[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] What's wrong with this secureCookie configuration?
|
Looks like a bug. It's an anonymous inner class, that is itself
public. If I make it a regular inner class, then it works.
I've raised: https://bugs.eclipse.org/bugs/show_bug.cgi?id=428157
Looking at it now.
Jan
On 14 February 2014 12:23, Joakim Erdfelt <joakim@xxxxxxxxxxx> wrote:
> That cannot be set that way.
>
> The method is found, but Java prevents its invocation.
>
> 2014-02-13 18:20:13.203:IGNORED:oejx.XmlConfiguration:
> java.lang.IllegalAccessException: Class
> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration can not access
> a member of class org.eclipse.jetty.server.session.AbstractSessionManager$2
> with modifiers "public"
> at sun.reflect.Reflection.ensureMemberAccess(Reflection.java:109)
> at
> java.lang.reflect.AccessibleObject.slowCheckMemberAccess(AccessibleObject.java:261)
> at java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:253)
> at java.lang.reflect.Method.invoke(Method.java:599)
> at
> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.set(XmlConfiguration.java:574)
>
> I suspect its because the actual implementation of
> javax.servlet.SessionCookieConfig is an internal class that itself isn't
> public.
>
>
> --
> Joakim Erdfelt <joakim@xxxxxxxxxxx>
> webtide.com - intalio.com/jetty
> Expert advice, services and support from from the Jetty & CometD experts
> eclipse.org/jetty - cometd.org
>
>
> On Thu, Feb 13, 2014 at 5:47 PM, Tom Vaughan <tom.vaughan@xxxxxxxxxx> wrote:
>>
>> No dice (same error)
>>
>> Full file:
>> <?xml version="1.0" encoding="ISO-8859-1"?>
>> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
>> "http://www.eclipse.org/jetty/configure.dtd";>
>>
>> <Configure class="org.eclipse.jetty.webapp.WebAppContext">
>> <Get name="sessionHandler">
>> <Get name="sessionManager">
>> <Get name="sessionCookieConfig">
>> <Set name="secure" type="boolean">true</Set>
>> </Get>
>> </Get>
>> </Get>
>>
>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>> <!-- Required minimal context configuration : -->
>> <!-- + contextPath -->
>> <!-- + war OR resourceBase -->
>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>> <Set name="contextPath">/report</Set>
>> <Set name="war"><SystemProperty name="webapp.dir" />/report/</Set>
>> <Set name="tempDirectory">/var/poseur/work_files/report_<SystemProperty
>> name="jetty.port" /></Set>
>>
>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>> <!-- Optional context configuration -->
>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
>> <Set name="extractWAR">false</Set>
>> <Set name="copyWebDir">false</Set>
>>
>> <Get name="sessionHandler">
>> <Get name="sessionManager">
>> <Set name="httpOnly" type="boolean">true</Set>
>> </Get>
>> </Get>
>>
>>
>> </Configure>
>>
>>
>>
>> On Thu, Feb 13, 2014 at 7:40 PM, Jan Bartel <janb@xxxxxxxxxxx> wrote:
>>>
>>> Try this:
>>>
>>> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
>>> "http://www.eclipse.org/jetty/configure.dtd";>
>>>
>>> Jan
>>>
>>> On 14 February 2014 11:07, Tom Vaughan <tom.vaughan@xxxxxxxxxx> wrote:
>>> > I noticed the "mortbay" instead of "eclipse" reference in the DTD
>>> > header, so
>>> > I swapped that DTD line out for this:
>>> >
>>> > <!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN"
>>> > "http://jetty.eclipse.org/configure.dtd";>
>>> >
>>> > And restarted jetty. Same error.
