Hippo 7.8 and servlet 3.0

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Hippo 7.8 and servlet 3.0

Wouter Danes-2

Hi guys,

 

I’ve got the 7.8 archetype running under Java 7 and Tomcat 7, so far so good.. J Thanks for getting that working with Java 6 reaching EOL. J

One issue though: Tomcat 7 gives us servlet 3.0, which means http-only cookies which is a big boon for frontend security. The problem is though that someone decided to rename the servlet-api artifact from servlet-api to javax.servlet-api.

So now I’m stuck: AFAIK there is no formal way to “exclude” dependencies from a parent pom (and there really shouldn’t be..). I’m stuck with using the commons-logging-version-99 hack for now I guess.

 

Preferred method would be to move to servlet 3.0 completely from the hippo parent pom, that would solve my problem.. Or run with two poms: one for servlet 2.5 and one for servlet 3.0..

 

WDYT?

 

Regards,

 

Wouter Danes


_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html
Reply | Threaded
Open this post in threaded view
|

Re: Hippo 7.8 and servlet 3.0

Wouter Danes-2

This does work, but I’m not sure what kind of hell you get yourself into.. It basically relies on the “more local POM” overriding classes from libraries in POMs more up in the dependency tree.

 

In your own project’s parent pom.xml, do the following:

 

Add this to the <properties> section:

        <!-- We want servlet 3.0 for secure, http only cookies -->

        <servlet-api-3.version>3.0.1</servlet-api-3.version>

 

Add this to the  <dependencyManagement> section:

            <!-- New dependency for servlet 3.0 -->

            <dependency>

                <groupId>javax.servlet</groupId>

                <artifactId>javax.servlet-api</artifactId>

                <version>${servlet-api-3.version}</version>

                <scope>provided</scope>

            </dependency>

 

Add this section to your POM, by default it doesn’t have a <dependencies> section:

    <dependencies>

        <dependency>

            <groupId>javax.servlet</groupId>

            <artifactId>javax.servlet-api</artifactId>

        </dependency>

    </dependencies>

 

For me, this allowed me to use the new Cookie class that has the setHttpOnly() method. I tested it by changing the dobeforerender in the Detail.java from the archetype and I got a proper “ HttpOnly” cookie back in my browser..

 

Sorry for the question, typing it and hitting “send” gave me the above idea.:)

 

Regards,

 

Wouter

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Wouter Danes
Sent: dinsdag 1 januari 2013 20:47
To: Hippo CMS 7 development public mailinglist ([hidden email])
Subject: [Hippo-cms7-user] Hippo 7.8 and servlet 3.0

 

Hi guys,

 

I’ve got the 7.8 archetype running under Java 7 and Tomcat 7, so far so good.. J Thanks for getting that working with Java 6 reaching EOL. J

One issue though: Tomcat 7 gives us servlet 3.0, which means http-only cookies which is a big boon for frontend security. The problem is though that someone decided to rename the servlet-api artifact from servlet-api to javax.servlet-api.

So now I’m stuck: AFAIK there is no formal way to “exclude” dependencies from a parent pom (and there really shouldn’t be..). I’m stuck with using the commons-logging-version-99 hack for now I guess.

 

Preferred method would be to move to servlet 3.0 completely from the hippo parent pom, that would solve my problem.. Or run with two poms: one for servlet 2.5 and one for servlet 3.0..

 

WDYT?

 

Regards,

 

Wouter Danes


_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html