fix session timeout issue
removed tiles various small cleanups added session service to aid in debugging session issues
This commit is contained in:
lawson89
@ -156,13 +156,13 @@
|
||||
</init-param>
|
||||
|
||||
<init-param>
|
||||
<!-- Specify an address where you would like comments to be sent. -->
|
||||
<!-- This can be any URL or HTML tags, and will appear on the report card and lesson incomplete pages -->
|
||||
<!-- Use iso8859-1 encoding to represent special characters that might confuse XML parser. For
|
||||
example, replace "<" with "<" and ">" with ">". -->
|
||||
<!-- Specify an address where you would like comments to be sent. -->
|
||||
<!-- This can be any URL or HTML tags, and will appear on the report card and lesson incomplete pages -->
|
||||
<!-- Use iso8859-1 encoding to represent special characters that might confuse XML parser. For
|
||||
example, replace "<" with "<" and ">" with ">". -->
|
||||
<param-name>FeedbackAddress</param-name>
|
||||
<param-value>
|
||||
<A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org</A>
|
||||
<A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org</A>
|
||||
</param-value>
|
||||
</init-param>
|
||||
|
||||
@ -179,15 +179,11 @@
|
||||
The string "${USER}" in the connection string will be replaced by the active username
|
||||
when making a connection.
|
||||
-->
|
||||
<param-value>
|
||||
jdbc:hsqldb:mem:${USER}
|
||||
</param-value>
|
||||
<param-value>jdbc:hsqldb:mem:${USER}</param-value>
|
||||
</init-param>
|
||||
|
||||
<!-- Load this servlet at server startup time -->
|
||||
|
||||
<load-on-startup>5</load-on-startup>
|
||||
|
||||
</servlet>
|
||||
|
||||
|
||||
@ -245,8 +241,6 @@
|
||||
<!-- end spring security -->
|
||||
|
||||
|
||||
|
||||
|
||||
<!-- Define mappings that are used by the servlet container to
|
||||
translate a particular request URI (context-relative) to a
|
||||
particular servlet. The examples below correspond to the
|
||||
@ -318,7 +312,6 @@
|
||||
in minutes. From a servlet or JSP page, you can modify
|
||||
the timeout for a particular session dynamically by using
|
||||
HttpSession.getMaxInactiveInterval(). -->
|
||||
|
||||
<session-config>
|
||||
<!-- 2 days -->
|
||||
<session-timeout>2880</session-timeout>
|
||||
@ -333,75 +326,5 @@
|
||||
<welcome-file>login.mvc</welcome-file>
|
||||
</welcome-file-list>
|
||||
|
||||
<!-- Define reference to the user database for looking up roles -->
|
||||
<!--
|
||||
<resource-env-ref>
|
||||
<description>
|
||||
Link to the UserDatabase instance from which we request lists of
|
||||
defined role names. Typically, this will be connected to the global
|
||||
user database with a ResourceLink element in server.xml or the context
|
||||
configuration file for the Manager web application.
|
||||
</description>
|
||||
<resource-env-ref-name>users</resource-env-ref-name>
|
||||
<resource-env-ref-type>
|
||||
org.apache.catalina.UserDatabase
|
||||
</resource-env-ref-type>
|
||||
</resource-env-ref>
|
||||
-->
|
||||
|
||||
<!-- Define a Security Constraint on this Application -->
|
||||
<!--
|
||||
<security-constraint>
|
||||
<web-resource-collection>
|
||||
<web-resource-name>WebGoat Application</web-resource-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</web-resource-collection>
|
||||
<auth-constraint>
|
||||
<role-name>webgoat_user</role-name>
|
||||
<role-name>webgoat_admin</role-name>
|
||||
<role-name>webgoat_challenge</role-name>
|
||||
</auth-constraint>
|
||||
</security-constraint>
|
||||
|
||||
<security-constraint>
|
||||
<web-resource-collection>
|
||||
<web-resource-name>WebGoat Application Source</web-resource-name>
|
||||
<url-pattern>/JavaSource/*</url-pattern>
|
||||
</web-resource-collection>
|
||||
<auth-constraint>
|
||||
<role-name>server_admin</role-name>
|
||||
</auth-constraint>
|
||||
</security-constraint>
|
||||
-->
|
||||
|
||||
<!-- Login configuration uses BASIC authentication -->
|
||||
<!--
|
||||
<login-config>
|
||||
<auth-method>BASIC</auth-method>
|
||||
<realm-name>WebGoat Application</realm-name>
|
||||
</login-config>
|
||||
-->
|
||||
<!-- Security roles referenced by this web application -->
|
||||
<!--
|
||||
<security-role>
|
||||
<description>The role that is required to administrate WebGoat</description>
|
||||
<role-name>webgoat_admin</role-name>
|
||||
</security-role>
|
||||
|
||||
<security-role>
|
||||
<description>The role that is required to start the challenge log viewer</description>
|
||||
<role-name>webgoat_challenge</role-name>
|
||||
</security-role>
|
||||
|
||||
<security-role>
|
||||
<description>The role that is required to use WebGoat</description>
|
||||
<role-name>webgoat_user</role-name>
|
||||
</security-role>
|
||||
|
||||
<security-role>
|
||||
<description>This role is for admins only</description>
|
||||
<role-name>server_admin</role-name>
|
||||
</security-role>
|
||||
-->
|
||||
</web-app>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user