如何在Jetty上的Spring应用程序中将jsessionid cookie路径更改为服务器根目录? [英] How to change jsessionid cookie path to server root in Spring app on Jetty?
问题描述
我有一个Jetty服务器在 / app
上下文中运行Spring应用程序。该应用程序使用会话,因此它设置会话cookie,响应如下:
I have a Jetty server running a Spring app on the /app
context. The app uses sessions, so it sets a session cookie, which responds like this:
set-cookie:JSESSIONID=679b6291-d1cc-47be-bbf6-7ec75214f4e5; Path=/app; HttpOnly
我需要该cookie的路径为 /
而不是webapp的上下文。另外,我想使用安全的cookie。我想要这个回复:
I need that cookie to have a path of /
instead of the webapp's context. Plus I want to use secure cookies. I want this response:
set-cookie:JSESSIONID=679b6291-d1cc-47be-bbf6-7ec75214f4e5; Path=/; HttpOnly; Secure
配置会话cookie的适当位置在哪里?春天有助于此吗?它应该在 web.xml
中吗?或者我是否需要以容器特定的方式配置它,例如 jetty-web.xml
?
Where is the proper place to configure the session cookie? Does spring help with this? Should it be in web.xml
? Or do I need to configure it in a container specific way, such as jetty-web.xml
?
I我尝试了很多东西,但到目前为止还没有任何工作。以下是我尝试的一些事情。
I've tried a bunch of things, but nothing has worked so far. Below are some things I tried.
使用以下内容创建 WEB-INF / jetty-web.xml
:
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="sessionHandler">
<Get name="sessionManager">
<Set name="sessionCookie">MYJETTYSESSION</Set>
<Set name="sessionPath">/</Set>
<Set name="secureCookies" type="boolean">true</Set>
<Set name="httpOnly" type="boolean">true</Set>
</Get>
</Get>
</Configure>
这会导致抛出异常:
2012-10-05 02:41:41.180:WARN:oejx.XmlConfiguration:Config error at <Set name="sessionPath">/</Set> java.lang.NoSuchMethodException: class org.eclipse.jetty.server.session.HashSessionManager.setSessionPath(class java.lang.String)
2012-10-05 02:41:41.180:WARN:oejx.XmlConfiguration:Config error at <Get name="sessionManager"><Set name="sessionCookie">MYJETTYSESSION</Set><Set name="sessionPath">/</Set><Set name="secureCookies">true</Set><Set name="httpOnly">true</Set></Get> java.lang.NoSuchMethodException: class org.eclipse.jetty.server.session.HashSessionManager.setSessionPath(class java.lang.String)
2012-10-05 02:41:41.180:WARN:oejx.XmlConfiguration:Config error at <Get name="sessionHandler"><Get name="sessionManager"><Set name="sessionCookie">MYJETTYSESSION</Set><Set name="sessionPath">/</Set><Set name="secureCookies">true</Set><Set name="httpOnly">true</Set></Get></Get> java.lang.NoSuchMethodException: class
完整的堆栈跟踪在这个要点。
使用以下内容创建 WEB-INF / jetty-web.xml
:
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Call name="setInitParameter">
<Arg>org.eclipse.jetty.servlet.SessionCookie</Arg>
<Arg>MYSESSIONID</Arg>
</Call>
<Call name="setInitParameter">
<Arg>org.eclipse.jetty.servlet.SessionIdPathParameterName</Arg>
<Arg>mysessionid</Arg>
</Call>
<Call name="setInitParameter">
<Arg>org.eclipse.jetty.servlet.SessionPath</Arg>
<Arg>/</Arg>
</Call>
</Configure>
这不会导致任何异常,但cookie仍然是 JSESSIONID
并包含webapp上下文路径 / app
。
This does not cause any exception, but the cookie is still JSESSIONID
and contains the webapp context path /app
.
使用以下内容更新 WEB-INF / web.xml
:
<context-param>
<param-name>org.eclipse.jetty.servlet.SessionPath</param-name>
<param-value>/</param-value>
</context-param>
<context-param>
<param-name>org.eclipse.jetty.servlet.SessionCookie</param-name>
<param-value>MYSESS</param-value>
</context-param>
这不会导致任何异常,但cookie仍然是 JSESSIONID
并包含webapp上下文路径 / app
。
This does not cause any exception, but the cookie is still JSESSIONID
and contains the webapp context path /app
.
使用以下内容更新 WEB-INF / web.xml
:
<session-config>
<session-timeout>720</session-timeout>
<cookie-config>
<name>SZSESSION</name>
<path>/</path>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
</session-config>
这不会导致任何异常,但cookie仍然是 JSESSIONID
并包含webapp上下文路径 / app
。
This does not cause any exception, but the cookie is still JSESSIONID
and contains the webapp context path /app
.
请注意,我正在使用Jetty Maven插件版本8.1.5.v20120716并执行 mvn jetty:运行
:
Note that I'm using Jetty Maven Plugin version 8.1.5.v20120716 and doing a mvn jetty:run
:
<jetty.maven.plugin.version>8.1.5.v20120716</jetty.maven.plugin.version>
<spring.version>3.0.0.RELEASE</spring.version>
...
<plugin>
<groupId>org.mortbay.jetty</groupId>
<artifactId>jetty-maven-plugin</artifactId>
<version>${jetty.maven.plugin.version}</version>
<configuration>
<scanIntervalSeconds>10</scanIntervalSeconds>
<reload>manual</reload>
<stopPort>${jetty.stop.port}</stopPort>
<stopKey>foo</stopKey>
<webAppConfig>
<contextPath>/app</contextPath>
</webAppConfig>
</configuration>
...
</plugin>
推荐答案
尝试#4是在正确的轨道上。
Attempt #4 is on the right track.
提供我正在阅读此权利,您正在使用上下文/应用程序中的maven配置,这意味着在您的web.xml中/您的设置是 / app因为这是您正在配置的上下文的根目录。
Providing I am reading this right, you're using the maven configuration on the context /app which means in your web.xml the / your settings is /app because that is the root of the context you're configuring.
换句话说,如果你不能为www.foo.com/配置会话只是部署到www.foo.com/app上下文中,想象一下如果其他人正在将应用程序部署到该URL中,您不能仅仅决定让您的会话cookie适用于在该URL下运行的每个人。
Put another way you can't configure the session for www.foo.com/ if you are only deploying into the www.foo.com/app context, imagine if someone else were deploying apps into that url, you can't just decide to make your session cookies apply to everyone operating under that url.
这篇关于如何在Jetty上的Spring应用程序中将jsessionid cookie路径更改为服务器根目录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!