Discussion:
[jetty-users] Issues with migrating Jetty-7.0.1 to Jetty-9.4.9
Ike Ikonne
2018-04-20 20:39:24 UTC
Permalink
Hi all,

I am migrating from Jetty-7.0.1 to Jetty-9.4.9 and have ran into the
following issues?

What are the replacement for following classes in Jetty-9.4.9?

org.eclipse.jetty.deploy.WebAppDeployer;
org.eclipse.jetty.server.session.AbstractSessionManager;
org.eclipse.jetty.server.SessionManager;

I have not been able to locate the appropriate replacement for the above
classes. I run Jetty in
an embedded mode and was able to control the following attributes
programmatically:


WebAppContext wc = (WebAppContext) hl;
SessionHandler sh = wc.getSessionHandler();
SessionManager sm = null;
if ( sh != null ) {
sm = sh.getSessionIdManager();
if ( sm != null ) {
AbstractSessionManager asm = (AbstractSessionManager) sm;
asm.setHttpOnly( true );
asm.setSecureCookies( true );
asm.setSessionIdPathParameterName( null );
asm.setUsingCookies( true );
}
}


Any help will be much appreciated.

Cheers,

Ike Ikonne
Joakim Erdfelt
2018-04-20 21:56:02 UTC
Permalink
That's a lot of major versions to skip.
Jetty versioning reminder (since 1995) -
<servlet_support>.<major_version>.<minor_version>

You essentially jumped 14 major versions from 7.0 to 9.4.

org.eclipse.jetty.deploy.WebAppDeployer

That doesn't exist in the same way any more.
It's now a DeploymentManager with a AppProvider (in your case a
WebAppProvider)

See embedded jetty examples for this setup at:

https://github.com/eclipse/jetty.project/blob/jetty-9.4.9.v20180320/examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java#L166-L184

The upgrade from Jetty 7 to 9 also upgraded your servlet support from 2.4
to 3.1 (a jump of 3 versions)

The Servlet 3.0 update introduced a javax.servlet.SessionCookieConfig where
that kind of configuration is now present.

See:
https://docs.oracle.com/javaee/7/api/javax/servlet/SessionCookieConfig.html

WebAppContext wc = (WebAppContext) hl;
SessionHandler sh = wc.getSessionHandler();
SessionManager sm = null;
if ( sh != null ) {
sm = sh.getSessionIdManager();
if ( sm != null ) {
AbstractSessionManager asm = (AbstractSessionManager) sm;
asm.setHttpOnly( true ); *// <-- Lets take a look at this one*
asm.setSecureCookies( true );
asm.setSessionIdPathParameterName( null );
asm.setUsingCookies( true );
}
}

In embedded-jetty you can use ...

wc.getSessionHandler().getSessionCookieConfig().setHttpOnly(httpOnly);

or you can even use the WEB-INF/web.xml (since you are using the
WebAppContext).

Just set ...

<?xml version="1.0"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee web-app_3_0.xsd"
*version="3.0"*>

<session-config>
<cookie-config>
*<http-only>true</http-only>*
</cookie-config>
</session-config>

</web-app>

Also, don't forget to browse around the other embedded-jetty examples at
both ...

-
https://github.com/eclipse/jetty.project/tree/jetty-9.4.9.v20180320/examples/embedded/src/main/java/org/eclipse/jetty/embedded
-
https://github.com/jetty-project/embedded-jetty-cookbook/tree/master/src/main/java/org/eclipse/jetty/cookbook
Hi all,
I am migrating from Jetty-7.0.1 to Jetty-9.4.9 and have ran into the
following issues?
What are the replacement for following classes in Jetty-9.4.9?
org.eclipse.jetty.deploy.WebAppDeployer;
org.eclipse.jetty.server.session.AbstractSessionManager;
org.eclipse.jetty.server.SessionManager;
I have not been able to locate the appropriate replacement for the above
classes. I run Jetty in
an embedded mode and was able to control the following attributes
WebAppContext wc = (WebAppContext) hl;
SessionHandler sh = wc.getSessionHandler();
SessionManager sm = null;
if ( sh != null ) {
sm = sh.getSessionIdManager();
if ( sm != null ) {
AbstractSessionManager asm = (AbstractSessionManager) sm;
asm.setHttpOnly( true );
asm.setSecureCookies( true );
asm.setSessionIdPathParameterName( null );
asm.setUsingCookies( true );
}
}
Any help will be much appreciated.
Cheers,
Ike Ikonne
_______________________________________________
jetty-users mailing list
To change your delivery options, retrieve your password, or unsubscribe
from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
Ike Ikonne
2018-04-21 05:05:27 UTC
Permalink
Hi Joakim,

Thanks a bunch, I would have never figured out where these things are now
in Jetty-9.4.9. You have definitely given me a good lead.

