[jira] [Commented] (FEDIZ-256) Tomcat authenticationSessionTimeout
[
https://issues.apache.org/jira/browse/FEDIZ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17789439#comment-17789439
]
Tomas Milian commented on FEDIZ-256:
Hello [~coheigea],
I tested Tomcat 9.0.83 which fixes the authenticationSessionTimeout in
FromAuthenticator.
Unfortunately Fediz Tomcat plugin still does not recover the original session
timeout :(
Sorry I couldn't do any further debugging but from what I've seen
restoreRequest is never called from FedereationAuthenticator
> Tomcat authenticationSessionTimeout
> ---
>
> Key: FEDIZ-256
> URL: https://issues.apache.org/jira/browse/FEDIZ-256
> Project: CXF-Fediz
> Issue Type: Bug
> Components: Plugin
>Affects Versions: 1.6.1
>Reporter: Tomas Milian
>Assignee: Colm O hEigeartaigh
>Priority: Major
>
> Hello,
> I was configuring Fediz 1.6.1 on Tomcat 9.0.74 and found the following issue.
> Tomcat 9.0.74 introduced a new FORM authenticator Valve attribute
> (authenticationSessionTimeout) that breaks Fediz authentication process.
> {color:#172b4d}Fediz uses FormAuthenticator to save the request, the change
> introduced in Tomcat 9.0.74 replaces the original session timeout with the
> authenticationSessionTimeout default value (120 seconds).{color}
> {code:java}
> if (session instanceof HttpSession && ((HttpSession)
> session).isNew()) {
> int originalMaxInactiveInterval =
> session.getMaxInactiveInterval();
> if (originalMaxInactiveInterval >
> getAuthenticationSessionTimeout()) {
>
> saved.setOriginalMaxInactiveInterval(originalMaxInactiveInterval);
>
> session.setMaxInactiveInterval(getAuthenticationSessionTimeout());
> }
> } {code}
> {color:#172b4d}Once the Fediz authentication is resumed, the original session
> maxInactiveInterval is not restored, so authenticated session always ends up
> with a 120 second maxInactiveInterval{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (FEDIZ-256) Tomcat authenticationSessionTimeout
[
https://issues.apache.org/jira/browse/FEDIZ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17783115#comment-17783115
]
Tomas Milian edited comment on FEDIZ-256 at 11/6/23 7:23 AM:
-
Thanks I will test it and come back to you
was (Author: tmilian):
Thanks I will test it once released and come back to you
> Tomcat authenticationSessionTimeout
> ---
>
> Key: FEDIZ-256
> URL: https://issues.apache.org/jira/browse/FEDIZ-256
> Project: CXF-Fediz
> Issue Type: Bug
> Components: Plugin
>Affects Versions: 1.6.1
>Reporter: Tomas Milian
>Assignee: Colm O hEigeartaigh
>Priority: Major
>
> Hello,
> I was configuring Fediz 1.6.1 on Tomcat 9.0.74 and found the following issue.
> Tomcat 9.0.74 introduced a new FORM authenticator Valve attribute
> (authenticationSessionTimeout) that breaks Fediz authentication process.
> {color:#172b4d}Fediz uses FormAuthenticator to save the request, the change
> introduced in Tomcat 9.0.74 replaces the original session timeout with the
> authenticationSessionTimeout default value (120 seconds).{color}
> {code:java}
> if (session instanceof HttpSession && ((HttpSession)
> session).isNew()) {
> int originalMaxInactiveInterval =
> session.getMaxInactiveInterval();
> if (originalMaxInactiveInterval >
> getAuthenticationSessionTimeout()) {
>
> saved.setOriginalMaxInactiveInterval(originalMaxInactiveInterval);
>
> session.setMaxInactiveInterval(getAuthenticationSessionTimeout());
> }
> } {code}
> {color:#172b4d}Once the Fediz authentication is resumed, the original session
> maxInactiveInterval is not restored, so authenticated session always ends up
> with a 120 second maxInactiveInterval{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (FEDIZ-256) Tomcat authenticationSessionTimeout
[
https://issues.apache.org/jira/browse/FEDIZ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17783115#comment-17783115
]
Tomas Milian commented on FEDIZ-256:
Thanks I will test it once released and come back to you
> Tomcat authenticationSessionTimeout
> ---
>
> Key: FEDIZ-256
> URL: https://issues.apache.org/jira/browse/FEDIZ-256
> Project: CXF-Fediz
> Issue Type: Bug
> Components: Plugin
>Affects Versions: 1.6.1
>Reporter: Tomas Milian
>Assignee: Colm O hEigeartaigh
>Priority: Major
>
> Hello,
> I was configuring Fediz 1.6.1 on Tomcat 9.0.74 and found the following issue.
