 2016 New Revision: 1724930 URL: http://svn.apache.org/viewvc?rev=1724930&view=rev Log: (OFBIZ-6655) Applied patch from jira issue OFBIZ-6655. Add session tracking mode and make cookie secure for some special purposes component.
Thanks Rahul Bhammarker for contribution. Modified: ofbiz/trunk/specialpurpose/cmssite/webapp/cmssite/WEB-INF/web.xml ofbiz/trunk/specialpurpose/lucene/webapp/content/WEB-INF/web.xml ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/web.xml ofbiz/trunk/specialpurpose/scrum/webapp/scrum/WEB-INF/web.xml ofbiz/trunk/specialpurpose/webpos/webapp/webpos/WEB-INF/web.xml Modified: ofbiz/trunk/specialpurpose/cmssite/webapp/cmssite/WEB-INF/web.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/cmssite/webapp/cmssite/WEB-INF/web.xml?rev=1724930&r1=1724929&r2=1724930&view=diff ============================================================================== --- ofbiz/trunk/specialpurpose/cmssite/webapp/cmssite/WEB-INF/web.xml (original) +++ ofbiz/trunk/specialpurpose/cmssite/webapp/cmssite/WEB-INF/web.xml Sat Jan 16 07:15:09 2016 @@ -1,5 +1,4 @@ <?xml version="1.0"?> -<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <!-- Licensed to the Apache Software Foundation (ASF) under one @@ -20,34 +19,38 @@ specific language governing permissions under the License. --> -<web-app> +<web-app version="3.0" + xmlns="http://java.sun.com/xml/ns/javaee" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee + http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <display-name>Apache OFBiz - CMS Site</display-name> <description>CMS Site for the Apache OFBiz Project</description> <context-param> + <description>A unique ID used to look up the WebSite entity</description> <param-name>webSiteId</param-name> <param-value>CmsSite</param-value> - <description>A unique ID used to look up the WebSite entity</description> </context-param> <context-param> + <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description> <param-name>localDispatcherName</param-name> <param-value>CmsSite</param-value> - <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description> </context-param> <context-param> + <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description> <param-name>entityDelegatorName</param-name> <param-value>default</param-value> - <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description> </context-param> <context-param> + <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description> <param-name>mainDecoratorLocation</param-name> <param-value>component://cmssite/widget/CmssiteScreens.xml</param-value> - <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description> </context-param> <filter> - <filter-name>ContextFilter</filter-name> <display-name>ContextFilter</display-name> + <filter-name>ContextFilter</filter-name> <filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class> <init-param> <param-name>disableContextSecurity</param-name> @@ -79,9 +82,9 @@ under the License. <listener><listener-class>org.ofbiz.webapp.control.LoginEventListener</listener-class></listener> <servlet> - <servlet-name>ControlServlet</servlet-name> - <display-name>ControlServlet</display-name> <description>Main Control Servlet</description> + <display-name>ControlServlet</display-name> + <servlet-name>ControlServlet</servlet-name> <servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> @@ -93,6 +96,10 @@ under the License. <session-config> <session-timeout>60</session-timeout> + <cookie-config> + <http-only>true</http-only> + <secure>true</secure> + </cookie-config> </session-config> <welcome-file-list> Modified: ofbiz/trunk/specialpurpose/lucene/webapp/content/WEB-INF/web.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/lucene/webapp/content/WEB-INF/web.xml?rev=1724930&r1=1724929&r2=1724930&view=diff ============================================================================== --- ofbiz/trunk/specialpurpose/lucene/webapp/content/WEB-INF/web.xml (original) +++ ofbiz/trunk/specialpurpose/lucene/webapp/content/WEB-INF/web.xml Sat Jan 16 07:15:09 2016 @@ -1,5 +1,4 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <!-- Licensed to the Apache Software Foundation (ASF) under one @@ -20,7 +19,11 @@ specific language governing permissions under the License. --> -<web-app> +<web-app version="3.0" + xmlns="http://java.sun.com/xml/ns/javaee" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee + http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <display-name>Apache OFBiz - Lucene Component</display-name> <description>Lucene Component of the Apache OFBiz Project</description> @@ -30,32 +33,32 @@ under the License. <description>A unique ID used to look up the WebSite entity</description> </context-param--> <context-param> - <param-name>localDispatcherName</param-name><param-value>lucene</param-value> <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description> + <param-name>localDispatcherName</param-name><param-value>lucene</param-value> </context-param> <context-param> - <param-name>entityDelegatorName</param-name><param-value>default</param-value> <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description> + <param-name>entityDelegatorName</param-name><param-value>default</param-value> </context-param> <context-param> + <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description> <param-name>mainDecoratorLocation</param-name> <param-value>component://content/widget/CommonScreens.xml</param-value> - <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description> </context-param> <context-param> + <description>The location of the cms decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description> <param-name>cmsDecoratorLocation</param-name> <param-value>component://lucene/widget/LuceneScreens.xml</param-value> - <description>The location of the cms decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description> </context-param> <context-param> + <description>Remove unnecessary whitespace from HTML output.