You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2015/12/14 11:02:25 UTC
svn commit: r1719872 [1/2] - in /ofbiz/trunk:
applications/accounting/webapp/accounting/WEB-INF/
applications/accounting/webapp/ap/WEB-INF/
applications/accounting/webapp/ar/WEB-INF/
applications/commonext/webapp/WEB-INF/ applications/commonext/webapp/...
Author: jleroux
Date: Mon Dec 14 10:02:24 2015
New Revision: 1719872
URL: http://svn.apache.org/viewvc?rev=1719872&view=rev
Log:
2 modified patches from Rahul Bhammarker for "Add session tracking mode and make cookie secure" https://issues.apache.org/jira/browse/OFBIZ-6655
Need to enhance security at web-app level.
As per current implementation:
- The cookie containing the session identifier is not secure
- The session identifier is transmitted in the query string of the URL
To fix these issue we have to add following session config otpions in web.xml
{code}
<session-config>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
{code}
Also we need to update the web-app servlet specification from 2.3 to 3.0
{code}
<web-app version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
{code}
https://tomcat.apache.org/whichversion.html
jleroux: these are only the framework+themes+applications patches, with 3 entries not applied
Modified:
ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/web.xml
ofbiz/trunk/applications/accounting/webapp/ap/WEB-INF/web.xml
ofbiz/trunk/applications/accounting/webapp/ar/WEB-INF/web.xml
ofbiz/trunk/applications/commonext/webapp/WEB-INF/web.xml
ofbiz/trunk/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml
ofbiz/trunk/applications/commonext/webapp/ordermgr-js/WEB-INF/web.xml
ofbiz/trunk/applications/content/webapp/content/WEB-INF/web.xml
ofbiz/trunk/applications/content/webapp/contentimages/WEB-INF/web.xml
ofbiz/trunk/applications/humanres/webapp/humanres/WEB-INF/web.xml
ofbiz/trunk/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml
ofbiz/trunk/applications/marketing/webapp/marketing/WEB-INF/web.xml
ofbiz/trunk/applications/marketing/webapp/sfa/WEB-INF/web.xml
ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/web.xml
ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/web.xml
ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/web.xml
ofbiz/trunk/applications/product/webapp/facility/WEB-INF/web.xml
ofbiz/trunk/applications/workeffort/webapp/ical/WEB-INF/web.xml
ofbiz/trunk/applications/workeffort/webapp/workeffort/WEB-INF/web.xml
ofbiz/trunk/framework/images/webapp/images/WEB-INF/web.xml
ofbiz/trunk/framework/resources/templates/web.xml
ofbiz/trunk/framework/webtools/webapp/webtools/WEB-INF/web.xml
ofbiz/trunk/themes/bizznesstime/webapp/bizznesstime/WEB-INF/web.xml
ofbiz/trunk/themes/bluelight/webapp/bluelight/WEB-INF/web.xml
ofbiz/trunk/themes/droppingcrumbs/webapp/droppingcrumbs/WEB-INF/web.xml
ofbiz/trunk/themes/flatgrey/webapp/flatgrey/WEB-INF/web.xml
ofbiz/trunk/themes/multiflex/webapp/multiflex/WEB-INF/web.xml
ofbiz/trunk/themes/tomahawk/webapp/tomahawk/WEB-INF/web.xml
Modified: ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one
@@ -20,34 +19,38 @@ specific language governing permissions
under the License.
-->
-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Accounting Manager</display-name>
<description>Accounting Manager Module of the Apache OFBiz Project</description>
<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>accounting</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://accounting/widget/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<context-param>
+ <description>The location of the CommonPartyDecorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>partyDecoratorLocation</param-name>
<param-value>component://accounting/widget/CommonScreens.xml</param-value>
- <description>The location of the CommonPartyDecorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -77,9 +80,9 @@ under the License.
<!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -90,6 +93,11 @@ under the License.
