From 5591b7ed8a4fb66ad23b461ce22e403c5eebe41a Mon Sep 17 00:00:00 2001
From: Daniel Korbel <dkorbel@icm.edu.pl>
Date: Mon, 19 Aug 2024 15:49:04 +0200
Subject: [PATCH] feature/79 Externalized cookie session configuration

---
 .../DataverseSessionConfigListener.java       | 40 +++++++++++++++++++
 .../src/main/webapp/WEB-INF/web.xml           |  4 ++
 2 files changed, 44 insertions(+)
 create mode 100644 dataverse-webapp/src/main/java/edu/harvard/iq/dataverse/DataverseSessionConfigListener.java

diff --git a/dataverse-webapp/src/main/java/edu/harvard/iq/dataverse/DataverseSessionConfigListener.java b/dataverse-webapp/src/main/java/edu/harvard/iq/dataverse/DataverseSessionConfigListener.java
new file mode 100644
index 00000000000..d3a4bba6a83
--- /dev/null
+++ b/dataverse-webapp/src/main/java/edu/harvard/iq/dataverse/DataverseSessionConfigListener.java
@@ -0,0 +1,40 @@
+package edu.harvard.iq.dataverse;
+
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+import javax.servlet.annotation.WebListener;
+import javax.servlet.SessionCookieConfig;
+
+@WebListener
+public class DataverseSessionConfigListener implements ServletContextListener {
+
+    @Override
+    public void contextInitialized(ServletContextEvent sce) {
+        SessionCookieConfig sessionCookieConfig = getDefaultValuesFromWebXml(sce);
+        overrideDefaultsWithEnvironmentVariables(sessionCookieConfig);
+    }
+
+    private static void overrideDefaultsWithEnvironmentVariables(SessionCookieConfig sessionCookieConfig) {
+        String cookieName = System.getenv("COOKIE_NAME");
+        if (cookieName != null) {
+            sessionCookieConfig.setName(cookieName);
+        }
+        String cookieDomain = System.getenv("COOKIE_DOMAIN");
+        if (cookieDomain != null) {
+            sessionCookieConfig.setDomain(cookieDomain);
+        }
+        String cookieSecure = System.getenv("COOKIE_SECURE");
+        if (cookieSecure != null) {
+            sessionCookieConfig.setSecure(Boolean.parseBoolean(cookieSecure));
+        }
+    }
+
+    private SessionCookieConfig getDefaultValuesFromWebXml(ServletContextEvent sce) {
+        return sce.getServletContext().getSessionCookieConfig();
+    }
+
+    @Override
+    public void contextDestroyed(ServletContextEvent servletContextEvent) {
+        // nothing to do here
+    }
+}
diff --git a/dataverse-webapp/src/main/webapp/WEB-INF/web.xml b/dataverse-webapp/src/main/webapp/WEB-INF/web.xml
index c99442673f6..a2fbc7138d3 100644
--- a/dataverse-webapp/src/main/webapp/WEB-INF/web.xml
+++ b/dataverse-webapp/src/main/webapp/WEB-INF/web.xml
@@ -175,6 +175,10 @@
         <!-- Uncomment the line below to disble `;jsessionid=` in URLs -->
 	    <tracking-mode>COOKIE</tracking-mode>
     </session-config>
+    <!-- Listener to override defaults with environment variables -->
+    <listener>
+        <listener-class>edu.harvard.iq.dataverse.DataverseSessionConfigListener</listener-class>
+    </listener>
     <!-- web fonts -->
     <mime-mapping>
         <extension>eot</extension>