Thanks,

Ike



From: Joakim Erdfelt <***@webtide.com>
To: JETTY user mailing list <jetty-***@eclipse.org>
Date: 04/20/2018 04:56 PM
Subject: Re: [jetty-users] Issues with migrating Jetty-7.0.1 to
Jetty-9.4.9
Sent by: jetty-users-***@eclipse.org



That's a lot of major versions to skip.
Jetty versioning reminder (since 1995) -
<servlet_support>.<major_version>.<minor_version>

You essentially jumped 14 major versions from 7.0 to 9.4.

org.eclipse.jetty.deploy.WebAppDeployer

That doesn't exist in the same way any more.
It's now a DeploymentManager with a AppProvider (in your case a
WebAppProvider)

See embedded jetty examples for this setup at:

https://github.com/eclipse/jetty.project/blob/jetty-9.4.9.v20180320/examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java#L166-L184

The upgrade from Jetty 7 to 9 also upgraded your servlet support from 2.4
to 3.1 (a jump of 3 versions)

The Servlet 3.0 update introduced a javax.servlet.SessionCookieConfig
where that kind of configuration is now present.

See:
https://docs.oracle.com/javaee/7/api/javax/servlet/SessionCookieConfig.html

WebAppContext wc = (WebAppContext) hl;
SessionHandler sh = wc.getSessionHandler();
SessionManager sm = null;
if ( sh != null ) {
sm = sh.getSessionIdManager();
if ( sm != null ) {
AbstractSessionManager asm = (AbstractSessionManager) sm;
asm.setHttpOnly( true ); // <-- Lets take a look at this one
asm.setSecureCookies( true );
asm.setSessionIdPathParameterName( null );
asm.setUsingCookies( true );
}
}

In embedded-jetty you can use ...

wc.getSessionHandler().getSessionCookieConfig().setHttpOnly(httpOnly);

or you can even use the WEB-INF/web.xml (since you are using the
WebAppContext).

Just set ...

<?xml version="1.0"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
web-app_3_0.xsd"
version="3.0">

<session-config>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
</session-config>

</web-app>

Also, don't forget to browse around the other embedded-jetty examples at
both ...
https://github.com/eclipse/jetty.project/tree/jetty-9.4.9.v20180320/examples/embedded/src/main/java/org/eclipse/jetty/embedded
https://github.com/jetty-project/embedded-jetty-cookbook/tree/master/src/main/java/org/eclipse/jetty/cookbook

Joakim Erdfelt / ***@webtide.com

On Fri, Apr 20, 2018 at 3:39 PM, Ike Ikonne <***@us.ibm.com> wrote:
Hi all,

I am migrating from Jetty-7.0.1 to Jetty-9.4.9 and have ran into the
following issues?

What are the replacement for following classes in Jetty-9.4.9?

org.eclipse.jetty.deploy.WebAppDeployer;
org.eclipse.jetty.server.session.AbstractSessionManager;
org.eclipse.jetty.server.SessionManager;

I have not been able to locate the appropriate replacement for the above
classes. I run Jetty in
an embedded mode and was able to control the following attributes
programmatically:


WebAppContext wc = (WebAppContext) hl;
SessionHandler sh = wc.getSessionHandler();
SessionManager sm = null;
if ( sh != null ) {
sm = sh.getSessionIdManager();
if ( sm != null ) {
AbstractSessionManager asm = (AbstractSessionManager) sm;
asm.setHttpOnly( true );
asm.setSecureCookies( true );
asm.setSessionIdPathParameterName( null );
asm.setUsingCookies( true );
}
}


Any help will be much appreciated.

Cheers,

Ike Ikonne


_______________________________________________
jetty-users mailing list
jetty-***@eclipse.org
To change your delivery options, retrieve your password, or unsubscribe
from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-***@eclipse.org
To change your delivery options, retrieve your password, or unsubscribe
from this list, visit
https://urldefense.proofpoint.com/v2/url?u=https-3A__dev.eclipse.org_mailman_listinfo_jetty-2Dusers&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=agWnQZZC-kGOwhPE6XrovGlSsnjanlizIW98DPVSs3M&m=ghFrYJLQ7X39usTqYaq7XZxKWyXPlACctfXMePnYSQQ&s=JlFa-_LWl3vy-6XxnRooz5-S7rYYQHW0m-IcQLj3uzo&e=
Loading...