Author: remy.maucherat(a)jboss.com
Date: 2010-08-25 09:00:37 -0400 (Wed, 25 Aug 2010)
New Revision: 1542
Modified:
trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
trunk/java/org/apache/catalina/authenticator/SingleSignOn.java
Log:
- Add SSO HttpOnly. The SSO valve could use a full SessionCookie config, but this would
need custom config.
Not nice.
Modified: trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
===================================================================
--- trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2010-08-24
14:29:16 UTC (rev 1541)
+++ trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2010-08-25
13:00:37 UTC (rev 1542)
@@ -821,6 +821,10 @@
// Bugzilla 41217
cookie.setSecure(request.isSecure());
+ if (sso.isCookieHttpOnly()) {
+ cookie.setHttpOnly(true);
+ }
+
// Bugzilla 34724
String ssoDomain = sso.getCookieDomain();
if(ssoDomain != null) {
Modified: trunk/java/org/apache/catalina/authenticator/SingleSignOn.java
===================================================================
--- trunk/java/org/apache/catalina/authenticator/SingleSignOn.java 2010-08-24 14:29:16 UTC
(rev 1541)
+++ trunk/java/org/apache/catalina/authenticator/SingleSignOn.java 2010-08-25 13:00:37 UTC
(rev 1542)
@@ -121,8 +121,21 @@
*/
protected String cookieDomain;
+ /**
+ * Optional SSO HTTP only.
+ */
+ protected boolean cookieHttpOnly = false;
+
// ------------------------------------------------------------- Properties
+ public boolean isCookieHttpOnly() {
+ return cookieHttpOnly;
+ }
+
+ public void setCookieHttpOnly(boolean cookieHttpOnly) {
+ this.cookieHttpOnly = cookieHttpOnly;
+ }
+
/**
* Returns the optional cookie domain.
* May return null.
@@ -132,6 +145,7 @@
public String getCookieDomain() {
return cookieDomain;
}
+
/**
* Sets the domain to be used for sso cookies.
*
Show replies by date