Re: [jetty-users] What's wrong with this secureCookie configuration?

[Joakim Erdfelt <joakim@xxxxxxxxxxx>]

There's not enough information to answer your original question.

Where are you attempting to do this?

The server side? the deployment side? the webapp side? or something else?

--

Joakim Erdfelt <joakim@xxxxxxxxxxx>

webtide.com - intalio.com/jetty

Expert advice, services and support from from the Jetty & CometD experts

eclipse.org/jetty - cometd.org

On Thu, Feb 13, 2014 at 4:51 PM, Tom Vaughan <tom.vaughan@xxxxxxxxxx> wrote:

Thanks for the prompt reply;  because of the way our upgrade/deployment process works it's going to be easier for me to change the jetty-side configuration than to change the application web.xmls

Did the configuration I pasted in the original email look right?

On Thu, Feb 13, 2014 at 6:49 PM, Joakim Erdfelt <joakim@xxxxxxxxxxx> wrote:

Jetty 8.x is Servlet 3.0, its easier to use the standard location in the WEB-INF/web.xml of your webapp.

<session-config>

 <cookie-config>

  <secure>true</secure>

 </cookie-config>

</session-config>

--

Joakim Erdfelt <joakim@xxxxxxxxxxx>

webtide.com - intalio.com/jetty

Expert advice, services and support from from the Jetty & CometD experts

eclipse.org/jetty - cometd.org

On Thu, Feb 13, 2014 at 4:37 PM, Tom Vaughan <tom.vaughan@xxxxxxxxxx> wrote:

Hi -

I'm upgrading from jetty 6.1.22 to 8.1.8 and I've notice that the configuration for setting cookies to be secure has moved under a layer of indirection.  I'm having trouble configuring it and I'm hoping someone on this list can clue me in to what I'm doing wrong.

Basically, in 6.1.22 I could do this:

<Get name="sessionHandler">
  <Get name="sessionManager">
    <Set name="secureCookies">true</Set>
  </Get>
</Get>

In 8.1.8 it looks like the code path should be:

WebAppContext.getSessionHandler().getSessionManager().getSessionCookieConfig().setSecure(true);

Seems straight forward enough.

So here's my new context configuration:

<Configure class="org.eclipse.jetty.webapp.WebAppContext">

  <Get name="sessionHandler">

    <Get name="sessionManager">

      <Get name="sessionCookieConfig">

        <Set name="secure" type="boolean">true</Set> 

      </Get> 

    </Get>

  </Get>

But when I start jetty, the context dies with this error in the logs:

oejx.XmlConfiguration:Config error at true java.lang.NoSuchMethodException: class org.eclipse.jetty.server.session.AbstractSessionManager$2.setSecure(boolean)

Why is it trying to call setSecure on the sessionManager instead of the sessionManager's sessionCookieConfig?

Any thoughts?

Thanks in advance!

Tom

P.S.  this is an x-post of a stack overflow question, so if you want some karma, you can answer over there: http://stackoverflow.com/questions/21763824/setting-secure-cookies-on-jetty-6-8-upgrade

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users