<session-config>
<session-timeout>60</session-timeout> <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>
<welcome-file-list>
Modified: ofbiz/trunk/applications/accounting/webapp/ap/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/webapp/ap/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/accounting/webapp/ap/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/accounting/webapp/ap/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
@@ -16,34 +15,38 @@ KIND, either express or implied. See th
specific language governing permissions and limitations
under the License.
-->
-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Account Payable</display-name>
<description>Accounting Payable Module of the Apache OFBiz Project</description>
<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>ap</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://accounting/widget/ap/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<context-param>
+ <description>The location of the CommonPartyDecorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>partyDecoratorLocation</param-name>
<param-value>component://accounting/widget/CommonScreens.xml</param-value>
- <description>The location of the CommonPartyDecorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -71,9 +74,9 @@ under the License.
<!-- NOTE: not all app servers support mounting implementations of the HttpSessionActivationListener interface -->
<!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -83,6 +86,11 @@ under the License.
</servlet-mapping>
<session-config>
<session-timeout>60</session-timeout> <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
Modified: ofbiz/trunk/applications/accounting/webapp/ar/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/webapp/ar/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/accounting/webapp/ar/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/accounting/webapp/ar/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one
@@ -20,34 +19,38 @@ specific language governing permissions
under the License.
-->
-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Account Receivable</display-name>
<description>Accounting Receivable Module of the Apache OFBiz Project</description>
<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>ar</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://accounting/widget/ar/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<context-param>
+ <description>The location of the CommonPartyDecorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>partyDecoratorLocation</param-name>
<param-value>component://accounting/widget/CommonScreens.xml</param-value>
- <description>The location of the CommonPartyDecorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -77,9 +80,9 @@ under the License.
<!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -90,6 +93,11 @@ under the License.
<session-config>
<session-timeout>60</session-timeout> <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>
<welcome-file-list>
Modified: ofbiz/trunk/applications/commonext/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/commonext/webapp/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/commonext/webapp/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/commonext/webapp/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one
@@ -20,35 +19,39 @@ specific language governing permissions
under the License.
-->
-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Common application extension</display-name>
<description>Common application extension Module of the Apache OFBiz Project</description>
<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>commonext</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://commonext/widget/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<context-param>
+ <description>BeanShell Script Location</description>
<param-name>scriptLocationPath</param-name>
<param-value>/WEB-INF/bsh</param-value>
- <description>BeanShell Script Location</description>
</context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
- <display-name>ContextFilter</display-name>
- <filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
+ <display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
+ <filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
<param-value>N</param-value>
@@ -77,9 +80,9 @@ under the License.
<!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -90,6 +93,11 @@ under the License.
<session-config>
<session-timeout>60</session-timeout> <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>
</web-app>
Modified: ofbiz/trunk/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one
@@ -20,34 +19,38 @@
under the License.
-->
-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Setup Manager</display-name>
<description>Setup Manager Module of the Apache OFBiz Project</description>
<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>setup</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://commonext/widget/ofbizsetup/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<context-param>
+ <description>BeanShell Script Location</description>
<param-name>scriptLocationPath</param-name>
<param-value>/WEB-INF/bsh</param-value>
- <description>BeanShell Script Location</description>
</context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -77,9 +80,9 @@
<!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -90,6 +93,11 @@
<session-config>
<session-timeout>60</session-timeout> <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>
<welcome-file-list>
Modified: ofbiz/trunk/applications/commonext/webapp/ordermgr-js/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/commonext/webapp/ordermgr-js/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/commonext/webapp/ordermgr-js/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/commonext/webapp/ordermgr-js/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -16,11 +16,20 @@
limitations under the License.
-->
-<!DOCTYPE web-app
- PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
- "http://java.sun.com/dtd/web-app_2_3.dtd">
-
-<web-app>
+
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Empty placeholder</display-name>
<description>Empty placeholder, see http://svn.apache.org/viewvc?view=revision&revision=1612202 </description>
+ <session-config>
+ <session-timeout>60</session-timeout> <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
+ </session-config>
</web-app>
Modified: ofbiz/trunk/applications/content/webapp/content/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/webapp/content/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/content/webapp/content/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/content/webapp/content/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one
@@ -20,34 +19,38 @@ specific language governing permissions
under the License.
