[resteasy-dev] Interesting JBEAP JIRA

Ron Sigal rsigal at redhat.com
Thu Aug 17 14:26:44 EDT 2017 

Hey Alessio,

Well, that's a good question.

I guess the first thing to notice is that JBEAP-11442 refers to 
"optional support for RFC6265" in Undertow, so there's nothing being 
forced on us.

There are 25 Resteasy JIRAs that mention cookies.

   1. A lot of these are old and I've ignored them.

   2. There are a few issues closed by me, Jim, and Rebecca that are bug 
fixes, and, as such, I don't think they can cause any problems, since 
they would just, if anything, bring us closer to correct implementation 
of the spec (but see below).

   3. And then there's RESTEASY-1516 "Cookies sent by resteasy-client 
are not spec compliant" (open) and the related RESTEASY-1266 "Fix cookie 
processing" (closed).

I started to get ambitious in RESTEASY-1266 and then just did a bug fix 
and closed it. That leaves RESTEASY-1516, for which I created  
https://github.com/jax-rs/api/issues/554 "Clarify documentation 
ambiguities", which refers to https://github.com/jax-rs/api/issues/435 
"Update Cookie and NewCookie to RFC 6265". There doesn't seem to be any 
reaction to either of them.

The problem is that the JAX-RS spec (specifically 
javax.ws.rs.core.Cookie and javax.ws.rs.core.NewCookie) refer to IETF 
RFC 2109, which is now obsolete. It seems to me that the Expert Group 
should at least do something like what Undertow is doing, by making the 
Cookie spec configurable.

Until then, I guess the most we could do is add an option to configure 
which Cookie spec to use, taking advantage of what they've done in 
Undertow. I don't have any sense of how useful that would be.

-Ron

On 08/17/2017 02:37 AM, Alessio Soldano wrote:
> Thanks for having shared this, Ron.
> Do you expect us having to revisit any of the decisions we have taken 
> so far regarding issues related to cookies?
> Cheers
> Alessio
>
> On Thu, Aug 17, 2017 at 2:41 AM, Ron Sigal <rsigal at redhat.com 
> <mailto:rsigal at redhat.com>> wrote:
>
>     We've talked in the past about the ambiguity in the JAX-RS spec
>     concerning cookies. I just noticed this issue:
>
>     https://issues.jboss.org/browse/JBEAP-11442
>     <https://issues.jboss.org/browse/JBEAP-11442> "[GSS](7.0.z) Add
>     optional support for RFC6265 compliant cookie validation"
>
>     Not that there's anything we need to do about.I just thought it
>     might be
>     worth knowing about.
>
>     --
>     My company's smarter than your company (unless you work for Red Hat)
>
>     _______________________________________________
>     resteasy-dev mailing list
>     resteasy-dev at lists.jboss.org <mailto:resteasy-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/resteasy-dev
>     <https://lists.jboss.org/mailman/listinfo/resteasy-dev>
>
>

-- 
My company's smarter than your company (unless you work for Red Hat)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/resteasy-dev/attachments/20170817/fa0943bd/attachment.html

More information about the resteasy-dev mailing list