> Tomcat 9.0.74 introduced a new FORM authenticator Valve attribute
> (authenticationSessionTimeout) that breaks Fediz authentication process.
> {color:#172b4d}Fediz uses FormAuthenticator to save the request, the change
> introduced in Tomcat 9.0.74 replaces the original session timeout with the
> authenticationSessionTimeout default value (120 seconds).{color}
> {code:java}
> if (session instanceof HttpSession && ((HttpSession)
> session).isNew()) {
> int originalMaxInactiveInterval =
> session.getMaxInactiveInterval();
> if (originalMaxInactiveInterval >
> getAuthenticationSessionTimeout()) {
>
> saved.setOriginalMaxInactiveInterval(originalMaxInactiveInterval);
>
> session.setMaxInactiveInterval(getAuthenticationSessionTimeout());
> }
> } {code}
> {color:#172b4d}Once the Fediz authentication is resumed, the original session
> maxInactiveInterval is not restored, so authenticated session always ends up
> with a 120 second maxInactiveInterval{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (FEDIZ-256) Tomcat authenticationSessionTimeout
[
https://issues.apache.org/jira/browse/FEDIZ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tomas Milian updated FEDIZ-256:
---
Description:
Hello,
I was configuring Fediz 1.6.1 on Tomcat 9.0.74 and found the following issue.
Tomcat 9.0.74 introduced a new FORM authenticator Valve attribute
(authenticationSessionTimeout) that breaks Fediz authentication process.
{color:#172b4d}Fediz uses FormAuthenticator to save the request, the change
introduced in Tomcat 9.0.74 replaces the original session timeout with the
authenticationSessionTimeout default value (120 seconds).{color}
{code:java}
if (session instanceof HttpSession && ((HttpSession) session).isNew()) {
int originalMaxInactiveInterval = session.getMaxInactiveInterval();
if (originalMaxInactiveInterval >
getAuthenticationSessionTimeout()) {
saved.setOriginalMaxInactiveInterval(originalMaxInactiveInterval);
session.setMaxInactiveInterval(getAuthenticationSessionTimeout());
}
} {code}
{color:#172b4d}Once the Fediz authentication is resumed, the original session
maxInactiveInterval is not restored, so authenticated session always ends up
with a 120 second maxInactiveInterval{color}
was:
Hello,
I was configuring Fediz 1.6.1 on Tomcat 9.0.74 and found the following issue.
Tomcat 9.0.74 introduced a new FORM authenticator Valve attribute
(authenticationSessionTimeout) that breaks Fediz authentication process.
{color:#172b4d}Fediz uses FormAuthenticator to save the request, the change
introduced in Tomcat 9.0.74 replaces the original session timeout with the
authenticationSessionTimeout default value (120 seconds).{color}
{code:java}
if (session instanceof HttpSession && ((HttpSession) session).isNew()) {
int originalMaxInactiveInterval = session.getMaxInactiveInterval();
if (originalMaxInactiveInterval >
getAuthenticationSessionTimeout()) {
saved.setOriginalMaxInactiveInterval(originalMaxInactiveInterval);
session.setMaxInactiveInterval(getAuthenticationSessionTimeout());
}
} {code}
{color:#172b4d}Once the Fediz authentication is resumed, the session
maxInactiveInterval is not restored, so authenticated session always ends up
with a 120 second maxInactiveInterval{color}
> Tomcat authenticationSessionTimeout
> ---
>
> Key: FEDIZ-256
> URL: https://issues.apache.org/jira/browse/FEDIZ-256
> Project: CXF-Fediz
> Issue Type: Bug
> Components: Plugin
>Affects Versions: 1.6.1
>Reporter: Tomas Milian
>Priority: Major
>
> Hello,
> I was configuring Fediz 1.6.1 on Tomcat 9.0.74 and found the following issue.
> Tomcat 9.0.74 introduced a new FORM authenticator Valve attribute
> (authenticationSessionTimeout) that breaks Fediz authentication process.