-->
-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Content Manager</display-name>
<description>Content Manager Module of the Apache OFBiz Project</description>
<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>content</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://content/widget/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<context-param>
+ <description>The location of the cms decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>cmsDecoratorLocation</param-name>
<param-value>component://content/widget/CommonScreens.xml</param-value>
- <description>The location of the cms decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -77,9 +80,9 @@ under the License.
<!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -90,6 +93,11 @@ under the License.
<session-config>
<session-timeout>60</session-timeout> <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>
<welcome-file-list>
Modified: ofbiz/trunk/applications/content/webapp/contentimages/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/webapp/contentimages/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/content/webapp/contentimages/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/content/webapp/contentimages/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -16,11 +16,24 @@
limitations under the License.
-->
-<!DOCTYPE web-app
- PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
- "http://java.sun.com/dtd/web-app_2_3.dtd">
-
-<web-app>
- <display-name>Empty placeholder</display-name>
+
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
+ <display-name> version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"Empty placeholder</display-name>
<description>Empty placeholder, see http://svn.apache.org/viewvc?view=revision&revision=1658621 </description>
+ <session-config>
+ <session-timeout>60</session-timeout> <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
+ </session-config>
</web-app>
Modified: ofbiz/trunk/applications/humanres/webapp/humanres/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/humanres/webapp/humanres/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/humanres/webapp/humanres/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/humanres/webapp/humanres/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one
@@ -20,29 +19,33 @@ specific language governing permissions
under the License.
-->
-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - HumanRes Manager</display-name>
<description>HumanRes Manager Module of the Apache OFBiz Project</description>
<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>Humanres</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://humanres/widget/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -72,9 +75,9 @@ under the License.
<!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -85,6 +88,11 @@ under the License.
<session-config>
<session-timeout>60</session-timeout> <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>
<welcome-file-list>
Modified: ofbiz/trunk/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one
@@ -20,28 +19,32 @@ specific language governing permissions
under the License.
-->
-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Manufacturing Manager</display-name>
<description>Manufacturing Manager Module by TAU Informatica srl</description>
<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>manufacturing</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
- <param-name>mainDecoratorLocation</param-name>
- <param-value>component://manufacturing/widget/manufacturing/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
+ <param-name>mainDecoratorLocation</param-name>
+ <param-value>component://manufacturing/widget/manufacturing/CommonScreens.xml</param-value>
</context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -71,8 +74,8 @@ under the License.
<!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
<servlet>
- <servlet-name>ControlServlet</servlet-name>
<display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<description>Main Control Servlet</description>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
@@ -84,6 +87,11 @@ under the License.
<session-config>
<session-timeout>60</session-timeout> <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>
<welcome-file-list>
Modified: ofbiz/trunk/applications/marketing/webapp/marketing/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/marketing/webapp/marketing/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/marketing/webapp/marketing/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/marketing/webapp/marketing/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one
@@ -20,34 +19,38 @@ specific language governing permissions
under the License.
-->
-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Marketing Manager</display-name>
<description>Marketing Manager Module of the Apache OFBiz Project</description>
<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>marketing</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>BeanShell Script Location</description>
<param-name>scriptLocationPath</param-name>
<param-value>/WEB-INF/bsh</param-value>
- <description>BeanShell Script Location</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://marketing/widget/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -77,9 +80,9 @@ under the License.
<!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -90,6 +93,11 @@ under the License.
<session-config>
<session-timeout>60</session-timeout> <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>
<welcome-file-list>
Modified: ofbiz/trunk/applications/marketing/webapp/sfa/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/marketing/webapp/sfa/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/marketing/webapp/sfa/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/marketing/webapp/sfa/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one
@@ -20,29 +19,33 @@ specific language governing permissions
under the License.
