[security-dev] RESTEasy and HTTPOnly Cookies

Bill Burke bburke at redhat.com
Fri Feb 1 10:28:45 EST 2013


yes
you can have an object or a string.  If it is an object it will convert 
it to a string, if it is a string, it will just send that back.

On 2/1/2013 9:59 AM, Anil Saldhana wrote:
> This is my interceptor:
> https://github.com/picketlink/picketlink-extensions/blob/master/core/src/main/java/org/picketlink/extensions/core/rest/interceptors/PostSignInCookieInterceptor.java
>
> Now if I directly add the header set-cookie with the HTTPOnly
> suffixed,   will the ResponseBuilderImpl builder later properly handle it?
>
>
> On 02/01/2013 08:37 AM, Bill Burke wrote:
>> response.getMetadata() is the headers.
>>
>> On 2/1/2013 9:34 AM, Anil Saldhana wrote:
>>> >NewCookie nc = new NewCookie(...);
>>> >Response r = Response.ok().header("Set-Cookie", nc.toString()
>>> >+";HttpOnly").build();
>>> >
>>> >How do we get something like this done with ServerResponse RESTEasy class?
>>> >
>>> >On 01/31/2013 06:19 PM, Bill Burke wrote:
>>>> >>Thanks.  I submitted a bug at JAX-RS 2.0 spec for this.
>>>> >>
>>>> >>On 1/31/2013 12:22 PM, Anil Saldhana wrote:
>>>>> >>>Hi Bill,
>>>>> >>>       I was wondering how RESTEasy deals with HTTP Only Cookies.
>>>>> >>>
>>>>> >>>I do seehttps://issues.jboss.org/browse/RESTEASY-479
>>>>> >>>
>>>>> >>>Regards,
>>>>> >>>Anil
>>> >_______________________________________________
>>> >security-dev mailing list
>>> >security-dev at lists.jboss.org
>>> >https://lists.jboss.org/mailman/listinfo/security-dev
>>> >
>> -- Bill Burke JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________ security-dev mailing
>> list security-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/security-dev
>
>
>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the security-dev mailing list