To customize JasperReports Server so that cookies are sent only via secure connections:
1. | For the time zone and locale cookies, open the following file to edit: |
jasperserver-war-jarsrcmainjavacomjaspersoftjasperserverwarUserPreferencesFilter.java
2. | Locate the following code in 2 locations, one for each cookie, and add the middle line to both: |
For more information, see the JavaDoc for the setSecure method on the javax.servlet.http.Cookie class.
3. | For the repository tree cookies, open the following file to edit: |
jasperserver-warsrcmainwebappscriptstree.nanotree.js
4. | Locate the following line in the setCookie function: |
var secure = (argc > 5) ? argv[5] : false;
Replace the entire line with:
var secure = true;
5. | For the UI settings cookies, open the following file to edit: |
jasperserver-warsrcmainwebappscriptsutils.common.js
6. | Locate the following line: |
JSCookie.addVar('cookieTemplate', new Template('#{name}=#{value}; expires={expires}; path=/;'));
Modify the line as follows:
JSCookie.addVar('cookieTemplate', new Template('#{name}=#{value}; expires={expires}; path=/; secure;'));
7. | Recompile, rebuild, and redeploy the JasperReports Server application. |
This only acts on the cookies; providing a secure connection is up to the client application, usually by configuring and establishing an HTTPS connection, as described in Using SSL in the Web Server. If no secure connection is established, the cookies with the secure flag will not be sent and user settings won’t take effect.
Recommended Comments
There are no comments to display.