context.xmlΒΆ
[engineDir]/configuration/reference/context.xml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 | <?xml version="1.0" encoding="UTF-8"?>
<!--
========================================================================
Configures Valves and Realms of the embedded Tomcat Webserver
========================================================================
This file shows the context configuration of the the embedded Tomcat Webserver.
Copy contents of this reference file to 'configuration/context.xml' before adjusting
them to your needs. Changing this file has no effect.
See apache tomcat documentation for more information about context configuration:
https://tomcat.apache.org/tomcat-9.0-doc/config/context.html
-->
<Context>
<!-- ====================== Cookies ====================== -->
<!--
Prevents CSRF attacks by preventing the browser from sending cookies with cross-site requests.
More information can be found here: https://www.owasp.org/index.php/SameSite
Possible values are:
- 'strict': prevent cooky sharing in all cross-site browsing contexts.
Warning! This breakes process start and task mail links from third party sites and web mail clients.
- 'lax': provides a reasonable balance between security and usability for websites
- 'none': do not use same site cookie header
By default the value 'lax' is used.
-->
<CookieProcessor sameSiteCookies="lax"/>
<!-- ====================== Tomcat Valves ====================== -->
<!--
Limits the access to the ivy application to clients connecting from localhost.
-->
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
<!--
Creates an access log entry for each request against the ivy application.
-->
<!--
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
-->
<!-- ====================== Axon.ivy Valves ==================== -->
<!--
SingleSignOnValve:
Enables single sign on of the user given in a request header field.
The name of the request header field can be configured in the attribute 'userNameHeader'.
!! Only use this Valve if you exclusively access Axon.ivy over the WebApplication Firewall. !!
!! Otherwise this will be a security issue. !!
This Valve is useful if Axon.ivy is protected by a WebApplication Firewall (WAF) with an integrated
Identity and Access Management (IAM). Those systems will authenticate and authorize users.
The identified user is then sent from the WAF to Axon.ivy using a HTTP request header.
WebBrowser ==> WAF ==> Axon.ivy
^ |
| |
v v
IAM ==> Active Directory
https://developer.axonivy.com/doc/latest/engine-guide/integration/web-application-firewall.html#single-sign-on
-->
<!--
<Valve className="ch.ivyteam.ivy.webserver.security.SingleSignOnValve" userNameHeader="user"/>
-->
<!-- ====================== Custom Valves ====================== -->
<!--
You can configure any third party valve or even your own implementation of a valve.
A full valve sample implementation can be found on GitHub:
https://github.com/ivy-samples/ivy-extension-demos/tree/master/ProcessingValve
-->
</Context>
|