The following are upgrade considerations and product changes for WebFOCUS security:
The Listener Configuration page opens.
This adds the attribute CSRF_TOKEN = 0 to the HTTP listener block of the server odin.cfg file.
If you are connecting from a Release 8.1.x or higher Client, the CSRF Token should be enabled.
The following options are available to allow the feature in WebFOCUS Release 8.x:
For more information on how Microsoft Office products work with session related information, see the Microsoft Office support site at http://support.microsoft.com/kb/218153.
To provide time to transition to the new Server LDAP configuration, WebFOCUS still supports previously configured Client LDAP configurations. However, changes to the Client LDAP provider properties must now be made manually through edits to webconfig.xml.
All customers are encouraged to move to the new Server LDAP configuration, which includes a number of enhancements over Client LDAP. For more information, see the New Features manual and the Authentication and Authorization chapters in the WebFOCUS Security and Administration manual.
<context-param> <param-name>ResponseHeaderFilter.enabled</param-name> <param-value>true</param-value> </context-param> <context-param> <param-name>ResponseHeaderFilter.Cache-Control</param-name> <param-value>public, max-age=259200</param-value> <!-- 30 days --> </context-param> <context-param> <param-name>ResponseHeaderFilter.expires</param-name> <param-value>259200</param-value> <!-- 30 days --> </context-param>
The ResponseHeaderFilter sets the Cache-Control header to public, max-age=259200, and the expires header to a value of 259200 seconds or 30 days for the following extension types, served by the WebFOCUS web application.
<filter-mapping> <filter-name>ResponseHeaderFilter</filter-name> <url-pattern>*.htm</url-pattern> </filter-mapping> <filter-mapping> <filter-name>ResponseHeaderFilter</filter-name> <url-pattern>*.html</url-pattern> </filter-mapping> <filter-mapping> <filter-name>ResponseHeaderFilter</filter-name> <url-pattern>*.css</url-pattern> </filter-mapping> <filter-mapping> <filter-name>ResponseHeaderFilter</filter-name> <url-pattern>*.gif</url-pattern> </filter-mapping> <filter-mapping> <filter-name>ResponseHeaderFilter</filter-name> <url-pattern>*.png</url-pattern> </filter-mapping> <filter-mapping> <filter-name>ResponseHeaderFilter</filter-name> <url-pattern>*.jpeg</url-pattern> </filter-mapping> <filter-mapping> <filter-name>ResponseHeaderFilter</filter-name> <url-pattern>*.jpg</url-pattern> </filter-mapping> <filter-mapping> <filter-name>ResponseHeaderFilter</filter-name> <url-pattern>*.txt</url-pattern> </filter-mapping>
The net effect is that if you are upgrading a WebFOCUS web application, all cache will need to be cleared, so that you obtain the latest version of the software. This includes the browser cache, and any caching servers in the environment.
Using Internet Explorer® 9, there is an additional option of Preserve Favorites website data, as shown in the following image, which should remain unchecked when clearing that version of the browser cache.
WebFOCUS |