From 50c38da3937255e86126b436e15ad10c62f216ed Mon Sep 17 00:00:00 2001 From: Radoslav Husar Date: Thu, 10 Sep 2015 21:36:26 +0200 Subject: [PATCH] Allow minimum session-id-length of 16 bytes - which is the minimum OWASP recommendation and the EAP 6.x setting (WFLY-3642) --- .../extension/undertow/ServletContainerDefinition.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/undertow/src/main/java/org/wildfly/extension/undertow/ServletContainerDefinition.java b/undertow/src/main/java/org/wildfly/extension/undertow/ServletContainerDefinition.java index 70f4d31c060b..647658d0876b 100644 --- a/undertow/src/main/java/org/wildfly/extension/undertow/ServletContainerDefinition.java +++ b/undertow/src/main/java/org/wildfly/extension/undertow/ServletContainerDefinition.java @@ -109,13 +109,13 @@ class ServletContainerDefinition extends PersistentResourceDefinition { .setFlags(AttributeAccess.Flag.RESTART_ALL_SERVICES) .setAllowExpression(true) .setDefaultValue(new ModelNode(true)) - .build(); //30 minutes + .build(); protected static final AttributeDefinition DIRECTORY_LISTING = new SimpleAttributeDefinitionBuilder(Constants.DIRECTORY_LISTING, ModelType.BOOLEAN, true) .setFlags(AttributeAccess.Flag.RESTART_ALL_SERVICES) .setAllowExpression(true) - .build(); //30 minutes + .build(); protected static final AttributeDefinition PROACTIVE_AUTHENTICATION = new SimpleAttributeDefinitionBuilder(Constants.PROACTIVE_AUTHENTICATION, ModelType.BOOLEAN, true) @@ -128,9 +128,9 @@ class ServletContainerDefinition extends PersistentResourceDefinition { new SimpleAttributeDefinitionBuilder(Constants.SESSION_ID_LENGTH, ModelType.INT, true) .setFlags(AttributeAccess.Flag.RESTART_ALL_SERVICES) .setAllowExpression(true) - .setValidator(new IntRangeValidator(20, 200, true, true)) + .setValidator(new IntRangeValidator(16, 200, true, true)) .setDefaultValue(new ModelNode(30)) - .build(); //30 minutes + .build(); private static final List CHILDREN; static final Collection ATTRIBUTES = Arrays.asList(