Re: [jetty-users] Issues with migrating Jetty-7.0.1 to Jetty-9.4.9

[Joakim Erdfelt <joakim@xxxxxxxxxxx>]

That's a lot of major versions to skip.

> Jetty versioning reminder (since 1995) - <servlet_support>.<major_version>.<minor_version>

You essentially jumped 14 major versions from 7.0 to 9.4.

org.eclipse.jetty.deploy.WebAppDeployer

That doesn't exist in the same way any more.

It's now a DeploymentManager with a AppProvider (in your case a WebAppProvider)

See embedded jetty examples for this setup at:

https://github.com/eclipse/jetty.project/blob/jetty-9.4.9.v20180320/examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java#L166-L184

The upgrade from Jetty 7 to 9 also upgraded your servlet support from 2.4 to 3.1 (a jump of 3 versions)

The Servlet 3.0 update introduced a javax.servlet.SessionCookieConfig where that kind of configuration is now present.

See: https://docs.oracle.com/javaee/7/api/javax/servlet/SessionCookieConfig.html

WebAppContext wc = (WebAppContext) hl;

SessionHandler sh = wc.getSessionHandler();

SessionManager sm = null;

if ( sh != null ) {

      sm = sh.getSessionIdManager();

      if ( sm != null ) {

         AbstractSessionManager asm = (AbstractSessionManager) sm;

         asm.setHttpOnly( true );   // <-- Lets take a look at this one

         asm.setSecureCookies( true );

         asm.setSessionIdPathParameterName( null );

         asm.setUsingCookies( true );

      }

}

In embedded-jetty you can use ...

wc.getSessionHandler().getSessionCookieConfig().setHttpOnly(httpOnly);

or you can even use the WEB-INF/web.xml (since you are using the WebAppContext).

Just set ...

<?xml version="1.0"?>

<web-app xmlns="http://java.sun.com/xml/ns/javaee"

      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee web-app_3_0.xsd"

      version="3.0">

     

      <session-config>

        <cookie-config>

           <http-only>true</http-only>

        </cookie-config>

      </session-config>

     

</web-app>

Also, don't forget to browse around the other embedded-jetty examples at both ...

• https://github.com/eclipse/jetty.project/tree/jetty-9.4.9.v20180320/examples/embedded/src/main/java/org/eclipse/jetty/embedded
  
• https://github.com/jetty-project/embedded-jetty-cookbook/tree/master/src/main/java/org/eclipse/jetty/cookbook
  

Joakim Erdfelt / joakim@xxxxxxxxxxx

On Fri, Apr 20, 2018 at 3:39 PM, Ike Ikonne <iikonne@xxxxxxxxxx> wrote:

Hi all,

I am migrating from Jetty-7.0.1 to Jetty-9.4.9 and have ran into the following issues?

What are the replacement for following classes in Jetty-9.4.9?

org.eclipse.jetty.deploy.WebAppDeployer;
org.eclipse.jetty.server.session.AbstractSessionManager;
org.eclipse.jetty.server.SessionManager;

I have not been able to locate the appropriate replacement for the above classes. I run Jetty in
an embedded mode and was able to control the following attributes programmatically:


WebAppContext wc = (WebAppContext) hl;
SessionHandler sh = wc.getSessionHandler();
SessionManager sm = null;
if ( sh != null ) {
      sm = sh.getSessionIdManager();
      if ( sm != null ) {
         AbstractSessionManager asm = (AbstractSessionManager) sm;
         asm.setHttpOnly( true );
         asm.setSecureCookies( true );
         asm.setSessionIdPathParameterName( null );
         asm.setUsingCookies( true );
      }
 }


Any help will be much appreciated.

Cheers,

Ike Ikonne


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users