You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2020/03/20 16:52:57 UTC
[ofbiz-framework] branch trunk updated: Fixed: Ensure that the
SameSite attribute is set to 'strict' for all cookies.
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 369d5f6 Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.
369d5f6 is described below
commit 369d5f6c95fdf1aa5b0c03c15db878a1719a63ab
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Fri Mar 20 17:50:17 2020 +0100
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.
(OFBIZ-11470)
As reported by OWASP ZAP:
A cookie has been set without the SameSite attribute, which means that the
cookie can be sent as a result of a 'cross-site' request. The SameSite attribute
is an effective counter measure to cross-site request forgery, cross-site script
inclusion, and timing attacks.
The solution was not obvious in OFBiz for 2 reasons:
1. There is no HttpServletResponse::setHeader. So we need to use a filter
(SameSiteFilter) and even that is not enough because of 2:
2. To prevent session fixation we force Tomcat to generates a new jsessionId,
ultimately put in cookie, in LoginWorker::login. So we need to add a call to
SameSiteFilter::addSameSiteCookieAttribute in
UtilHttp::setResponseBrowserDefaultSecurityHeaders.
---
applications/accounting/webapp/accounting/WEB-INF/web.xml | 9 +++++++++
applications/accounting/webapp/ap/WEB-INF/web.xml | 9 +++++++++
applications/accounting/webapp/ar/WEB-INF/web.xml | 9 +++++++++
applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml | 9 +++++++++
applications/content/webapp/content/WEB-INF/web.xml | 9 +++++++++
applications/humanres/webapp/humanres/WEB-INF/web.xml | 9 +++++++++
applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml | 9 +++++++++
applications/marketing/webapp/sfa/WEB-INF/web.xml | 9 +++++++++
applications/order/webapp/ordermgr/WEB-INF/web.xml | 9 +++++++++
applications/product/webapp/catalog/WEB-INF/web.xml | 9 +++++++++
applications/product/webapp/facility/WEB-INF/web.xml | 9 +++++++++
applications/workeffort/webapp/ical/WEB-INF/web.xml | 9 +++++++++
applications/workeffort/webapp/workeffort/WEB-INF/web.xml | 9 +++++++++
.../base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java | 3 +++
framework/resources/templates/web.xml | 6 ++++++
framework/webtools/webapp/webtools/WEB-INF/web.xml | 9 +++++++++
16 files changed, 135 insertions(+)
diff --git a/applications/accounting/webapp/accounting/WEB-INF/web.xml b/applications/accounting/webapp/accounting/WEB-INF/web.xml
index 958bf07..6b9f534 100644
--- a/applications/accounting/webapp/accounting/WEB-INF/web.xml
+++ b/applications/accounting/webapp/accounting/WEB-INF/web.xml
@@ -62,6 +62,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -70,6 +75,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/accounting/webapp/ap/WEB-INF/web.xml b/applications/accounting/webapp/ap/WEB-INF/web.xml
index 83b385d..012dc92 100644
--- a/applications/accounting/webapp/ap/WEB-INF/web.xml
+++ b/applications/accounting/webapp/ap/WEB-INF/web.xml
@@ -58,6 +58,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -66,6 +71,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
<!-- NOTE: not all app servers support mounting implementations of the HttpSessionActivationListener interface -->
diff --git a/applications/accounting/webapp/ar/WEB-INF/web.xml b/applications/accounting/webapp/ar/WEB-INF/web.xml
index c791dcf..253aee7 100644
--- a/applications/accounting/webapp/ar/WEB-INF/web.xml
+++ b/applications/accounting/webapp/ar/WEB-INF/web.xml
@@ -62,6 +62,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -70,6 +75,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml b/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml
index 4a4a671..587bb33 100644
--- a/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml
+++ b/applications/commonext/webapp/ofbizsetup/WEB-INF/web.xml
@@ -57,6 +57,11 @@
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -65,6 +70,10 @@
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/content/webapp/content/WEB-INF/web.xml b/applications/content/webapp/content/WEB-INF/web.xml
index 55c0ab7..a2a80e6 100644
--- a/applications/content/webapp/content/WEB-INF/web.xml
+++ b/applications/content/webapp/content/WEB-INF/web.xml
@@ -62,6 +62,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -70,6 +75,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/humanres/webapp/humanres/WEB-INF/web.xml b/applications/humanres/webapp/humanres/WEB-INF/web.xml
index 3bd35e7..16c4955 100644
--- a/applications/humanres/webapp/humanres/WEB-INF/web.xml
+++ b/applications/humanres/webapp/humanres/WEB-INF/web.xml
@@ -57,6 +57,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -65,6 +70,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml b/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml
index c34f385..32bb756 100644
--- a/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml
+++ b/applications/manufacturing/webapp/manufacturing/WEB-INF/web.xml
@@ -62,6 +62,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -70,6 +75,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/marketing/webapp/sfa/WEB-INF/web.xml b/applications/marketing/webapp/sfa/WEB-INF/web.xml
