[security-dev] RESTEasy and HTTPOnly Cookies
Anil Saldhana
Anil.Saldhana at redhat.com
Fri Feb 1 09:59:09 EST 2013
This is my interceptor:
https://github.com/picketlink/picketlink-extensions/blob/master/core/src/main/java/org/picketlink/extensions/core/rest/interceptors/PostSignInCookieInterceptor.java
Now if I directly add the header set-cookie with the HTTPOnly
suffixed, will the ResponseBuilderImpl builder later properly handle it?
On 02/01/2013 08:37 AM, Bill Burke wrote:
> response.getMetadata() is the headers.
>
> On 2/1/2013 9:34 AM, Anil Saldhana wrote:
>> >NewCookie nc = new NewCookie(...);
>> >Response r = Response.ok().header("Set-Cookie", nc.toString()
>> >+";HttpOnly").build();
>> >
>> >How do we get something like this done with ServerResponse RESTEasy class?
>> >
>> >On 01/31/2013 06:19 PM, Bill Burke wrote:
>>> >>Thanks. I submitted a bug at JAX-RS 2.0 spec for this.
>>> >>
>>> >>On 1/31/2013 12:22 PM, Anil Saldhana wrote:
>>>> >>>Hi Bill,
>>>> >>> I was wondering how RESTEasy deals with HTTP Only Cookies.
>>>> >>>
>>>> >>>I do seehttps://issues.jboss.org/browse/RESTEASY-479
>>>> >>>
>>>> >>>Regards,
>>>> >>>Anil
>> >_______________________________________________
>> >security-dev mailing list
>> >security-dev at lists.jboss.org
>> >https://lists.jboss.org/mailman/listinfo/security-dev
>> >
> -- Bill Burke JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________ security-dev mailing
> list security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20130201/a758c0ab/attachment.html
More information about the security-dev
mailing list