-->
-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - SFA Manager</display-name>
<description>SFA Manager Module of the Apache OFBiz Project</description>
<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>sfa</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://marketing/widget/sfa/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -72,9 +75,9 @@ under the License.
<!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -85,6 +88,11 @@ under the License.
<session-config>
<session-timeout>60</session-timeout> <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>
<welcome-file-list>
Modified: ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one
@@ -20,29 +19,33 @@ specific language governing permissions
under the License.
-->
-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Order Manager</display-name>
<description>Order Manager Module of the Apache OFBiz Project</description>
<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>order</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://order/widget/ordermgr/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -73,16 +76,16 @@ under the License.
<!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
- <servlet-name>CatalogUrlServlet</servlet-name>
- <display-name>CatalogUrlServlet</display-name>
<description>Catalog (Category/Product) URL Servlet</description>
+ <display-name>CatalogUrlServlet</display-name>
+ <servlet-name>CatalogUrlServlet</servlet-name>
<servlet-class>org.ofbiz.product.category.CatalogUrlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -98,6 +101,11 @@ under the License.
<session-config>
<session-timeout>60</session-timeout> <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>
<welcome-file-list>
Modified: ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one
@@ -20,30 +19,34 @@ specific language governing permissions
under the License.
-->
-<web-app>
- <display-name>Apache OFBiz - Party Manager</display-name>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<description>Party Manager Module of the Apache OFBiz Project</description>
+ <display-name>Apache OFBiz - Party Manager</display-name>
<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>partymgr</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://party/widget/partymgr/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
- <display-name>ContextFilter</display-name>
- <filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
+ <display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
+ <filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
<param-value>N</param-value>
@@ -70,11 +73,11 @@ under the License.
<listener><listener-class>org.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
<!-- NOTE: not all app servers support mounting implementations of the HttpSessionActivationListener interface -->
<!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
+ <description>Main Control Servlet</description>
<servlet>
- <servlet-name>ControlServlet</servlet-name>
<display-name>ControlServlet</display-name>
- <description>Main Control Servlet</description>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -85,6 +88,11 @@ under the License.
<session-config>
<session-timeout>60</session-timeout> <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>
<welcome-file-list>
Modified: ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one
@@ -20,29 +19,33 @@ specific language governing permissions
under the License.
-->
-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Catalog</display-name>
<description>Catalog Module of the Apache OFBiz Project</description>
<context-param>
- <param-name>entityDelegatorName</param-name>
- <param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
+ <param-name>entityDelegatorName</param-name>
+ <param-value>default</param-value>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>catalog</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://product/widget/catalog/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -72,17 +75,17 @@ under the License.
<!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
- <servlet-name>ImageUrlServlet</servlet-name>
- <display-name>ImageUrlServlet</display-name>
<description>Image URL Servlet</description>
+ <display-name>ImageUrlServlet</display-name>
+ <servlet-name>ImageUrlServlet</servlet-name>
<servlet-class>org.ofbiz.product.imagemanagement.ImageUrlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -99,6 +102,11 @@ under the License.
<session-config>
<session-timeout>60</session-timeout> <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>
<welcome-file-list>
Modified: ofbiz/trunk/applications/product/webapp/facility/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/webapp/facility/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/product/webapp/facility/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/product/webapp/facility/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one
@@ -20,34 +19,38 @@ specific language governing permissions
under the License.
-->
-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - Facility Manager</display-name>
<description>Facility Manager Module of the Apache OFBiz Project</description>
<context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
<param-name>entityDelegatorName</param-name>
<param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
</context-param>
<context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
<param-name>localDispatcherName</param-name>
<param-value>facility</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://product/widget/facility/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<context-param>
+ <description>The location of the CommonFacilityDecorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>commonFacilityDecoratorLocation</param-name>
<param-value>component://product/widget/facility/CommonScreens.xml</param-value>
- <description>The location of the CommonFacilityDecorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -77,16 +80,16 @@ under the License.
