Author: remy.maucherat(a)jboss.com
Date: 2008-08-26 19:34:00 -0400 (Tue, 26 Aug 2008)
New Revision: 749
Added:
trunk/java/org/apache/tomcat/util/http/TomcatCookie.java
Modified:
trunk/java/org/apache/catalina/connector/Request.java
trunk/java/org/apache/catalina/connector/Response.java
trunk/java/org/apache/tomcat/util/http/ServerCookie.java
Log:
- Should finish the session cookie configuration feature.
Modified: trunk/java/org/apache/catalina/connector/Request.java
===================================================================
--- trunk/java/org/apache/catalina/connector/Request.java 2008-08-25 11:03:17 UTC (rev
748)
+++ trunk/java/org/apache/catalina/connector/Request.java 2008-08-26 23:34:00 UTC (rev
749)
@@ -19,9 +19,9 @@
package org.apache.catalina.connector;
-import java.io.InputStream;
-import java.io.IOException;
import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.text.SimpleDateFormat;
@@ -45,17 +45,6 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
-import org.apache.tomcat.util.buf.B2CConverter;
-import org.apache.tomcat.util.buf.MessageBytes;
-import org.apache.tomcat.util.buf.StringCache;
-import org.apache.tomcat.util.http.Cookies;
-import org.apache.tomcat.util.http.FastHttpDateFormat;
-import org.apache.tomcat.util.http.Parameters;
-import org.apache.tomcat.util.http.ServerCookie;
-import org.apache.tomcat.util.http.mapper.MappingData;
-
-import org.apache.coyote.ActionCode;
-
import org.apache.catalina.Container;
import org.apache.catalina.Context;
import org.apache.catalina.Globals;
@@ -71,6 +60,16 @@
import org.apache.catalina.util.RequestUtil;
import org.apache.catalina.util.StringManager;
import org.apache.catalina.util.StringParser;
+import org.apache.coyote.ActionCode;
+import org.apache.tomcat.util.buf.B2CConverter;
+import org.apache.tomcat.util.buf.MessageBytes;
+import org.apache.tomcat.util.buf.StringCache;
+import org.apache.tomcat.util.http.Cookies;
+import org.apache.tomcat.util.http.FastHttpDateFormat;
+import org.apache.tomcat.util.http.Parameters;
+import org.apache.tomcat.util.http.ServerCookie;
+import org.apache.tomcat.util.http.TomcatCookie;
+import org.apache.tomcat.util.http.mapper.MappingData;
/**
@@ -2374,7 +2373,7 @@
if ( (session != null) && (getContext() != null)
&& getContext().getCookies()
&& !(isRequestedSessionIdFromCookie() &&
(session.getIdInternal().equals(getRequestedSessionId()))) ) {
- Cookie cookie = new Cookie(Globals.SESSION_COOKIE_NAME,
+ TomcatCookie cookie = new TomcatCookie(Globals.SESSION_COOKIE_NAME,
session.getIdInternal());
configureSessionCookie(cookie);
response.addCookieInternal(cookie);
@@ -2394,7 +2393,7 @@
*
* @param cookie The JSESSIONID cookie to be configured
*/
- protected void configureSessionCookie(Cookie cookie) {
+ protected void configureSessionCookie(TomcatCookie cookie) {
cookie.setMaxAge(-1);
if (context.getSessionCookie().getPath() != null) {
cookie.setPath(context.getSessionCookie().getPath());
@@ -2412,7 +2411,7 @@
cookie.setDomain(context.getSessionCookie().getDomain());
}
if (context.getSessionCookie().isHttpOnly()) {
- // FIXME: in Servlet 3.0
+ cookie.setHttpOnly(true);
}
if (context.getSessionCookie().isSecure()) {
cookie.setSecure(true);
Modified: trunk/java/org/apache/catalina/connector/Response.java
===================================================================
--- trunk/java/org/apache/catalina/connector/Response.java 2008-08-25 11:03:17 UTC (rev
748)
+++ trunk/java/org/apache/catalina/connector/Response.java 2008-08-26 23:34:00 UTC (rev
749)
@@ -51,6 +51,7 @@
import org.apache.tomcat.util.http.FastHttpDateFormat;
import org.apache.tomcat.util.http.MimeHeaders;
import org.apache.tomcat.util.http.ServerCookie;
+import org.apache.tomcat.util.http.TomcatCookie;
import org.apache.tomcat.util.net.URL;
/**
@@ -976,7 +977,7 @@
(sb, cookie.getVersion(), cookie.getName(),
cookie.getValue(), cookie.getPath(),
cookie.getDomain(), cookie.getComment(),
- cookie.getMaxAge(), cookie.getSecure());
+ cookie.getMaxAge(), cookie.getSecure(), false);
return null;
}
});
@@ -984,7 +985,7 @@
ServerCookie.appendCookieValue
(sb, cookie.getVersion(), cookie.getName(), cookie.getValue(),
cookie.getPath(), cookie.getDomain(), cookie.getComment(),
- cookie.getMaxAge(), cookie.getSecure());
+ cookie.getMaxAge(), cookie.getSecure(), false);
}
// if we reached here, no exception, cookie is valid
// the header name is Set-Cookie for both "old" and v.1 ( RFC2109 )
@@ -997,6 +998,47 @@
/**
+ * Add the specified Cookie to those that will be included with
+ * this Response.
