context.xmlΒΆ

[engineDir]/webapps/ivy/META-INF/context.xml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
<?xml version="1.0" encoding="UTF-8"?>
<!--
 ========================================================================
  Configures Valves and Realms of the embedded Tomcat Webserver
 ========================================================================

 Please keep the context.xml file on the designer and engine in sync
 to have the same settings on designer and engine
 as this file is not deployed from the designer to the engine

 See apache tomcat documentation for more information about context configuration:
 https://tomcat.apache.org/tomcat-9.0-doc/config/context.html

-->
<Context antiResourceLocking="false" privileged="true" >


	<!-- ====================== Cookies ====================== -->
	
	<!-- 
	  Prevents CSRF attacks by preventing the browser from sending cookies with cross-site requests.
	  More information can be found here: https://www.owasp.org/index.php/SameSite
	  Possible values are: 
	  - 'strict': prevent cooky sharing in all cross-site browsing contexts. 
	      Warning! This breakes process start and task mail links from third party sites and web mail clients.
	  - 'lax': provides a reasonable balance between security and usability for websites
	  - 'none': do not use same site cookie header
	  By default the value 'lax' is used.
	-->
	<!-- <CookieProcessor sameSiteCookies="lax"/> -->
	
	<!-- ====================== Tomcat Valves ====================== -->
	
	<!--
	  Limits the access to the ivy application to clients connecting from localhost.
	-->
	<!--
	<Valve className="org.apache.catalina.valves.RemoteAddrValve"
	       allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
	-->
	
	<!--
	  Creates an access log entry for each request against the ivy application.
	-->
	<!--
	<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
	       prefix="access_log." suffix=".txt"
	       pattern="%h %l %u %t &quot;%r&quot; %s %b" />
	-->
    
	<!-- ====================== Axon.ivy Valves ==================== -->
	   
	<!--
	  SingleSignOnValve:
	  
	  Enables single sign on of the user given in a request header field.  
	  The name of the request header field can be configured in the attribute 'userNameHeader'.
	  
	  !! Only use this Valve if you exclusively access Axon.ivy over the WebApplication Firewall. !! 
	  !! Otherwise this will be a security issue.                                                 !!                     
	
	  This Valve is useful if Axon.ivy is protected by a WebApplication Firewall (WAF) with an integrated 
	  Identity and Access Management (IAM). Those systems will authenticate and authorize users. 
	  The identified user is then sent from the WAF to Axon.ivy using a HTTP request header.
	
	  WebBrowser ==> WAF ==> Axon.ivy
	                   
	                  ^          |
	                  |          |
	                  v          v	
	
	                 IAM ==> Active Directory
	                 
	  https://developer.axonivy.com/doc/latest/engine-guide/integration/web-application-firewall.html#single-sign-on
	 -->
	<!-- 
	<Valve className="ch.ivyteam.ivy.webserver.security.SingleSignOnValve" userNameHeader="user"/>
	 -->



	<!-- ====================== Custom Valves ====================== -->
	
	<!-- 
	You can configure any third party valve or even your own implementation of a valve. 
	A full valve sample implementation can be found on GitHub: 
	
	https://github.com/ivy-samples/ivy-extension-demos/tree/master/ProcessingValve
	
	-->
	 
</Context>