<!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
- <servlet-name>ShippingAPI</servlet-name>
- <display-name>ShippingAPI</display-name>
<description>Mock USPS Webtools API Servlet</description>
+ <display-name>ShippingAPI</display-name>
+ <servlet-name>ShippingAPI</servlet-name>
<servlet-class>org.ofbiz.shipment.thirdparty.usps.UspsMockApiServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
@@ -101,6 +104,11 @@ under the License.
<session-config>
<session-timeout>60</session-timeout> <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>
<welcome-file-list>
Modified: ofbiz/trunk/applications/workeffort/webapp/ical/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/workeffort/webapp/ical/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/workeffort/webapp/ical/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/workeffort/webapp/ical/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one
@@ -20,28 +19,32 @@ specific language governing permissions
under the License.
-->
-<web-app>
- <display-name>Apache OFBiz - iCalendar Server</display-name>
- <description>iCalendar Server Module of the Apache OFBiz Project</description>
-
- <context-param>
- <param-name>entityDelegatorName</param-name>
- <param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
- </context-param>
- <context-param>
- <param-name>localDispatcherName</param-name>
- <param-value>ical</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
- </context-param>
- <context-param>
- <param-name>requestHandlerFactoryClass</param-name>
- <param-value>org.ofbiz.workeffort.workeffort.ICalHandlerFactory</param-value>
- </context-param>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
+ <display-name>Apache OFBiz - iCalendar Server</display-name>
+ <description>iCalendar Server Module of the Apache OFBiz Project</description>
+
+ <context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
+ <param-name>entityDelegatorName</param-name>
+ <param-value>default</param-value>
+ </context-param>
+ <context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
+ <param-name>localDispatcherName</param-name>
+ <param-value>ical</param-value>
+ </context-param>
+ <context-param>
+ <param-name>requestHandlerFactoryClass</param-name>
+ <param-value>org.ofbiz.workeffort.workeffort.ICalHandlerFactory</param-value>
+ </context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -49,7 +52,9 @@ under the License.
</init-param>
<init-param>
<param-name>allowedPaths</param-name>
- <param-value>/error:/control:/select:/index.html:/index.jsp:/default.html:/default.jsp:/images:/includes/maincss.css</param-value>
+ <param-value>
+ /error:/control:/select:/index.html:/index.jsp:/default.html:/default.jsp:/images:/includes/maincss.css
+ </param-value>
</init-param>
<init-param>
<param-name>errorCode</param-name>
@@ -62,30 +67,40 @@ under the License.
</filter>
<filter-mapping>
<filter-name>ContextFilter</filter-name>
- <url-pattern>/*</url-pattern>
+ <url-pattern>/*</url-pattern>
</filter-mapping>
- <listener><listener-class>org.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
- <listener><listener-class>org.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
- <!-- NOTE: not all app servers support mounting implementations of the HttpSessionActivationListener interface -->
- <!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
-
- <servlet>
- <servlet-name>iCalendarServlet</servlet-name>
- <display-name>iCalendarServlet</display-name>
- <description>iCalendar WebDAV Servlet</description>
- <servlet-class>org.ofbiz.webapp.webdav.WebDavServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>iCalendarServlet</servlet-name>
- <url-pattern>/*</url-pattern>
- </servlet-mapping>
-
- <session-config>
- <session-timeout>60</session-timeout> <!-- in minutes -->
- </session-config>
-
- <welcome-file-list>
- <welcome-file>index.jsp</welcome-file>
- </welcome-file-list>
+ <listener>
+ <listener-class>org.ofbiz.webapp.control.ControlEventListener</listener-class>
+ </listener>
+ <listener>
+ <listener-class>org.ofbiz.webapp.control.LoginEventListener</listener-class>
+ </listener>
+ <!-- NOTE: not all app servers support mounting implementations of the HttpSessionActivationListener interface -->
+ <!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
+
+ <servlet>
+ <description>iCalendar WebDAV Servlet</description>
+ <display-name>iCalendarServlet</display-name>
+ <servlet-name>iCalendarServlet</servlet-name>
+ <servlet-class>org.ofbiz.webapp.webdav.WebDavServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>iCalendarServlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <session-config>
+ <session-timeout>60</session-timeout>
+ <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
+ </session-config>
+
+ <welcome-file-list>
+ <welcome-file>index.jsp</welcome-file>
+ </welcome-file-list>
</web-app>
Modified: ofbiz/trunk/applications/workeffort/webapp/workeffort/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/workeffort/webapp/workeffort/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/applications/workeffort/webapp/workeffort/WEB-INF/web.xml (original)
+++ ofbiz/trunk/applications/workeffort/webapp/workeffort/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one
@@ -20,34 +19,40 @@ specific language governing permissions
under the License.
