web.xml
[engineDir]/configuration/reference/web.xml
1<?xml version="1.0" encoding="UTF-8"?>
2<!--
3 ========================================================================
4 Configures the embedded Tomcat Webserver of Axon Ivy
5 ========================================================================
6
7 This file shows the default configuration of the the embedded Tomcat Webserver.
8
9 Copy contents of this reference file to 'configuration/web.xml' before adjusting
10 them to your needs. Changing this file has no effect.
11
12 See apache tomcat documentation for more information about this configuration:
13 http://tomcat.apache.org/tomcat-9.0-doc/config/
14
15 After a change in the web.xml a restart of Axon Ivy is required
16 to apply the new configuration.
17-->
18<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
19 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
20 xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
21 http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
22 version="4.0">
23
24 <!-- ======================= Error pages ================================ -->
25 <!--
26 Custom error pages can be added with error-page elements.
27 The referenced error-page must be placed in the folder 'webapps/ivy'.
28 Use /faces location-prefix for xhtml pages.
29
30 The pre-configured default error page is:
31 -->
32 <error-page>
33 <location>/faces/ivy-error-page.xhtml</location>
34 </error-page>
35 <!--
36 By adding the <exception-type> tag to the <error-page> configuration
37 it is also possible to configure a specific error page for status codes
38 or kind of exceptions:
39
40 <error-page>
41 <exception-type>java.lang.Throwable</exception-type>
42 <location>/faces/custom-exception-error-page.xhtml</location>
43 </error-page>
44 <error-page>
45 <error-code>404</error-code>
46 <location>/faces/custom-404-error-page.xhtml</location>
47 </error-page>
48
49 Implementation:
50 Use the 'ErrorPageMBean' to retrieve information about the thrown exception and the environment:
51 @doc.url.current@/public-api/ch/ivyteam/ivy/webserver/ErrorPageMBean.html
52 -->
53
54 <!-- ==================== Default Session Configuration ================= -->
55 <session-config>
56 <!--
57 session-timeout: [default=30]
58
59 Defines the amount of time in minutes after which an inactive user session will be closed.
60 Closing sessions means that server side state (e.g. Html Dialog instance) is flushed.
61 -->
62 <session-timeout>30</session-timeout>
63
64 <!--
65 cookie-config/secure: [default=false]
66
67 Enable the secure flag when accessing the Webserver over HTTPS (strongly recommended).
68 When enabled the session cookie is only transmitted over HTTPS and not over HTTP.
69 -->
70 <!--
71 <cookie-config>
72 <secure>true</secure>
73 </cookie-config>
74 -->
75 </session-config>
76
77 <!-- ==================== Security Headers ============================== -->
78
79 <!-- Some commonly recommended HTTP Security Headers are configured here -->
80 <!-- for all the web applications. -->
81 <!-- These Security Headers are added on the HTTP Responses -->
82 <!-- to the Client Browser. -->
83 <!-- But not all Security Headers are supported by all Web browsers. -->
84 <!-- See: https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html -->
85 <!-- -->
86 <!-- |=========================|===============| -->
87 <!-- | HEADER | VALUE | -->
88 <!-- |=========================|===============| -->
89 <!-- | X-Frame-Options | SAMEORIGIN | -->
90 <!-- | X-XSS-Protection | 1; mode=block | -->
91 <!-- | X-Content-Type-Options | nosniff | -->
92 <!-- |=========================|===============| -->
93
94 <filter-mapping>
95 <filter-name>httpSecurityHeaders</filter-name>
96 <url-pattern>/*</url-pattern>
97 <dispatcher>REQUEST</dispatcher>
98 </filter-mapping>
99 <filter>
100 <filter-name>httpSecurityHeaders</filter-name>
101 <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
102 <async-supported>true</async-supported>
103 <init-param>
104 <param-name>antiClickJackingOption</param-name>
105 <param-value>SAMEORIGIN</param-value>
106 </init-param>
107 </filter>
108
109 <!-- ==================== Reverse Proxy Headers ============================== -->
110 <!--
111 RemoteIpFilter is activated by default. This is needed for proper integration
112 with a reverse proxy. The reverse proxy modifies headers which needs to be
113 interpreted by the Axon Ivy Engine to generate correct absolute URIs.
114 You are able to rename those headers - to reconfigure the RemoteIPFilter.
115 See: https://tomcat.apache.org/tomcat-9.0-doc/api/org/apache/catalina/filters/RemoteIpFilter.html
116 -->
117 <!--
118 <filter>
119 <filter-name>org.apache.catalina.filters.RemoteIpFilter</filter-name>
120 <filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
121 <init-param>
122 <param-name>protocolHeader</param-name>
123 <param-value>x-forwarded-proto</param-value>
124 </init-param>
125 </filter>
126 -->
127</web-app>