Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] What's wrong with this secureCookie configuration?
That cannot be set that way.

The method is found, but Java prevents its invocation.

2014-02-13 18:20:13.203:IGNORED:oejx.XmlConfiguration:
java.lang.IllegalAccessException: Class org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration can not access a member of class org.eclipse.jetty.server.session.AbstractSessionManager$2 with modifiers "public"
at sun.reflect.Reflection.ensureMemberAccess(Reflection.java:109)
at java.lang.reflect.AccessibleObject.slowCheckMemberAccess(AccessibleObject.java:261)
at java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:253)
at java.lang.reflect.Method.invoke(Method.java:599)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.set(XmlConfiguration.java:574)

I suspect its because the actual implementation of javax.servlet.SessionCookieConfig is an internal class that itself isn't public.


--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts


On Thu, Feb 13, 2014 at 5:47 PM, Tom Vaughan <tom.vaughan@xxxxxxxxxx> wrote:
No dice (same error)

Full file:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">

<Configure class="org.eclipse.jetty.webapp.WebAppContext">
  <Get name="sessionHandler">
    <Get name="sessionManager">
      <Get name="sessionCookieConfig">
        <Set name="secure" type="boolean">true</Set>
      </Get>
    </Get>
  </Get>

  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
  <!-- Required minimal context configuration :                        -->
  <!--  + contextPath                                                  -->
  <!--  + war OR resourceBase                                          -->
  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
  <Set name="contextPath">/report</Set>
  <Set name="war"><SystemProperty name="webapp.dir" />/report/</Set>
  <Set name="tempDirectory">/var/poseur/work_files/report_<SystemProperty name="jetty.port" /></Set>

  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
  <!-- Optional context configuration                                  -->
  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
  <Set name="extractWAR">false</Set>
  <Set name="copyWebDir">false</Set>

  <Get name="sessionHandler">
    <Get name="sessionManager">
      <Set name="httpOnly" type="boolean">true</Set>
    </Get>
  </Get>


</Configure>



On Thu, Feb 13, 2014 at 7:40 PM, Jan Bartel <janb@xxxxxxxxxxx> wrote:
Try this:

<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
"http://www.eclipse.org/jetty/configure.dtd">