> {color:#172b4d}Fediz uses FormAuthenticator to save the request, the change
> introduced in Tomcat 9.0.74 replaces the original session timeout with the
> authenticationSessionTimeout default value (120 seconds).{color}
> {code:java}
> if (session instanceof HttpSession && ((HttpSession)
> session).isNew()) {
> int originalMaxInactiveInterval =
> session.getMaxInactiveInterval();
> if (originalMaxInactiveInterval >
> getAuthenticationSessionTimeout()) {
>
> saved.setOriginalMaxInactiveInterval(originalMaxInactiveInterval);
>
> session.setMaxInactiveInterval(getAuthenticationSessionTimeout());
> }
> } {code}
> {color:#172b4d}Once the Fediz authentication is resumed, the original session
> maxInactiveInterval is not restored, so authenticated session always ends up
> with a 120 second maxInactiveInterval{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (FEDIZ-256) Tomcat authenticationSessionTimeout
[
https://issues.apache.org/jira/browse/FEDIZ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tomas Milian updated FEDIZ-256:
---
Description:
Hello,
I was configuring Fediz 1.6.1 on Tomcat 9.0.74 and found the following issue.
Tomcat 9.0.74 introduced a new FORM authenticator Valve attribute
(authenticationSessionTimeout) that breaks Fediz authentication process.
{color:#172b4d}Fediz uses FormAuthenticator to save the request, the change
introduced in Tomcat 9.0.74 replaces the original session timeout with the
authenticationSessionTimeout default value (120 seconds).{color}
{code:java}
if (session instanceof HttpSession && ((HttpSession) session).isNew()) {
int originalMaxInactiveInterval = session.getMaxInactiveInterval();
if (originalMaxInactiveInterval >
getAuthenticationSessionTimeout()) {
saved.setOriginalMaxInactiveInterval(originalMaxInactiveInterval);
session.setMaxInactiveInterval(getAuthenticationSessionTimeout());
}
} {code}
{color:#172b4d}Once the Fediz authentication is resumed, the session
maxInactiveInterval is not restored, so authenticated session always ends up
with a 120 second maxInactiveInterval{color}
was:
Hello,
I was configuring Fediz 1.6.1 on Tomcat 9.0.74 and found the following issue.
Tomcat 9.0.74 introduced a new FORM authenticator Valve attribute
(authenticationSessionTimeout) that breaks Fediz authentication process.
{color:#172b4d}Fediz uses FormAuthenticator to save the request, the change
introduced in Tomcat 9.0.74 replaces the original session timeout with the
authenticationSessionTimeout default value (120 seconds).{color}
{code:java}
if (session instanceof HttpSession && ((HttpSession) session).isNew()) {
int originalMaxInactiveInterval = session.getMaxInactiveInterval();
if (originalMaxInactiveInterval >
getAuthenticationSessionTimeout()) {
saved.setOriginalMaxInactiveInterval(originalMaxInactiveInterval);
session.setMaxInactiveInterval(getAuthenticationSessionTimeout());
}
} {code}
{color:#172b4d}Once the Fediz authentication is resumed, the session
maxIncactiveInterval is not restored, so authenticated session always ends up
with a 120 second maxInactiveInterval{color}
> Tomcat authenticationSessionTimeout
> ---
>
> Key: FEDIZ-256
> URL: https://issues.apache.org/jira/browse/FEDIZ-256
> Project: CXF-Fediz
> Issue Type: Bug
> Components: Plugin
>Affects Versions: 1.6.1
>Reporter: Tomas Milian
>Priority: Major
>
> Hello,
> I was configuring Fediz 1.6.1 on Tomcat 9.0.74 and found the following issue.
> Tomcat 9.0.74 introduced a new FORM authenticator Valve attribute
> (authenticationSessionTimeout) that breaks Fediz authentication process.
> {color:#172b4d}Fediz uses FormAuthenticator to save the request, the change
> introduced in Tomcat 9.0.74 replaces the original session timeout with the
> authenticationSessionTimeout default value (120 seconds).{color}
> {code:java}
> if (session instanceof HttpSession && ((HttpSession)
> session).isNew()) {
> int originalMaxInactiveInterval =
> session.getMaxInactiveInterval();
> if (originalMaxInactiveInterval >
> getAuthenticationSessionTimeout()) {
>
> saved.setOriginalMaxInactiveInterval(originalMaxInactiveInterval);
>
> session.setMaxInactiveInterval(getAuthenticationSessionTimeout());
> }
> } {code}
> {color:#172b4d}Once the Fediz authentication is resumed, the session
> maxInactiveInterval is not restored, so authenticated session always ends up
> with a 120 second maxInactiveInterval{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (FEDIZ-256) Tomcat authenticationSessionTimeout
Tomas Milian created FEDIZ-256:
--
Summary: Tomcat authenticationSessionTimeout
Key: FEDIZ-256
URL: https://issues.apache.org/jira/browse/FEDIZ-256
Project: CXF-Fediz
Issue Type: Bug
Components: Plugin
Affects Versions: 1.6.1
Reporter: Tomas Milian
Hello,
I was configuring Fediz 1.6.1 on Tomcat 9.0.74 and found the following issue.