>>> >
>>> >
>>> >
>>> > On Thu, Feb 13, 2014 at 7:01 PM, Tom Vaughan <tom.vaughan@xxxxxxxxxx>
>>> > wrote:
>>> >>
>>> >> This configuration is being done in a $jetty_home/contexts/myApp.xml
>>> >> file
>>> >> that corresponds to and controls the ../webapps/myApp
>>> >>
>>> >> Here's the full file
>>> >>
>>> >> <?xml version="1.0" encoding="ISO-8859-1"?>
>>> >> <!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN"
>>> >> "http://jetty.mortbay.org/configure.dtd";>
>>> >>
>>> >> <Configure class="org.eclipse.jetty.webapp.WebAppContext">
>>> >>
>>> >> <Get name="sessionHandler">
>>> >> <Get name="sessionManager">
>>> >> <Get name="sessionCookieConfig">
>>> >> <Set name="secure" type="boolean">true</Set>
>>> >> </Get>
>>> >> </Get>
>>> >> </Get>
>>> >>
>>> >> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> >> -->
>>> >> <!-- Required minimal context configuration :
>>> >> -->
>>> >> <!-- + contextPath
>>> >> -->
>>> >> <!-- + war OR resourceBase
>>> >> -->
>>> >> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> >> -->
>>> >> <Set name="contextPath">/report</Set>
>>> >> <Set name="war"><SystemProperty name="webapp.dir" />/report/</Set>
>>> >> <Set
>>> >> name="tempDirectory">/var/poseur/work_files/report_<SystemProperty
>>> >> name="jetty.port" /></Set>
>>> >>
>>> >> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> >> -->
>>> >> <!-- Optional context configuration
>>> >> -->
>>> >> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> >> -->
>>> >> <Set name="extractWAR">false</Set>
>>> >> <Set name="copyWebDir">false</Set>
>>> >>
>>> >> <Get name="sessionHandler">
>>> >> <Get name="sessionManager">
>>> >> <Set name="httpOnly" type="boolean">true</Set>
>>> >> </Get>
>>> >> </Get>
>>> >>
>>> >>
>>> >> </Configure>
>>> >>
>>> >>
>>> >> On Thu, Feb 13, 2014 at 6:55 PM, Joakim Erdfelt <joakim@xxxxxxxxxxx>
>>> >> wrote:
>>> >>>
>>> >>> Also, what is the DTD declaration of those XML files? (yes, its
>>> >>> important)
>>> >>>
>>> >>> --
>>> >>> Joakim Erdfelt <joakim@xxxxxxxxxxx>
>>> >>> webtide.com - intalio.com/jetty
>>> >>> Expert advice, services and support from from the Jetty & CometD
>>> >>> experts
>>> >>> eclipse.org/jetty - cometd.org
>>> >>>
>>> >>>
>>> >>> On Thu, Feb 13, 2014 at 4:54 PM, Joakim Erdfelt <joakim@xxxxxxxxxxx>
>>> >>> wrote:
>>> >>>>
>>> >>>> There's not enough information to answer your original question.
>>> >>>> Where are you attempting to do this?
>>> >>>> The server side? the deployment side? the webapp side? or something
>>> >>>> else?
>>> >>>>
>>> >>>> --
>>> >>>> Joakim Erdfelt <joakim@xxxxxxxxxxx>
>>> >>>> webtide.com - intalio.com/jetty
>>> >>>> Expert advice, services and support from from the Jetty & CometD
>>> >>>> experts
>>> >>>> eclipse.org/jetty - cometd.org
>>> >>>>
>>> >>>>
>>> >>>> On Thu, Feb 13, 2014 at 4:51 PM, Tom Vaughan
>>> >>>> <tom.vaughan@xxxxxxxxxx>
>>> >>>> wrote:
>>> >>>>>
>>> >>>>> Thanks for the prompt reply; because of the way our
>>> >>>>> upgrade/deployment
>>> >>>>> process works it's going to be easier for me to change the
>>> >>>>> jetty-side
>>> >>>>> configuration than to change the application web.xmls
>>> >>>>>
>>> >>>>> Did the configuration I pasted in the original email look right?
>>> >>>>>
>>> >>>>>
>>> >>>>> On Thu, Feb 13, 2014 at 6:49 PM, Joakim Erdfelt
>>> >>>>> <joakim@xxxxxxxxxxx>
>>> >>>>> wrote:
>>> >>>>>>
>>> >>>>>> Jetty 8.x is Servlet 3.0, its easier to use the standard location
>>> >>>>>> in
>>> >>>>>> the WEB-INF/web.xml of your webapp.
>>> >>>>>>
>>> >>>>>> <session-config>
>>> >>>>>> <cookie-config>
>>> >>>>>> <secure>true</secure>
>>> >>>>>> </cookie-config>
>>> >>>>>> </session-config>
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> --
>>> >>>>>> Joakim Erdfelt <joakim@xxxxxxxxxxx>
>>> >>>>>> webtide.com - intalio.com/jetty
>>> >>>>>> Expert advice, services and support from from the Jetty & CometD
>>> >>>>>> experts
>>> >>>>>> eclipse.org/jetty - cometd.org
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> On Thu, Feb 13, 2014 at 4:37 PM, Tom Vaughan
>>> >>>>>> <tom.vaughan@xxxxxxxxxx>
>>> >>>>>> wrote:
>>> >>>>>>>
>>> >>>>>>> Hi -
>>> >>>>>>>
>>> >>>>>>> I'm upgrading from jetty 6.1.22 to 8.1.8 and I've notice that the
>>> >>>>>>> configuration for setting cookies to be secure has moved under a
>>> >>>>>>> layer of
>>> >>>>>>> indirection. I'm having trouble configuring it and I'm hoping
>>> >>>>>>> someone on
>>> >>>>>>> this list can clue me in to what I'm doing wrong.