</description> <param-name>compressHTML</param-name> <param-value>false</param-value> - <description>Remove unnecessary whitespace from HTML output.</description> </context-param> <filter> - <filter-name>ContextFilter</filter-name> <display-name>ContextFilter</display-name> + <filter-name>ContextFilter</filter-name> <filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class> <init-param><param-name>disableContextSecurity</param-name><param-value>N</param-value></init-param> <init-param> @@ -73,15 +76,21 @@ under the License. <!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> --> <servlet> - <servlet-name>ControlServlet</servlet-name> - <display-name>ControlServlet</display-name> <description>Main Control Servlet</description> + <display-name>ControlServlet</display-name> + <servlet-name>ControlServlet</servlet-name> <servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping><servlet-name>ControlServlet</servlet-name><url-pattern>/control/*</url-pattern></servlet-mapping> - <session-config><session-timeout>60</session-timeout><!-- in minutes --></session-config> + <session-config> + <session-timeout>60</session-timeout><!-- in minutes --> + <cookie-config> + <http-only>true</http-only> + <secure>true</secure> + </cookie-config> + </session-config> <welcome-file-list> <welcome-file>index.jsp</welcome-file> Modified: ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/web.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/web.xml?rev=1724930&r1=1724929&r2=1724930&view=diff ============================================================================== --- ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/web.xml (original) +++ ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/web.xml Sat Jan 16 07:15:09 2016 @@ -1,5 +1,4 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file @@ -19,29 +18,33 @@ under the License. --> -<web-app> +<web-app version="3.0" + xmlns="http://java.sun.com/xml/ns/javaee" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee + http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <display-name>Apache OFBiz - Project Management</display-name> <description>Project Management component of the Apache OFBiz Project</description> <context-param> + <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description> <param-name>entityDelegatorName</param-name> <param-value>default</param-value> - <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description> </context-param> <context-param> + <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description> <param-name>localDispatcherName</param-name> <param-value>projectmgr</param-value> - <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description> </context-param> <context-param> + <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description> <param-name>mainDecoratorLocation</param-name> <param-value>component://projectmgr/widget/CommonScreens.xml</param-value> - <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description> </context-param> <filter> - <filter-name>ContextFilter</filter-name> <display-name>ContextFilter</display-name> + <filter-name>ContextFilter</filter-name> <filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class> <init-param> <param-name>disableContextSecurity</param-name> @@ -71,9 +74,9 @@ <!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> --> <servlet> - <servlet-name>ControlServlet</servlet-name> - <display-name>ControlServlet</display-name> <description>Main Control Servlet</description> + <display-name>ControlServlet</display-name> + <servlet-name>ControlServlet</servlet-name> <servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> @@ -84,6 +87,10 @@ <session-config> <session-timeout>60</session-timeout> <!-- in minutes --> + <cookie-config> + <http-only>true</http-only> + <secure>true</secure> + </cookie-config> </session-config> <welcome-file-list> Modified: ofbiz/trunk/specialpurpose/scrum/webapp/scrum/WEB-INF/web.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/scrum/webapp/scrum/WEB-INF/web.xml?rev=1724930&r1=1724929&r2=1724930&view=diff ============================================================================== --- ofbiz/trunk/specialpurpose/scrum/webapp/scrum/WEB-INF/web.xml (original) +++ ofbiz/trunk/specialpurpose/scrum/webapp/scrum/WEB-INF/web.xml Sat Jan 16 07:15:09 2016 @@ -1,5 +1,4 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file @@ -18,37 +17,41 @@ KIND, either express or implied. See th specific language governing permissions and limitations under the License. --> -<web-app> +<web-app version="3.0" + xmlns="http://java.sun.com/xml/ns/javaee" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee + http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <display-name>Apache OFBiz - scrum Component</display-name> <description>scrum Component of the Apache OFBiz Project</description> <context-param> - <param-name>localDispatcherName</param-name><param-value>scrum</param-value> <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description> + <param-name>localDispatcherName</param-name><param-value>scrum</param-value> </context-param> <context-param> - <param-name>entityDelegatorName</param-name><param-value>default</param-value> <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description> + <param-name>entityDelegatorName</param-name><param-value>default</param-value> </context-param> <context-param> + <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description> <param-name>mainDecoratorLocation</param-name> <param-value>component://scrum/widget/CommonScreens.xml</param-value> - <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description> </context-param> <context-param> + <description>Enable widget boundary comments. See org.ofbiz.widget.model.ModelWidget.widgetBoundaryCommentsEnabled().