如何配置JBoss 4.0.来使会话cookie HttpOnly安全吗? [英] How to configure JBoss 4.0.* to make session cookie HttpOnly and secure?*

查看：205 发布时间：2021/4/24 18:36:36 session-cookies configure jboss-4.0.x cookie-httponly

本文介绍了如何配置JBoss 4.0.*来使会话cookie HttpOnly安全吗?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我尝试过

< Context cookies="true" crossContext="true">

< SessionCookie secure="true" httpOnly="true" />

在context.xml中，但在jboss4.0中无法识别

in context.xml but it is not recognising in jboss4.0

String sessionid = req.getSession().getId();
 resp.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid + ";Path="+req.getContextPath()+"; Secure; Domain="+req.getServerName()+"; HttpOnly");

对于第二个请求，它不允许获取会话的会话验证对象，因此显示会话过期页面

for 2nd request it not allowing to get session validation object for session so it is showing session expired page

public void doFilter(final ServletRequest req, final ServletResponse res, final FilterChain filterChain) throws IOException, ServletException {

                final HttpServletResponse response = (HttpServletResponse) res;

                final HttpServletRequest request = (HttpServletRequest) req;
                    System.out.println(response.containsHeader("SET-COOKIE"));
                if (response.containsHeader("Set-Cookie")) {  // *******

                    response.setHeader("SET-COOKIE", "JSESSIONID=" + request.getSession().getId() + "; Path=" + request.getContextPath()

                            + "; HttpOnly" + (request.isSecure()?SECURE_FLAG : ""));

                }

                filterChain.doFilter(req, res);

        }

如果我使用上述过滤器，则response.containsHeader("SET-COOKIE")或response.containsHeader("Set-Cookie")始终返回false

IF I use above filter response.containsHeader("SET-COOKIE") or response.containsHeader("Set-Cookie") is always return false

任何人都可以给我解决方案，将jboss 4.0 Jsessionid标志配置为安全且只有httponly

can any one give me solution for jboss 4.0 Jsessionid flag configuration as secure and httponly

推荐答案

在 server/default/deploy/jboss-web.deployer/conf/web.xml 下code> org.jboss.web.tomcat.filters.ReplyHeaderFilter 并在初始化期间添加设置的cookie参数，即

Under server/default/deploy/jboss-web.deployer/conf/web.xml look for a filter that calls the org.jboss.web.tomcat.filters.ReplyHeaderFilter and add the set cookie params during initialization i.e

<filter>
  <filter-name>CommonHeadersFilter</filter-name>
  <filter-class>org.jboss.web.tomcat.filters.ReplyHeaderFilter</filter-class>
  <init-param>
     <param-name>X-Powered-By</param-name>
     <param-value>Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)/JBossWeb-2.0;</param-value>
  </init-param>     
    <init-param>
        <param-name>Set-Cookie</param-name>
        <param-value>Secure; HttpOnly</param-value>
    </init-param>

这篇关于如何配置JBoss 4.0.*来使会话cookie HttpOnly安全吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

如何配置JBoss 4.0.来使会话cookie HttpOnly安全吗? [英] How to configure JBoss 4.0.* to make session cookie HttpOnly and secure?*

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

如何配置JBoss 4.0.*来使会话cookie HttpOnly安全吗? [英] How to configure JBoss 4.0.* to make session cookie HttpOnly and secure?

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

如何配置JBoss 4.0.来使会话cookie HttpOnly安全吗? [英] How to configure JBoss 4.0.* to make session cookie HttpOnly and secure?*

登录关闭