Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] What's wrong with this secureCookie configuration?

I noticed the "mortbay" instead of "eclipse" reference in the DTD header, so I swapped that DTD line out for this:

<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://jetty.eclipse.org/configure.dtd">

And restarted jetty.  Same error.



On Thu, Feb 13, 2014 at 7:01 PM, Tom Vaughan <tom.vaughan@xxxxxxxxxx> wrote:
This configuration is being done in a $jetty_home/contexts/myApp.xml file that corresponds to and controls the ../webapps/myApp 

Here's the full file

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://jetty.mortbay.org/configure.dtd">

<Configure class="org.eclipse.jetty.webapp.WebAppContext">

  <Get name="sessionHandler">
    <Get name="sessionManager">
      <Get name="sessionCookieConfig">
        <Set name="secure" type="boolean">true</Set>
      </Get>
    </Get>
  </Get>

  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
  <!-- Required minimal context configuration :                        -->
  <!--  + contextPath                                                  -->
  <!--  + war OR resourceBase                                          -->
  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
  <Set name="contextPath">/report</Set>
  <Set name="war"><SystemProperty name="webapp.dir" />/report/</Set>
  <Set name="tempDirectory">/var/poseur/work_files/report_<SystemProperty name="jetty.port" /></Set>

  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
  <!-- Optional context configuration                                  -->
  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
  <Set name="extractWAR">false</Set>
  <Set name="copyWebDir">false</Set>

  <Get name="sessionHandler">
    <Get name="sessionManager">
      <Set name="httpOnly" type="boolean">true</Set>
    </Get>
  </Get>


</Configure>


On Thu, Feb 13, 2014 at 6:55 PM, Joakim Erdfelt <joakim@xxxxxxxxxxx> wrote:
Also, what is the DTD declaration of those XML files? (yes, its important)

--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts


On Thu, Feb 13, 2014 at 4:54 PM, Joakim Erdfelt <joakim@xxxxxxxxxxx> wrote:
There's not enough information to answer your original question.
Where are you attempting to do this?
The server side? the deployment side? the webapp side? or something else?

--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts


On Thu, Feb 13, 2014 at 4:51 PM, Tom Vaughan <tom.vaughan@xxxxxxxxxx> wrote:
Thanks for the prompt reply;  because of the way our upgrade/deployment process works it's going to be easier for me to change the jetty-side configuration than to change the application web.xmls

Did the configuration I pasted in the original email look right?


On Thu, Feb 13, 2014 at 6:49 PM, Joakim Erdfelt <joakim@xxxxxxxxxxx> wrote:
Jetty 8.x is Servlet 3.0, its easier to use the standard location in the WEB-INF/web.xml of your webapp.

<session-config>
 <cookie-config>
  <secure>true</secure>
 </cookie-config>
</session-config>


--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts


On Thu, Feb 13, 2014 at 4:37 PM, Tom Vaughan <tom.vaughan@xxxxxxxxxx> wrote:
Hi -

I'm upgrading from jetty 6.1.22 to 8.1.8 and I've notice that the configuration for setting cookies to be secure has moved under a layer of indirection.  I'm having trouble configuring it and I'm hoping someone on this list can clue me in to what I'm doing wrong.

Basically, in 6.1.22 I could do this:

<Get name="sessionHandler">
  <Get name="sessionManager">
    <Set name="secureCookies">true</Set>
  </Get>
</Get>

In 8.1.8 it looks like the code path should be:

WebAppContext.getSessionHandler().getSessionManager().getSessionCookieConfig().setSecure(true);

Seems straight forward enough.

So here's my new context configuration:

<Configure class="org.eclipse.jetty.webapp.WebAppContext">
  <Get name="sessionHandler">
    <Get name="sessionManager">
      <Get name="sessionCookieConfig">
        <Set name="secure" type="boolean">true</Set> 
      </Get> 
    </Get>
  </Get>

But when I start jetty, the context dies with this error in the logs:
oejx.XmlConfiguration:Config error at true java.lang.NoSuchMethodException: class org.eclipse.jetty.server.session.AbstractSessionManager$2.setSecure(boolean)


Why is it trying to call setSecure on the sessionManager instead of the sessionManager's sessionCookieConfig?

Any thoughts?

Thanks in advance!
Tom


P.S.  this is an x-post of a stack overflow question, so if you want some karma, you can answer over there: http://stackoverflow.com/questions/21763824/setting-secure-cookies-on-jetty-6-8-upgrade

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users



_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users



_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users




_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users




Back to the top