diff options
Diffstat (limited to 'src/main/java/org/traccar/web/WebServer.java')
-rw-r--r-- | src/main/java/org/traccar/web/WebServer.java | 42 |
1 files changed, 34 insertions, 8 deletions
diff --git a/src/main/java/org/traccar/web/WebServer.java b/src/main/java/org/traccar/web/WebServer.java index 12fa80d10..44d78cd27 100644 --- a/src/main/java/org/traccar/web/WebServer.java +++ b/src/main/java/org/traccar/web/WebServer.java @@ -1,5 +1,5 @@ /* - * Copyright 2012 - 2019 Anton Tananaev (anton@traccar.org) + * Copyright 2012 - 2020 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,6 +15,7 @@ */ package org.traccar.web; +import org.eclipse.jetty.http.HttpCookie; import org.eclipse.jetty.http.HttpMethod; import org.eclipse.jetty.http.HttpStatus; import org.eclipse.jetty.proxy.AsyncProxyServlet; @@ -32,6 +33,7 @@ import org.glassfish.jersey.server.ResourceConfig; import org.glassfish.jersey.servlet.ServletContainer; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.traccar.api.DateParameterConverterProvider; import org.traccar.config.Config; import org.traccar.api.AsyncSocketServlet; import org.traccar.api.CorsResponseFilter; @@ -44,6 +46,7 @@ import org.traccar.config.Keys; import javax.servlet.DispatcherType; import javax.servlet.ServletException; +import javax.servlet.SessionCookieConfig; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.File; @@ -75,12 +78,8 @@ public class WebServer { ServletContextHandler servletHandler = new ServletContextHandler(ServletContextHandler.SESSIONS); - int sessionTimeout = config.getInteger("web.sessionTimeout"); - if (sessionTimeout > 0) { - servletHandler.getSessionHandler().setMaxInactiveInterval(sessionTimeout); - } - initApi(config, servletHandler); + initSessionConfig(config, servletHandler); if (config.getBoolean("web.console")) { servletHandler.addServlet(new ServletHolder(new ConsoleServlet()), "/console/*"); @@ -161,12 +160,39 @@ public class WebServer { } ResourceConfig resourceConfig = new ResourceConfig(); - resourceConfig.registerClasses(JacksonFeature.class, ObjectMapperProvider.class, ResourceErrorHandler.class); - resourceConfig.registerClasses(SecurityRequestFilter.class, CorsResponseFilter.class); + resourceConfig.registerClasses( + JacksonFeature.class, ObjectMapperProvider.class, ResourceErrorHandler.class, + SecurityRequestFilter.class, CorsResponseFilter.class, DateParameterConverterProvider.class); resourceConfig.packages(ServerResource.class.getPackage().getName()); servletHandler.addServlet(new ServletHolder(new ServletContainer(resourceConfig)), "/api/*"); } + private void initSessionConfig(Config config, ServletContextHandler servletHandler) { + int sessionTimeout = config.getInteger("web.sessionTimeout"); + if (sessionTimeout > 0) { + servletHandler.getSessionHandler().setMaxInactiveInterval(sessionTimeout); + } + + String sameSiteCookie = config.getString(Keys.WEB_SAME_SITE_COOKIE); + if (sameSiteCookie != null) { + SessionCookieConfig sessionCookieConfig = servletHandler.getServletContext().getSessionCookieConfig(); + switch (sameSiteCookie.toLowerCase()) { + case "lax": + sessionCookieConfig.setComment(HttpCookie.SAME_SITE_LAX_COMMENT); + break; + case "strict": + sessionCookieConfig.setComment(HttpCookie.SAME_SITE_STRICT_COMMENT); + break; + case "none": + sessionCookieConfig.setSecure(true); + sessionCookieConfig.setComment(HttpCookie.SAME_SITE_NONE_COMMENT); + break; + default: + break; + } + } + } + public void start() { try { server.start(); |