Jan

On 14 February 2014 11:07, Tom Vaughan <tom.vaughan@xxxxxxxxxx> wrote:
> I noticed the "mortbay" instead of "eclipse" reference in the DTD header, so
> I swapped that DTD line out for this:
>
> <!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN"
> "http://jetty.eclipse.org/configure.dtd">
>
> And restarted jetty.  Same error.
>
>
>
> On Thu, Feb 13, 2014 at 7:01 PM, Tom Vaughan <tom.vaughan@xxxxxxxxxx> wrote:
>>
>> This configuration is being done in a $jetty_home/contexts/myApp.xml file
>> that corresponds to and controls the ../webapps/myApp
>>
>> Here's the full file
>>
>> <?xml version="1.0" encoding="ISO-8859-1"?>
>> <!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN"
>> "http://jetty.mortbay.org/configure.dtd">
>>
>> <Configure class="org.eclipse.jetty.webapp.WebAppContext">
>>
>>   <Get name="sessionHandler">
>>     <Get name="sessionManager">
>>       <Get name="sessionCookieConfig">
>>         <Set name="secure" type="boolean">true</Set>
>>       </Get>
>>     </Get>
>>   </Get>
>>
>>   <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>>   <!-- Required minimal context configuration :                        -->
>>   <!--  + contextPath                                                  -->
>>   <!--  + war OR resourceBase                                          -->
>>   <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>>   <Set name="contextPath">/report</Set>
>>   <Set name="war"><SystemProperty name="webapp.dir" />/report/</Set>
>>   <Set name="tempDirectory">/var/poseur/work_files/report_<SystemProperty
>> name="jetty.port" /></Set>
>>
>>   <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>>   <!-- Optional context configuration                                  -->
>>   <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>>   <Set name="extractWAR">false</Set>
>>   <Set name="copyWebDir">false</Set>
>>
>>   <Get name="sessionHandler">
>>     <Get name="sessionManager">
>>       <Set name="httpOnly" type="boolean">true</Set>
>>     </Get>
>>   </Get>
>>
>>
>> </Configure>
>>
>>
>> On Thu, Feb 13, 2014 at 6:55 PM, Joakim Erdfelt <joakim@xxxxxxxxxxx>
>> wrote:
>>>
>>> Also, what is the DTD declaration of those XML files? (yes, its
>>> important)
>>>
>>> --
>>> Joakim Erdfelt <joakim@xxxxxxxxxxx>
>>> webtide.com - intalio.com/jetty
>>> Expert advice, services and support from from the Jetty & CometD experts
>>> eclipse.org/jetty - cometd.org
>>>
>>>
>>> On Thu, Feb 13, 2014 at 4:54 PM, Joakim Erdfelt <joakim@xxxxxxxxxxx>
>>> wrote:
>>>>
>>>> There's not enough information to answer your original question.
>>>> Where are you attempting to do this?
>>>> The server side? the deployment side? the webapp side? or something
>>>> else?
>>>>
>>>> --
>>>> Joakim Erdfelt <joakim@xxxxxxxxxxx>
>>>> webtide.com - intalio.com/jetty
>>>> Expert advice, services and support from from the Jetty & CometD experts
>>>> eclipse.org/jetty - cometd.org
>>>>
>>>>
>>>> On Thu, Feb 13, 2014 at 4:51 PM, Tom Vaughan <tom.vaughan@xxxxxxxxxx>
>>>> wrote:
>>>>>
>>>>> Thanks for the prompt reply;  because of the way our upgrade/deployment
>>>>> process works it's going to be easier for me to change the jetty-side
>>>>> configuration than to change the application web.xmls
>>>>>
>>>>> Did the configuration I pasted in the original email look right?
>>>>>
>>>>>
>>>>> On Thu, Feb 13, 2014 at 6:49 PM, Joakim Erdfelt <joakim@xxxxxxxxxxx>
>>>>> wrote:
>>>>>>
>>>>>> Jetty 8.x is Servlet 3.0, its easier to use the standard location in
>>>>>> the WEB-INF/web.xml of your webapp.
>>>>>>
>>>>>> <session-config>
>>>>>>  <cookie-config>
>>>>>>   <secure>true</secure>
>>>>>>  </cookie-config>
>>>>>> </session-config>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Joakim Erdfelt <joakim@xxxxxxxxxxx>
>>>>>> webtide.com - intalio.com/jetty
>>>>>> Expert advice, services and support from from the Jetty & CometD
>>>>>> experts
>>>>>> eclipse.org/jetty - cometd.org
>>>>>>
>>>>>>
>>>>>> On Thu, Feb 13, 2014 at 4:37 PM, Tom Vaughan <tom.vaughan@xxxxxxxxxx>
>>>>>> wrote:
>>>>>>>
>>>>>>> Hi -
>>>>>>>
>>>>>>> I'm upgrading from jetty 6.1.22 to 8.1.8 and I've notice that the
>>>>>>> configuration for setting cookies to be secure has moved under a layer of
>>>>>>> indirection.  I'm having trouble configuring it and I'm hoping someone on
>>>>>>> this list can clue me in to what I'm doing wrong.
>>>>>>>
>>>>>>> Basically, in 6.1.22 I could do this:
>>>>>>>
>>>>>>> <Get name="sessionHandler">
>>>>>>>   <Get name="sessionManager">
>>>>>>>     <Set name="secureCookies">true</Set>
>>>>>>>   </Get>
>>>>>>> </Get>
>>>>>>>
>>>>>>> In 8.1.8 it looks like the code path should be:
>>>>>>>
>>>>>>>
>>>>>>> WebAppContext.getSessionHandler().getSessionManager().getSessionCookieConfig().setSecure(true);
>>>>>>>
>>>>>>> Seems straight forward enough.
>>>>>>>
>>>>>>> So here's my new context configuration:
>>>>>>>
>>>>>>> <Configure class="org.eclipse.jetty.webapp.WebAppContext">
>>>>>>>   <Get name="sessionHandler">
>>>>>>>     <Get name="sessionManager">
>>>>>>>       <Get name="sessionCookieConfig">
>>>>>>>         <Set name="secure" type="boolean">true</Set>
>>>>>>>       </Get>
>>>>>>>     </Get>
>>>>>>>   </Get>
>>>>>>>
>>>>>>> But when I start jetty, the context dies with this error in the logs:
>>>>>>> oejx.XmlConfiguration:Config error at true
>>>>>>> java.lang.NoSuchMethodException: class
>>>>>>> org.eclipse.jetty.server.session.AbstractSessionManager$2.setSecure(boolean)
>>>>>>>
>>>>>>>
>>>>>>> Why is it trying to call setSecure on the sessionManager instead of
>>>>>>> the sessionManager's sessionCookieConfig?
>>>>>>>
>>>>>>> Any thoughts?
>>>>>>>
>>>>>>> Thanks in advance!
>>>>>>> Tom
>>>>>>>
>>>>>>>
>>>>>>> P.S.  this is an x-post of a stack overflow question, so if you want
>>>>>>> some karma, you can answer over there:
>>>>>>> http://stackoverflow.com/questions/21763824/setting-secure-cookies-on-jetty-6-8-upgrade
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> jetty-users mailing list
>>>>>>> jetty-users@xxxxxxxxxxx
>>>>>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> jetty-users mailing list
>>>>>> jetty-users@xxxxxxxxxxx
>>>>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> jetty-users mailing list
>>>>> jetty-users@xxxxxxxxxxx
>>>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> jetty-users mailing list
>>> jetty-users@xxxxxxxxxxx
>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>>
>>
>
>
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>



--
Jan Bartel <janb@xxxxxxxxxxx>
www.webtide.com
'Expert Jetty/CometD developer,production,operations advice'
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users


Back to the top