</description> <param-name>widgetVerbose</param-name> <param-value>false</param-value> - <description>Enable widget boundary comments. See org.ofbiz.widget.model.ModelWidget.widgetBoundaryCommentsEnabled().</description> </context-param> <context-param> + <description>Remove unnecessary whitespace from HTML output.</description> <param-name>compressHTML</param-name> <param-value>false</param-value> - <description>Remove unnecessary whitespace from HTML output.</description> </context-param> <filter> - <filter-name>ContextFilter</filter-name> <display-name>ContextFilter</display-name> + <filter-name>ContextFilter</filter-name> <filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class> <init-param><param-name>disableContextSecurity</param-name><param-value>N</param-value></init-param> <init-param> @@ -66,15 +69,21 @@ under the License. <!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> --> <servlet> - <servlet-name>ControlServlet</servlet-name> - <display-name>ControlServlet</display-name> <description>Main Control Servlet</description> + <display-name>ControlServlet</display-name> + <servlet-name>ControlServlet</servlet-name> <servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping><servlet-name>ControlServlet</servlet-name><url-pattern>/control/*</url-pattern></servlet-mapping> - <session-config><session-timeout>60</session-timeout><!-- in minutes --></session-config> + <session-config> + <session-timeout>60</session-timeout><!-- in minutes --> + <cookie-config> + <http-only>true</http-only> + <secure>true</secure> + </cookie-config> + </session-config> <welcome-file-list> <welcome-file>index.jsp</welcome-file> Modified: ofbiz/trunk/specialpurpose/webpos/webapp/webpos/WEB-INF/web.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/webpos/webapp/webpos/WEB-INF/web.xml?rev=1724930&r1=1724929&r2=1724930&view=diff ============================================================================== --- ofbiz/trunk/specialpurpose/webpos/webapp/webpos/WEB-INF/web.xml (original) +++ ofbiz/trunk/specialpurpose/webpos/webapp/webpos/WEB-INF/web.xml Sat Jan 16 07:15:09 2016 @@ -1,5 +1,4 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file @@ -19,34 +18,38 @@ under the License. --> -<web-app> +<web-app version="3.0" + xmlns="http://java.sun.com/xml/ns/javaee" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee + http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <display-name>Apache OFBiz - Web Pos</display-name> <description>Web Pos component of the Apache OFBiz Project</description> <context-param> + <description>A unique ID used to look up the WebSite entity</description> <param-name>webSiteId</param-name> <param-value>WebStorePos</param-value> - <description>A unique ID used to look up the WebSite entity</description> </context-param> <context-param> + <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description> <param-name>localDispatcherName</param-name> <param-value>webpos</param-value> - <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description> </context-param> <context-param> + <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description> <param-name>entityDelegatorName</param-name> <param-value>default</param-value> - <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description> </context-param> <context-param> + <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description> <param-name>mainDecoratorLocation</param-name> <param-value>component://webpos/widget/CommonScreens.xml</param-value> - <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description> </context-param> <filter> - <filter-name>ContextFilter</filter-name> <display-name>ContextFilter</display-name> + <filter-name>ContextFilter</filter-name> <filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class> <init-param> <param-name>disableContextSecurity</param-name> @@ -80,16 +83,16 @@ <listener><listener-class>org.ofbiz.webapp.control.LoginEventListener</listener-class></listener> <servlet> - <servlet-name>ControlServlet</servlet-name> - <display-name>ControlServlet</display-name> <description>Main Control Servlet</description> + <display-name>ControlServlet</display-name> + <servlet-name>ControlServlet</servlet-name> <servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet> - <servlet-name>CatalogUrlServlet</servlet-name> - <display-name>CatalogUrlServlet</display-name> <description>Catalog (Category/Product) URL Servlet</description> + <display-name>CatalogUrlServlet</display-name> + <servlet-name>CatalogUrlServlet</servlet-name> <servlet-class>org.ofbiz.product.category.CatalogUrlServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> @@ -103,6 +106,10 @@ </servlet-mapping> <session-config> <session-timeout>60</session-timeout> + <cookie-config> + <http-only>true</http-only> + <secure>true</secure> + </cookie-config> </session-config> <welcome-file-list> <welcome-file>index.jsp</welcome-file>