Tomcat 9.0.74 introduced a new FORM authenticator Valve attribute
(authenticationSessionTimeout) that breaks Fediz authentication process.
{color:#172b4d}Fediz uses FormAuthenticator to save the request, the change
introduced in Tomcat 9.0.74 replaces the original session timeout with the
authenticationSessionTimeout default value (120 seconds).{color}
{code:java}
if (session instanceof HttpSession && ((HttpSession) session).isNew()) {
int originalMaxInactiveInterval = session.getMaxInactiveInterval();
if (originalMaxInactiveInterval >
getAuthenticationSessionTimeout()) {
saved.setOriginalMaxInactiveInterval(originalMaxInactiveInterval);
session.setMaxInactiveInterval(getAuthenticationSessionTimeout());
}
} {code}
{color:#172b4d}Once the Fediz authentication is resumed, the session
maxIncactiveInterval is not restored, so authenticated session always ends up
with a 120 second maxInactiveInterval{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (CXFXJC-17) Multiple Binding Files
Tomas Milian created CXFXJC-17:
--
Summary: Multiple Binding Files
Key: CXFXJC-17
URL: https://issues.apache.org/jira/browse/CXFXJC-17
Project: CXF XJC Utils
Issue Type: New Feature
Components: Maven Plugin
Affects Versions: 3.1.0
Environment: ALL
Reporter: Tomas Milian
Fix For: 3.1.1
Hello,
It would be great if this maven plugin supported multiple binding files. The
xjc tool apparently does support multiple binding files (using multiple -b
options).
Thanks in advance
{code}
Usage: xjc [-options ...] ... [-b ] ...
If dir is specified, all schema files in it will be compiled.
If jar is specified, /META-INF/sun-jaxb.episode binding file will be compiled.
Options:
-nv: do not perform strict validation of the input schema(s)
-extension : allow vendor extensions - do not strictly follow the
Compatibility Rules and App E.2 from the JAXB Spec
-b : specify external bindings files (each must have
its own -b)
If a directory is given, **/*.xjb is searched
-d: generated files will go into this directory
-p: specifies the target package
-httpproxy : set HTTP/HTTPS proxy. Format is
[user[:password]@]proxyHost:proxyPort
-httpproxyfile : Works like -httpproxy but takes the argument in a file
to protect password
-classpath: specify where to find user class files
-catalog : specify catalog files to resolve external entity
references
support TR9401, XCatalog, and OASIS XML Catalog format.
-readOnly : generated files will be in read-only mode
-npa : suppress generation of package level annotations
(**/package-info.java)
-no-header : suppress generation of a file header with timestamp
-target (2.0|2.1) : behave like XJC 2.0 or 2.1 and generate code that
doesn't use any 2.2 features.
-enableIntrospection : enable correct generation of Boolean getters/setters
to enable Bean Introspection apis
-contentForWildcard : generates content property for types with multiple
xs:any derived elements
-xmlschema : treat input as W3C XML Schema (default)
-relaxng : treat input as RELAX NG (experimental,unsupported)
-relaxng-compact : treat input as RELAX NG compact syntax
(experimental,unsupported)
-dtd : treat input as XML DTD (experimental,unsupported)
-wsdl : treat input as WSDL and compile schemas inside it
(experimental,unsupported)
-verbose : be extra verbose
-quiet : suppress compiler output
-help : display this help message
-version : display version information
-fullversion : display full version information
Extensions:
-Xinject-code : inject specified Java code fragments into the generated
code
-Xlocator : enable source location support for generated code
-Xsync-methods : generate accessor methods with the 'synchronized'
keyword
-mark-generated: mark the generated code as @javax.annotation.Generated
-episode : generate the episode file for separate compilation
-Xpropertyaccessors : Use XmlAccessType PROPERTY instead of FIELD for
generated classes
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