-->
-<web-app>
- <display-name>Apache OFBiz - Work Manager</display-name>
- <description>Work Manager Module of the Apache OFBiz Project</description>
-
- <context-param>
- <param-name>entityDelegatorName</param-name>
- <param-value>default</param-value>
- <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
- </context-param>
- <context-param>
- <param-name>localDispatcherName</param-name>
- <param-value>workeffort</param-value>
- <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
- </context-param>
- <context-param>
- <param-name>scriptLocationPath</param-name>
- <param-value>/WEB-INF/bsh</param-value>
- <description>BeanShell Script Location</description>
- </context-param>
- <context-param>
- <param-name>mainDecoratorLocation</param-name>
- <param-value>component://workeffort/widget/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
- </context-param>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
+ <display-name>Apache OFBiz - Work Manager</display-name>
+ <description>Work Manager Module of the Apache OFBiz Project</description>
+
+ <context-param>
+ <description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
+ <param-name>entityDelegatorName</param-name>
+ <param-value>default</param-value>
+ </context-param>
+ <context-param>
+ <description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
+ <param-name>localDispatcherName</param-name>
+ <param-value>workeffort</param-value>
+ </context-param>
+ <context-param>
+ <description>BeanShell Script Location</description>
+ <param-name>scriptLocationPath</param-name>
+ <param-value>/WEB-INF/bsh</param-value>
+ </context-param>
+ <context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable
+ in screen def XML files.
+ </description>
+ <param-name>mainDecoratorLocation</param-name>
+ <param-value>component://workeffort/widget/CommonScreens.xml</param-value>
+ </context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param>
<param-name>disableContextSecurity</param-name>
@@ -55,7 +60,9 @@ under the License.
</init-param>
<init-param>
<param-name>allowedPaths</param-name>
- <param-value>/error:/control:/select:/index.html:/index.jsp:/default.html:/default.jsp:/images:/includes/maincss.css</param-value>
+ <param-value>
+ /error:/control:/select:/index.html:/index.jsp:/default.html:/default.jsp:/images:/includes/maincss.css
+ </param-value>
</init-param>
<init-param>
<param-name>errorCode</param-name>
@@ -68,90 +75,100 @@ under the License.
