You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/09/26 15:20:55 UTC
svn commit: r1627781 - in /tomcat/trunk: java/org/apache/tomcat/util/http/
test/org/apache/tomcat/util/http/ webapps/docs/config/
Author: markt
Date: Fri Sep 26 13:20:55 2014
New Revision: 1627781
URL: http://svn.apache.org/r1627781
Log:
Move allowing HTTP separators config option to the CookieProcessor
Removed:
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesAllowHttpSeps.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java
tomcat/trunk/webapps/docs/config/cookie-processor.xml
tomcat/trunk/webapps/docs/config/systemprops.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java?rev=1627781&r1=1627780&r2=1627781&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java Fri Sep 26 13:20:55 2014
@@ -43,7 +43,10 @@ public final class CookieSupport {
* spec but are disallowed by the HTTP spec will be allowed in v0 cookie
* names and values. These characters are: \"()/:<=>?@[\\]{} Note that the
* inclusion of / depends on the value of {@link #FWD_SLASH_IS_SEPARATOR}.
+ *
+ * @deprecated Will be removed in Tomcat 9.
*/
+ @Deprecated
public static final boolean ALLOW_HTTP_SEPARATORS_IN_V0;
/**
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java?rev=1627781&r1=1627780&r2=1627781&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java Fri Sep 26 13:20:55 2014
@@ -51,6 +51,8 @@ public final class LegacyCookieProcessor
@SuppressWarnings("deprecation") // Default to false when deprecated code is removed
private boolean allowNameOnly = CookieSupport.ALLOW_NAME_ONLY;
+ @SuppressWarnings("deprecation") // Default to false when deprecated code is removed
+ private boolean allowHttpSepsInV0 = CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0;
public boolean getAllowEqualsInValue() {
@@ -73,6 +75,16 @@ public final class LegacyCookieProcessor
}
+ public boolean getAllowHttpSepsInV0() {
+ return allowHttpSepsInV0;
+ }
+
+
+ public void setAllowHttpSepsInV0(boolean allowHttpSepsInV0) {
+ this.allowHttpSepsInV0 = allowHttpSepsInV0;
+ }
+
+
@Override
public Charset getCharset() {
return StandardCharsets.ISO_8859_1;
@@ -150,7 +162,7 @@ public final class LegacyCookieProcessor
// Skip whitespace and non-token characters (separators)
while (pos < end &&
(CookieSupport.isHttpSeparator((char) bytes[pos]) &&
- !CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 ||
+ !getAllowHttpSepsInV0() ||
CookieSupport.isV0Separator((char) bytes[pos]) ||
isWhiteSpace(bytes[pos])))
{pos++; }
@@ -217,7 +229,7 @@ public final class LegacyCookieProcessor
default:
if (version == 0 &&
!CookieSupport.isV0Separator((char)bytes[pos]) &&
- CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 ||
+ getAllowHttpSepsInV0() ||
!CookieSupport.isHttpSeparator((char)bytes[pos]) ||
bytes[pos] == '=') {
// Token
@@ -386,9 +398,7 @@ public final class LegacyCookieProcessor
int pos = off;
while (pos < end &&
(!CookieSupport.isHttpSeparator((char)bytes[pos]) ||
- version == 0 &&
- CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
- bytes[pos] != '=' &&
+ version == 0 && getAllowHttpSepsInV0() && bytes[pos] != '=' &&
!CookieSupport.isV0Separator((char)bytes[pos]) ||
!isName && bytes[pos] == '=' && getAllowEqualsInValue())) {
pos++;
Modified: tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java?rev=1627781&r1=1627780&r2=1627781&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java Fri Sep 26 13:20:55 2014
@@ -37,9 +37,15 @@ public class TestCookieParsing extends T
private static final String[] COOKIES_WITH_EQUALS = new String[] {
"name=equals=middle", "name==equalsstart", "name=equalsend=" };
+ private static final String COOKIES_WITH_EQUALS_TRUNC = "name=equalsname=name=equalsend";
- private static final String[] COOKIEs_WITH_NAME_ONLY = new String[] {
+ private static final String[] COOKIES_WITH_NAME_ONLY = new String[] {
"bob", "bob=" };
+ private static final String COOKIES_WITH_NAME_ONLY_CONCAT = "bob=bob=";
+
+ private static final String[] COOKIES_WITH_SEPS = new String[] {
+ "name=val(ue" };
+ private static final String COOKIES_WITH_SEPS_TRUNC = "name=val";
@Test
@@ -47,6 +53,7 @@ public class TestCookieParsing extends T
doTestLegacyEquals(true);
}
+
@Test
public void testLegacyWithoutEquals() throws Exception {
doTestLegacyEquals(false);
@@ -64,12 +71,7 @@ public class TestCookieParsing extends T
if (allowEquals) {
expected = concat(COOKIES_WITH_EQUALS);
} else {
- StringBuilder sb = new StringBuilder();
- for (String cookie : COOKIES_WITH_EQUALS) {
- int end = cookie.indexOf('=', cookie.indexOf('=') + 1);
- sb.append(cookie.substring(0, end));
- }
- expected = sb.toString();
+ expected = COOKIES_WITH_EQUALS_TRUNC;
}
TestCookieParsingClient client = new TestCookieParsingClient(
legacyCookieProcessor, COOKIES_WITH_EQUALS, expected);
