java 如何在 Wildfly 中激活安全 cookie?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31163475/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to activate secure cookies in Wildfly?
提问by gurghet
I'm trying to add the secure flag to my cookies for a web app in Wildfly (version 8.2). In the documentation page of the servlet container settingsyou'll find that the children of the “servlet-container” are:
我正在尝试将安全标志添加到 Wildfly(8.2 版)中的网络应用程序的 cookie 中。在servlet 容器设置的文档页面中,您会发现“servlet-container”的子项是:
- jsp
- persistent-sessions
- session-cookie
- websockets
- jsp
- 持久会话
- 会话cookie
- 网络套接字
However I only have jspand websockets. How do I access the session-cookie settings? If I can't, how to I add the secure flag to my cookies?
但是我只有jsp和websockets。如何访问会话 cookie 设置?如果不能,如何将安全标志添加到我的 cookie 中?
UPDATE: I can't access the web.xml files inside the wars, only wildfly configuration files.
更新:我无法访问War中的 web.xml 文件,只能访问 Wildfly 配置文件。
回答by Federico Sierra
Try following command via jboss-cli:
通过 jboss-cli 尝试以下命令:
/subsystem=undertow/servlet-container=default/setting=session-cookie:add(http-only=true,secure=true)
or in your standalone.xml:
或在您的 standalone.xml 中:
<servlet-container name="default">
<session-cookie http-only="true" secure="true"/>
<jsp-config/>
</servlet-container>
参考:http: //wildscribe.github.io/Wildfly/8.2.0.Final/subsystem/undertow/servlet-container/setting/session-cookie/index.html
回答by Scott Bennett-McLeish
One can easily configure the secureflag and it's security cousin http-onlyflag by adding the following to your web.xml.
通过将以下内容添加到您的 web.xml 中,可以轻松配置安全标志及其安全表亲http-only标志。
<session-config>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
</session-config>
