Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-10451

Configure and test session cookie security config for enterprise containers

    XMLWordPrintable

Details

    Description

      AT

      • Add session cookie security configuration to Webapps
        • secure flag is disabled
        • http-only flag is enabled
      • For JBoss EAP adjust web.xml as follows: 
        <web-app
  version="3.0"
  xmlns="http://java.sun.com/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
  ...
  <session-config>
    <cookie-config>
      <http-only>true</http-only>
      <secure>false</secure>
    </cookie-config>
  </session-config>
      • For WebLogic adjust weblogic.xml as follows: 
        <?xml version="1.0" encoding="UTF-8"?>
<weblogic-web-app xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd">
...
<session-descriptor>
  <cookie-http-only>true</cookie-http-only>
  <cookie-secure>false</cookie-secure>
</session-descriptor>
      • Add integration test that validates presence of the configuration => this is part of CAM-10447

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Activity

            People

              Unassigned Unassigned
              tassilo.weidner Tassilo Weidner
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Salesforce