Improved: Add session tracking mode and make cookie secure (OFBIZ-6655) Programmatically replaces the web.xml <session-config> declarations and uses the @WebListener annotation to start the process. This avoid to duplicates things everywhere in web.xml files. Since the web.xml files have precedence on annotations, the setting can be easily overridden when necessary.
Now that we also use HTTPS in ecommerce the ecommerce session cookie is also secured.
I also noted that we had 8 weird <session-timeout> declarations: in solr component: <session-timeout>2</session-timeout> in themes: <session-timeout>1</session-timeout>
Also in Rainbowstone we lacked the <cookie-config> and <tracking-mode> declarations. I think it's not good.
I resolve these points by simply removing the <session-config> in web.xml files of themes and Solr.
Implemented: removed the "controller" related logic, that is now provided by the new ControlFilter, from the ContextFilter; modified existing applications to use the two filters in a chain; removed from the other specialized filters all the logic that was duplicated or extended from ContextFilter. A web application, in order to leverage the OFBiz framework, requires that a series of objects are in its contexts (servlet context, session and request) such as "delegator", "delegatorName", "dispatcher", "security" etc. etc... This setup is performed by the logic contained in the servlet filter implemented by the ContextFilter class. The execution of this logic is required for the application to run properly. However, before this commit, in the ContextFilter there was other logic, related to access control and redirection rules (some of them performed in coordination with the ControlServlet), making it difficult to deploy this filter in all the web applications, especially the ones that implement special handling of paths. In fact, this filter was deployed in most but not all the web application in the OFBiz codebase: specifically it was not deployed in web applications that require the execution of other filters (e.g. CatalogUrlFilter, etc...) like the ones in the "ecommerce" and "solr" components.