+ *
+ * @param cookie Cookie to be added
+ */
+ public void addCookieInternal(final TomcatCookie cookie) {
+
+ if (isCommitted())
+ return;
+
+ final StringBuffer sb = new StringBuffer();
+ // web application code can receive a IllegalArgumentException
+ // from the appendCookieValue invocation
+ if (SecurityUtil.isPackageProtectionEnabled()) {
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run(){
+ ServerCookie.appendCookieValue
+ (sb, cookie.getVersion(), cookie.getName(),
+ cookie.getValue(), cookie.getPath(),
+ cookie.getDomain(), cookie.getComment(),
+ cookie.getMaxAge(), cookie.getSecure(), cookie.getHttpOnly());
+ return null;
+ }
+ });
+ } else {
+ ServerCookie.appendCookieValue
+ (sb, cookie.getVersion(), cookie.getName(), cookie.getValue(),
+ cookie.getPath(), cookie.getDomain(), cookie.getComment(),
+ cookie.getMaxAge(), cookie.getSecure(), cookie.getHttpOnly());
+ }
+ // if we reached here, no exception, cookie is valid
+ // the header name is Set-Cookie for both "old" and v.1 ( RFC2109 )
+ // RFC2965 is not supported by browsers and the Servlet spec
+ // asks for 2109.
+ addHeader("Set-Cookie", sb.toString());
+
+ cookies.add(cookie);
+ }
+
+
+ /**
* Add the specified date header to the specified value.
*
* @param name Name of the header to set
Modified: trunk/java/org/apache/tomcat/util/http/ServerCookie.java
===================================================================
--- trunk/java/org/apache/tomcat/util/http/ServerCookie.java 2008-08-25 11:03:17 UTC (rev
748)
+++ trunk/java/org/apache/tomcat/util/http/ServerCookie.java 2008-08-26 23:34:00 UTC (rev
749)
@@ -257,7 +257,8 @@
String domain,
String comment,
int maxAge,
- boolean isSecure )
+ boolean isSecure,
+ boolean httpOnly)
{
StringBuffer buf = new StringBuffer();
// Servlet implementation checks name
@@ -318,9 +319,14 @@
// Secure
if (isSecure) {
- buf.append ("; Secure");
+ buf.append ("; Secure");
}
+ // HttpOnly
+ if (httpOnly) {
+ buf.append ("; HttpOnly");
+ }
+
headerBuf.append(buf);
}
Added: trunk/java/org/apache/tomcat/util/http/TomcatCookie.java
===================================================================
--- trunk/java/org/apache/tomcat/util/http/TomcatCookie.java (rev
0)
+++ trunk/java/org/apache/tomcat/util/http/TomcatCookie.java 2008-08-26 23:34:00 UTC (rev
749)
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *
http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.tomcat.util.http;
+
+import javax.servlet.http.Cookie;
+
+public class TomcatCookie extends Cookie {
+
+ boolean httpOnly = false;
+
+ public TomcatCookie(String name, String value) {
+ super(name, value);
+ }
+
+ public boolean getHttpOnly() {
+ return httpOnly;
+ }
+
+ public void setHttpOnly(boolean httpOnly) {
+ this.httpOnly = httpOnly;
+ }
+
+}