openwebbeans-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "l.penet@senat.fr" <l.pe...@senat.fr>
Subject Re: Weld to OWB migration
Date Fri, 27 Nov 2015 13:36:14 GMT
On 27/11/2015 14:10, Romain Manni-Bucau wrote:
> Hi
>
> you can but not using owb-tomcat integration, just openwebbeans-web (+ 
> its dependencies) should work.
>
> OWB is known to not work deterministicly with seam cause seam was 
> relying on Weld implementation (ie was not respecting the spec).
>
> If you want to migrate (and not just try) you will probably need to go 
> to deltaspike as well.
If you do not properly use openwebbeans-tomcat7, by putting it in 
tomcat/lib, you will not have OwbSecurityFilter 
(org.apache.webbeans.web.tomcat7.TomcatSecurityFilter) and so you will 
not have protection against session fixation (see 
https://en.wikipedia.org/wiki/Session_fixation ).

You can get this kind of protection by other means, but you should IMHO 
pay attention to this point.

Ludovic

|
| AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT.
|


Mime
View raw message