Clone Tools
  • last updated 14 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Improved: Cannot find the declaration of element 'web-app' in version 3.0 files. (OFBIZ-6993)

I missed to backport changes web.xml (was OK in plugins)

  1. … 24 more files in changeset.
Reverted: "Fixed: add XML declaration in “web.xml” files (OFBIZ-6993)"

This reverts commit 3075027df7c82bcb381810d9d438150ef696254f.

  1. … 24 more files in changeset.
Reverted: "Fixed: add XML declaration in “web.xml” files (OFBIZ-6993)"

This reverts commit a93b1fcb7859a754ba84b810c4736e7ef6778689.

  1. … 24 more files in changeset.
Revert "Improved: Update “web.xml” files version 3.0 → 4.0 (OFBIZ-6993)"

This reverts commit 226e901981b68941bbcf3e1025d2208061d28db6.

  1. … 24 more files in changeset.
Reverted: "Fixed: add XML declaration in “web.xml” files (OFBIZ-6993)"

This reverts commit d1c037dca1ea14caf545c85c3741bb9af093f3c9.

  1. … 24 more files in changeset.
Improved: Update “web.xml” files version 3.0 → 4.0 (OFBIZ-6993)

  1. … 24 more files in changeset.
Fixed: add XML declaration in “web.xml” files (OFBIZ-6993)

these declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

  1. … 24 more files in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

  1. … 24 more files in changeset.
Fixed: add XML declaration in “web.xml” files (OFBIZ-6993)

these declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

  1. … 24 more files in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

  1. … 24 more files in changeset.
Fixed: add XML declaration in “web.xml” files (OFBIZ-6993)

these declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

  1. … 24 more files in changeset.
Improved: Add session tracking mode and make cookie secure (OFBIZ-6655)

Programmatically replaces the web.xml <session-config> declarations and uses

the @WebListener annotation to start the process. This avoid to duplicates

things everywhere in web.xml files. Since the web.xml files have precedence

on annotations, the setting can be easily overridden when necessary.

Now that we also use HTTPS in ecommerce the ecommerce session cookie is

also secured.

I also noted that we had 8 weird <session-timeout> declarations:

in solr component: <session-timeout>2</session-timeout>

in themes: <session-timeout>1</session-timeout>

Also in Rainbowstone we lacked the <cookie-config> and <tracking-mode>

declarations. I think it's not good.

I resolve these points by simply removing the <session-config> in web.xml files

of themes and Solr.

Thanks: Pradhan Yash Sharma for review

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/trunk@1811041 13f79535-47bb-0310-9956-ffa450edef68

  1. … 27 more files in changeset.
Completes r1726388 for the contentimages webapp placeholder (I did not notice it, because it's special I guess so not reported in log)

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@1735398 13f79535-47bb-0310-9956-ffa450edef68

Temporary fix for "UtilXml.LocalResolver.resolveEntity] could not find LOCAL DTD/Schema with publicId [null] and the file/resource is [web-app_3_0.xsd]" - https://issues.apache.org/jira/browse/OFBIZ-6807

As suggested by Deepak keeps only <<web-app version="3.0">> in web.xml files instead of whole xmlns and schemaLocation.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@1726388 13f79535-47bb-0310-9956-ffa450edef68

  1. … 53 more files in changeset.
2 modified patches from Rahul Bhammarker for "Add session tracking mode and make cookie secure" https://issues.apache.org/jira/browse/OFBIZ-6655

Need to enhance security at web-app level.

As per current implementation:

- The cookie containing the session identifier is not secure

- The session identifier is transmitted in the query string of the URL

To fix these issue we have to add following session config otpions in web.xml

{code}

<session-config>

<cookie-config>

<http-only>true</http-only>

<secure>true</secure>

</cookie-config>

<tracking-mode>COOKIE</tracking-mode>

</session-config>

{code}

Also we need to update the web-app servlet specification from 2.3 to 3.0

{code}

<web-app version="3.0"

xmlns="http://java.sun.com/xml/ns/javaee"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://java.sun.com/xml/ns/javaee

http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">

{code}

https://tomcat.apache.org/whichversion.html

jleroux: these are only the framework+themes+applications patches, with 3 entries not applied

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@1719872 13f79535-47bb-0310-9956-ffa450edef68

  1. … 26 more files in changeset.
Fixes https://issues.apache.org/jira/browse/OFBIZ-5305 "WebAppUtil.getWebappInfoFromWebsiteId throws IllegalArgumentException when web.xml not found"

I finally prefered to add an empty contenimages webapp.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk@1658622 13f79535-47bb-0310-9956-ffa450edef68