>>> >>>>>>>
>>> >>>>>>> Basically, in 6.1.22 I could do this:
>>> >>>>>>>
>>> >>>>>>> <Get name="sessionHandler">
>>> >>>>>>> <Get name="sessionManager">
>>> >>>>>>> <Set name="secureCookies">true</Set>
>>> >>>>>>> </Get>
>>> >>>>>>> </Get>
>>> >>>>>>>
>>> >>>>>>> In 8.1.8 it looks like the code path should be:
>>> >>>>>>>
>>> >>>>>>>
>>> >>>>>>>
>>> >>>>>>> WebAppContext.getSessionHandler().getSessionManager().getSessionCookieConfig().setSecure(true);
>>> >>>>>>>
>>> >>>>>>> Seems straight forward enough.
>>> >>>>>>>
>>> >>>>>>> So here's my new context configuration:
>>> >>>>>>>
>>> >>>>>>> <Configure class="org.eclipse.jetty.webapp.WebAppContext">
>>> >>>>>>> <Get name="sessionHandler">
>>> >>>>>>> <Get name="sessionManager">
>>> >>>>>>> <Get name="sessionCookieConfig">
>>> >>>>>>> <Set name="secure" type="boolean">true</Set>
>>> >>>>>>> </Get>
>>> >>>>>>> </Get>
>>> >>>>>>> </Get>
>>> >>>>>>>
>>> >>>>>>> But when I start jetty, the context dies with this error in the
>>> >>>>>>> logs:
>>> >>>>>>> oejx.XmlConfiguration:Config error at true
>>> >>>>>>> java.lang.NoSuchMethodException: class
>>> >>>>>>>
>>> >>>>>>> org.eclipse.jetty.server.session.AbstractSessionManager$2.setSecure(boolean)
>>> >>>>>>>
>>> >>>>>>>
>>> >>>>>>> Why is it trying to call setSecure on the sessionManager instead
>>> >>>>>>> of
>>> >>>>>>> the sessionManager's sessionCookieConfig?
>>> >>>>>>>
>>> >>>>>>> Any thoughts?
>>> >>>>>>>
>>> >>>>>>> Thanks in advance!
>>> >>>>>>> Tom
>>> >>>>>>>
>>> >>>>>>>
>>> >>>>>>> P.S. this is an x-post of a stack overflow question, so if you
>>> >>>>>>> want
>>> >>>>>>> some karma, you can answer over there:
>>> >>>>>>>
>>> >>>>>>> http://stackoverflow.com/questions/21763824/setting-secure-cookies-on-jetty-6-8-upgrade
>>> >>>>>>>
>>> >>>>>>> _______________________________________________
>>> >>>>>>> jetty-users mailing list
>>> >>>>>>> jetty-users@xxxxxxxxxxx
>>> >>>>>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>> >>>>>>>
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> _______________________________________________
>>> >>>>>> jetty-users mailing list
>>> >>>>>> jetty-users@xxxxxxxxxxx
>>> >>>>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>> >>>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>> _______________________________________________
>>> >>>>> jetty-users mailing list
>>> >>>>> jetty-users@xxxxxxxxxxx
>>> >>>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>> >>>>>
>>> >>>>
>>> >>>
>>> >>>
>>> >>> _______________________________________________
>>> >>> jetty-users mailing list
>>> >>> jetty-users@xxxxxxxxxxx
>>> >>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>> >>>
>>> >>
>>> >
>>> >
>>> > _______________________________________________
>>> > jetty-users mailing list
>>> > jetty-users@xxxxxxxxxxx
>>> > https://dev.eclipse.org/mailman/listinfo/jetty-users
>>> >
>>>
>>>
>>>
>>> --
>>> Jan Bartel <janb@xxxxxxxxxxx>
>>> www.webtide.com
>>> 'Expert Jetty/CometD developer,production,operations advice'
>>> _______________________________________________
>>> jetty-users mailing list
>>> jetty-users@xxxxxxxxxxx
>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>
>>
>>
>> _______________________________________________
>> jetty-users mailing list
>> jetty-users@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>
>
>
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>
--
Jan Bartel <janb@xxxxxxxxxxx>
www.webtide.com
'Expert Jetty/CometD developer,production,operations advice'
