web.xmlΒΆ
[engineDir]/configuration/reference/web.xml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 | <?xml version="1.0" encoding="UTF-8"?>
<!--
========================================================================
Configures the embedded Tomcat Webserver of Axon.ivy
========================================================================
This file shows the default configuration of the the embedded Tomcat Webserver.
Copy contents of this reference file to 'configuration/web.xml' before adjusting
them to your needs. Changing this file has no effect.
See apache tomcat documentation for more information about this configuration:
http://tomcat.apache.org/tomcat-9.0-doc/config/
After a change in the web.xml a restart of Axon.ivy is required
to apply the new configuration.
-->
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0">
<!-- ======================= Error pages ================================ -->
<!--
Custom error pages can be added with error-page elements.
The referenced error-page must be placed in the folder 'webapps/ivy'.
Use /faces location-prefix for xhtml pages.
The pre-configured default error page is:
-->
<error-page>
<location>/faces/ivy-error-page.xhtml</location>
</error-page>
<!--
By adding the <exception-type> tag to the <error-page> configuration
it is also possible to configure a specific error page for status codes
or kind of exceptions:
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/faces/custom-exception-error-page.xhtml</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/faces/custom-404-error-page.xhtml</location>
</error-page>
Implementation:
Use the 'ErrorPageMBean' to retrieve information about the thrown exception and the environment:
https://developer.axonivy.com/doc/latest/public-api/ch/ivyteam/ivy/webserver/ErrorPageMBean.html
-->
<!-- ==================== Default Session Configuration ================= -->
<session-config>
<!--
session-timeout: [default=30]
Defines the amount of time in minutes after which an inactive user session will be closed.
Closing sessions means that server side state (e.g. Html Dialog instance) is flushed.
-->
<session-timeout>30</session-timeout>
<!--
cookie-config/secure: [default=false]
Enable the secure flag when accessing the Webserver over HTTPS (strongly recommended).
When enabled the session cookie is only transmitted over HTTPS and not over HTTP.
-->
<!--
<cookie-config>
<secure>true</secure>
</cookie-config>
-->
</session-config>
<!-- ==================== Security Headers ============================== -->
<!-- Some commonly recommended HTTP Security Headers are configured here -->
<!-- for all the web applications. -->
<!-- These Security Headers are added on the HTTP Responses -->
<!-- to the Client Browser. -->
<!-- But not all Security Headers are supported by all Web browsers. -->
<!-- See: https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html -->
<!-- -->
<!-- |=========================|===============| -->
<!-- | HEADER | VALUE | -->
<!-- |=========================|===============| -->
<!-- | X-Frame-Options | SAMEORIGIN | -->
<!-- | X-XSS-Protection | 1; mode=block | -->
<!-- | X-Content-Type-Options | nosniff | -->
<!-- |=========================|===============| -->
<filter-mapping>
<filter-name>httpSecurityHeaders</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter>
<filter-name>httpSecurityHeaders</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
</web-app>
|