From 9e4022b4a40b2142e098de83ff446666d7c5f1aa Mon Sep 17 00:00:00 2001 From: Jacques Le Roux Date: Sat, 7 Sep 2024 18:05:17 +0200 Subject: [PATCH] Fixed: Logout may create a "HTTP Status 500 - Internal Server Error" (OFBIZ-13136) Sets COOKIE in catalina/config/web.xml Removes WebAppServletContextListener class See https://lists.apache.org/thread/j05xh3rwcto6tnmgyj8704n8xc9mf4r6 for details --- framework/catalina/config/web.xml | 1 + .../control/WebAppServletContextListener.java | 60 ------------------- 2 files changed, 1 insertion(+), 60 deletions(-) delete mode 100644 framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/WebAppServletContextListener.java diff --git a/framework/catalina/config/web.xml b/framework/catalina/config/web.xml index 7f07edfb5ad..02d59701620 100644 --- a/framework/catalina/config/web.xml +++ b/framework/catalina/config/web.xml @@ -22,6 +22,7 @@ 60 + COOKIE diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/WebAppServletContextListener.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/WebAppServletContextListener.java deleted file mode 100644 index bc559a002b4..00000000000 --- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/WebAppServletContextListener.java +++ /dev/null @@ -1,60 +0,0 @@ -/******************************************************************************* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - *******************************************************************************/ -package org.apache.ofbiz.webapp.control; - -import java.util.EnumSet; - -import javax.servlet.ServletContext; -import javax.servlet.ServletContextEvent; -import javax.servlet.ServletContextListener; -import javax.servlet.SessionCookieConfig; -import javax.servlet.SessionTrackingMode; -import javax.servlet.annotation.WebListener; - -import org.apache.ofbiz.base.util.UtilProperties; - -@WebListener -public class WebAppServletContextListener implements ServletContextListener { - - /* (non-Javadoc) - * @see javax.servlet.ServletContextListener#contextInitialized(javax.servlet.ServletContextEvent) - */ - @Override - public void contextInitialized(ServletContextEvent sce) { - ServletContext servletContext = sce.getServletContext(); - servletContext.setSessionTrackingModes(EnumSet.of(SessionTrackingMode.COOKIE)); - SessionCookieConfig sessionCookieConfig = servletContext.getSessionCookieConfig(); - sessionCookieConfig.setHttpOnly(true); - sessionCookieConfig.setSecure(true); - sessionCookieConfig.setComment("Created by Apache OFBiz WebAppServletContextListener"); - String cookieDomain = UtilProperties.getPropertyValue("url", "cookie.domain", ""); - if (!cookieDomain.isEmpty()) sessionCookieConfig.setDomain(cookieDomain); - sessionCookieConfig.setMaxAge(60 * 60 * 24 * 365); - sessionCookieConfig.setPath(servletContext.getContextPath()); - } - - /* (non-Javadoc) - * @see javax.servlet.ServletContextListener#contextDestroyed(javax.servlet.ServletContextEvent) - */ - @Override - public void contextDestroyed(ServletContextEvent sce) { - // TODO For now we don't need anything here - } - -}