</filter>
<filter-mapping>
<filter-name>ContextFilter</filter-name>
- <url-pattern>/*</url-pattern>
+ <url-pattern>/*</url-pattern>
</filter-mapping>
- <listener><listener-class>org.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
- <listener><listener-class>org.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
- <!-- NOTE: not all app servers support mounting implementations of the HttpSessionActivationListener interface -->
- <!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
-
- <servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
- <description>Main Control Servlet</description>
- <servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>ControlServlet</servlet-name>
- <url-pattern>/control/*</url-pattern>
- </servlet-mapping>
-
- <session-config>
- <session-timeout>60</session-timeout> <!-- in minutes -->
- </session-config>
-
- <welcome-file-list>
- <welcome-file>index.jsp</welcome-file>
- </welcome-file-list>
-<!--
- <error-page>
- <error-code>403</error-code>
- <location>/error/error403.jsp</location>
- </error-page>
- <error-page>
- <error-code>404</error-code>
- <location>/error/error404.jsp</location>
- </error-page>
- <error-page>
- <error-code>410</error-code>
- <location>/error/error.jsp</location>
- </error-page>
- <error-page>
- <error-code>500</error-code>
- <location>/error/error.jsp</location>
- </error-page>
--->
-
-<!-- HTTP Response Code definitions:
-| "400" ; Bad Request
-| "401" ; Unauthorized
-| "402" ; Payment Required
-| "403" ; Forbidden
-| "404" ; Not Found
-| "405" ; Method Not Allowed
-| "406" ; Not Acceptable
-| "407" ; Proxy Authentication Required
-| "408" ; Request Time-out
-| "409" ; Conflict
-| "410" ; Gone
-| "411" ; Length Required
-| "412" ; Precondition Failed
-| "413" ; Request Entity Too Large
-| "414" ; Request-URI Too Large
-| "415" ; Unsupported Media Type
-| "500" ; Internal Server Error
-| "501" ; Not Implemented
-| "502" ; Bad Gateway
-| "503" ; Service Unavailable
-| "504" ; Gateway Time-out
-| "505" ; HTTP Version not supported
--->
-
-<!--
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>Entire Site</web-resource-name>
- <description>Entire Site</description>
- <url-pattern>/*</url-pattern>
- </web-resource-collection>
--->
+ <listener>
+ <listener-class>org.ofbiz.webapp.control.ControlEventListener</listener-class>
+ </listener>
+ <listener>
+ <listener-class>org.ofbiz.webapp.control.LoginEventListener</listener-class>
+ </listener>
+ <!-- NOTE: not all app servers support mounting implementations of the HttpSessionActivationListener interface -->
+ <!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
+
+ <servlet>
+ <description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
+ <servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>ControlServlet</servlet-name>
+ <url-pattern>/control/*</url-pattern>
+ </servlet-mapping>
+
+ <session-config>
+ <session-timeout>60</session-timeout>
+ <!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
+ </session-config>
+
+ <welcome-file-list>
+ <welcome-file>index.jsp</welcome-file>
+ </welcome-file-list>
+ <!--
+ <error-page>
+ <error-code>403</error-code>
+ <location>/error/error403.jsp</location>
+ </error-page>
+ <error-page>
+ <error-code>404</error-code>
+ <location>/error/error404.jsp</location>
+ </error-page>
+ <error-page>
+ <error-code>410</error-code>
+ <location>/error/error.jsp</location>
+ </error-page>
+ <error-page>
+ <error-code>500</error-code>
+ <location>/error/error.jsp</location>
+ </error-page>
+ -->
+
+ <!-- HTTP Response Code definitions:
+ | "400" ; Bad Request
+ | "401" ; Unauthorized
+ | "402" ; Payment Required
+ | "403" ; Forbidden
+ | "404" ; Not Found
+ | "405" ; Method Not Allowed
+ | "406" ; Not Acceptable
+ | "407" ; Proxy Authentication Required
+ | "408" ; Request Time-out
+ | "409" ; Conflict
+ | "410" ; Gone
+ | "411" ; Length Required
+ | "412" ; Precondition Failed
+ | "413" ; Request Entity Too Large
+ | "414" ; Request-URI Too Large
+ | "415" ; Unsupported Media Type
+ | "500" ; Internal Server Error
+ | "501" ; Not Implemented
+ | "502" ; Bad Gateway
+ | "503" ; Service Unavailable
+ | "504" ; Gateway Time-out
+ | "505" ; HTTP Version not supported
+ -->
+
+ <!--
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Entire Site</web-resource-name>
+ <description>Entire Site</description>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ -->
<!-- For enabling SSL, specify CONFIDENTIAL or INTEGRAL. -->
-<!--
- <user-data-constraint>
- <transport-guarantee>CONFIDENTIAL</transport-guarantee>
- </user-data-constraint>
- </security-constraint>
--->
+ <!--
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+ -->
</web-app>
Modified: ofbiz/trunk/framework/images/webapp/images/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/images/webapp/images/WEB-INF/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/framework/images/webapp/images/WEB-INF/web.xml (original)
+++ ofbiz/trunk/framework/images/webapp/images/WEB-INF/web.xml Mon Dec 14 10:02:24 2015
@@ -1,5 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
@@ -19,12 +18,21 @@ specific language governing permissions
under the License.