index af6880b..f68879a 100644
--- a/applications/marketing/webapp/sfa/WEB-INF/web.xml
+++ b/applications/marketing/webapp/sfa/WEB-INF/web.xml
@@ -57,6 +57,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -65,6 +70,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/order/webapp/ordermgr/WEB-INF/web.xml b/applications/order/webapp/ordermgr/WEB-INF/web.xml
index 26fc673..bd39803 100644
--- a/applications/order/webapp/ordermgr/WEB-INF/web.xml
+++ b/applications/order/webapp/ordermgr/WEB-INF/web.xml
@@ -57,6 +57,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -65,6 +70,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/product/webapp/catalog/WEB-INF/web.xml b/applications/product/webapp/catalog/WEB-INF/web.xml
index 4125e88..d3d2ecf 100644
--- a/applications/product/webapp/catalog/WEB-INF/web.xml
+++ b/applications/product/webapp/catalog/WEB-INF/web.xml
@@ -57,6 +57,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -65,6 +70,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/product/webapp/facility/WEB-INF/web.xml b/applications/product/webapp/facility/WEB-INF/web.xml
index ec7a0bc..2e00ad2 100644
--- a/applications/product/webapp/facility/WEB-INF/web.xml
+++ b/applications/product/webapp/facility/WEB-INF/web.xml
@@ -62,6 +62,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -70,6 +75,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/applications/workeffort/webapp/ical/WEB-INF/web.xml b/applications/workeffort/webapp/ical/WEB-INF/web.xml
index c795300..e77e201 100644
--- a/applications/workeffort/webapp/ical/WEB-INF/web.xml
+++ b/applications/workeffort/webapp/ical/WEB-INF/web.xml
@@ -56,6 +56,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -64,6 +69,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener>
<listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class>
diff --git a/applications/workeffort/webapp/workeffort/WEB-INF/web.xml b/applications/workeffort/webapp/workeffort/WEB-INF/web.xml
index a403b05..8d39a5a 100644
--- a/applications/workeffort/webapp/workeffort/WEB-INF/web.xml
+++ b/applications/workeffort/webapp/workeffort/WEB-INF/web.xml
@@ -59,6 +59,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -67,6 +72,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener>
<listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class>
diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
index 84ab2cb..169ed10 100644
--- a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
+++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
@@ -76,6 +76,7 @@ import org.apache.http.ssl.SSLContexts;
import org.apache.ofbiz.entity.Delegator;
import org.apache.ofbiz.entity.util.EntityUtilProperties;
import org.apache.ofbiz.webapp.control.ConfigXMLReader;
+import org.apache.ofbiz.webapp.control.SameSiteFilter;
import org.apache.ofbiz.webapp.event.FileUploadProgressListener;
import org.apache.ofbiz.widget.renderer.VisualTheme;
@@ -1131,6 +1132,8 @@ public final class UtilHttp {
resp.setHeader("Content-Security-Policy-Report-Only", "default-src 'self'");
+ SameSiteFilter.addSameSiteCookieAttribute(resp);
+
// TODO in custom project. Public-Key-Pins-Report-Only is interesting but can't be used OOTB because of demos (the letsencrypt certificate is renewed every 3 months)
}
diff --git a/framework/resources/templates/web.xml b/framework/resources/templates/web.xml
index 7009a1f..2bccf7f 100644
--- a/framework/resources/templates/web.xml
+++ b/framework/resources/templates/web.xml
@@ -61,8 +61,14 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping><filter-name>ControlFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
<filter-mapping><filter-name>ContextFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
+ <filter-mapping><filter-name>SameSiteFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
<listener><listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class></listener>
<listener><listener-class>org.apache.ofbiz.webapp.control.LoginEventListener</listener-class></listener>
diff --git a/framework/webtools/webapp/webtools/WEB-INF/web.xml b/framework/webtools/webapp/webtools/WEB-INF/web.xml
index 9604feb..0f6a3d5 100644
--- a/framework/webtools/webapp/webtools/WEB-INF/web.xml
+++ b/framework/webtools/webapp/webtools/WEB-INF/web.xml
@@ -63,6 +63,11 @@ under the License.
<filter-name>ContextFilter</filter-name>
<filter-class>org.apache.ofbiz.webapp.control.ContextFilter</filter-class>
</filter>
+ <filter>
+ <display-name>SameSiteFilter</display-name>
+ <filter-name>SameSiteFilter</filter-name>
+ <filter-class>org.apache.ofbiz.webapp.control.SameSiteFilter</filter-class>
+ </filter>
<filter-mapping>
<filter-name>ControlFilter</filter-name>
<url-pattern>/*</url-pattern>
@@ -71,6 +76,10 @@ under the License.
<filter-name>ContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <filter-mapping>
+ <filter-name>SameSiteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<listener>
<listener-class>org.apache.ofbiz.webapp.control.ControlEventListener</listener-class>