-->
-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - demostore images</display-name>
<description>Demo Store Images for the Apache OFBiz Project</description>
<session-config>
<session-timeout>1</session-timeout>
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
</session-config>
<welcome-file-list>
Modified: ofbiz/trunk/framework/resources/templates/web.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/resources/templates/web.xml?rev=1719872&r1=1719871&r2=1719872&view=diff
==============================================================================
--- ofbiz/trunk/framework/resources/templates/web.xml (original)
+++ ofbiz/trunk/framework/resources/templates/web.xml Mon Dec 14 10:02:24 2015
@@ -1,6 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
-<web-app>
+<web-app version="3.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Apache OFBiz - @component-resource-name@ Component</display-name>
<description>@component-resource-name@ Component of the Apache OFBiz Project</description>
@@ -10,17 +13,17 @@
<description>A unique ID used to look up the WebSite entity. Only for component using a WebSite entity, like ecommerce</description>
</context-param-->
<context-param>
- <param-name>localDispatcherName</param-name><param-value>@component-name@</param-value>
<description>A unique name used to identify/recognize the local dispatcher for the Service Engine</description>
+ <param-name>localDispatcherName</param-name><param-value>@component-name@</param-value>
</context-param>
<context-param>
- <param-name>entityDelegatorName</param-name><param-value>default</param-value>
<description>The Name of the Entity Delegator to use, defined in entityengine.xml</description>
+ <param-name>entityDelegatorName</param-name><param-value>default</param-value>
</context-param>
<context-param>
+ <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
<param-name>mainDecoratorLocation</param-name>
<param-value>component://@component-name@/widget/CommonScreens.xml</param-value>
- <description>The location of the main-decorator screen to use for this webapp; referred to as a context variable in screen def XML files.</description>
</context-param>
<!--
<context-param>
@@ -30,14 +33,14 @@
</context-param>
-->
<context-param>
+ <description>Remove unnecessary whitespace from HTML output.</description>
<param-name>compressHTML</param-name>
<param-value>false</param-value>
- <description>Remove unnecessary whitespace from HTML output.</description>
</context-param>
<filter>
- <filter-name>ContextFilter</filter-name>
<display-name>ContextFilter</display-name>
+ <filter-name>ContextFilter</filter-name>
<filter-class>org.ofbiz.webapp.control.ContextFilter</filter-class>
<init-param><param-name>disableContextSecurity</param-name><param-value>N</param-value></init-param>
<init-param>
@@ -55,15 +58,22 @@
<!-- <listener><listener-class>org.ofbiz.webapp.control.ControlActivationEventListener</listener-class></listener> -->
<servlet>
- <servlet-name>ControlServlet</servlet-name>
- <display-name>ControlServlet</display-name>
<description>Main Control Servlet</description>
+ <display-name>ControlServlet</display-name>
+ <servlet-name>ControlServlet</servlet-name>
<servlet-class>org.ofbiz.webapp.control.ControlServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping><servlet-name>ControlServlet</servlet-name><url-pattern>/control/*</url-pattern></servlet-mapping>
- <session-config><session-timeout>60</session-timeout><!-- in minutes --></session-config>
+ <session-config>
+ <session-timeout>60</session-timeout><!-- in minutes -->
+ <cookie-config>
+ <http-only>true</http-only>
+ <secure>true</secure>
+ </cookie-config>
+ <tracking-mode>COOKIE</tracking-mode>
+ </session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>