@@ -91,6 +93,7 @@ public class TestCookieParsing extends T
doTestLegacyNameOnly(true);
}
+
@Test
public void testLegacyWithoutNameOnly() throws Exception {
doTestLegacyNameOnly(false);
@@ -103,12 +106,12 @@ public class TestCookieParsing extends T
String expected;
if (nameOnly) {
- expected = concat(COOKIEs_WITH_NAME_ONLY, true);
+ expected = COOKIES_WITH_NAME_ONLY_CONCAT;
} else {
expected = "";
}
TestCookieParsingClient client = new TestCookieParsingClient(
- legacyCookieProcessor, COOKIEs_WITH_NAME_ONLY, expected);
+ legacyCookieProcessor, COOKIES_WITH_NAME_ONLY, expected);
client.doRequest();
}
@@ -117,23 +120,53 @@ public class TestCookieParsing extends T
public void testRfc6265NameOnly() throws Exception {
// Always allows equals
TestCookieParsingClient client = new TestCookieParsingClient(
- new Rfc6265CookieProcessor(), COOKIEs_WITH_NAME_ONLY,
- concat(COOKIEs_WITH_NAME_ONLY, true));
+ new Rfc6265CookieProcessor(), COOKIES_WITH_NAME_ONLY,
+ COOKIES_WITH_NAME_ONLY_CONCAT);
client.doRequest();
}
- private static String concat(String[] input) {
- return concat(input, false);
+ @Test
+ public void testLegacyWithSeps() throws Exception {
+ doTestLegacySeps(true);
+ }
+
+
+ @Test
+ public void testLegacyWithoutSeps() throws Exception {
+ doTestLegacySeps(false);
+ }
+
+
+ private void doTestLegacySeps(boolean seps) throws Exception {
+ LegacyCookieProcessor legacyCookieProcessor = new LegacyCookieProcessor();
+ legacyCookieProcessor.setAllowHttpSepsInV0(seps);
+
+ String expected;
+ if (seps) {
+ expected = concat(COOKIES_WITH_SEPS);
+ } else {
+ expected = COOKIES_WITH_SEPS_TRUNC;
+ }
+ TestCookieParsingClient client = new TestCookieParsingClient(
+ legacyCookieProcessor, COOKIES_WITH_SEPS, expected);
+ client.doRequest();
}
- private static String concat(String[] input, boolean mustEndInEquals) {
+
+ @Test
+ public void testRfc6265Seps() throws Exception {
+ // Always allows equals
+ TestCookieParsingClient client = new TestCookieParsingClient(
+ new Rfc6265CookieProcessor(), COOKIES_WITH_SEPS, concat(COOKIES_WITH_SEPS));
+ client.doRequest();
+ }
+
+
+ private static String concat(String[] input) {
StringBuilder result = new StringBuilder();
for (String s : input) {
result.append(s);
- if (!s.endsWith("=") && mustEndInEquals) {
- result.append('=');
- }
}
return result.toString();
}
Modified: tomcat/trunk/webapps/docs/config/cookie-processor.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/cookie-processor.xml?rev=1627781&r1=1627780&r2=1627781&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/cookie-processor.xml (original)
+++ tomcat/trunk/webapps/docs/config/cookie-processor.xml Fri Sep 26 13:20:55 2014
@@ -92,18 +92,28 @@
'<code>=</code>' is encountered and the remainder of the cookie value
will be dropped.</p>
<p>If not set the specification compliant default value of
- <code>false</code> will be used. This default may be changed by setting
+ <code>false</code> will be used. This default may be changed by setting
the
<code>org.apache.tomcat.util.http.ServerCookie.ALLOW_EQUALS_IN_VALUE</code>
<a href="systemprops.html">system property</a>.</p>
</attribute>
+ <attribute name="allowHttpSepsInV0" required="false">
+ <p>If this is <code>true</code> Tomcat will allow HTTP separators in
+ cookie names and values.</p>
+ <p>If not specified, the default specification compliant value of
+ <code>false</code> will be used. This default may be changed by setting
+ the
+ <code>org.apache.tomcat.util.http.ServerCookie.ALLOW_HTTP_SEPARATORS_IN_V0</code>
+ <a href="systemprops.html">system property</a>.</p>
+ </attribute>
+
<attribute name="allowNameOnly" required="false">
<p>If this is <code>true</code> Tomcat will allow name only cookies
(with or without trailing '<code>=</code>') when parsing cookie headers.
If <code>false</code>, name only cookies will be dropped.</p>
<p>If not set the specification compliant default value of
- <code>false</code> will be used. This default may be changed by setting
+ <code>false</code> will be used. This default may be changed by setting
the
<code>org.apache.tomcat.util.http.ServerCookie.ALLOW_NAME_ONLY</code>
<a href="systemprops.html">system property</a>.</p>
Modified: tomcat/trunk/webapps/docs/config/systemprops.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/systemprops.xml?rev=1627781&r1=1627780&r2=1627781&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/systemprops.xml (original)
+++ tomcat/trunk/webapps/docs/config/systemprops.xml Fri Sep 26 13:20:55 2014
@@ -375,6 +375,10 @@
<property
name="org.apache.tomcat.util.http. ServerCookie.ALLOW_HTTP_SEPARATORS_IN_V0">
+ <p>Deprecated. This will be removed in Tomcat 9. Specify the
+ <code>allowHttpSepsInV0</code> attribute on the
+ <code>org.apache.tomcat.util.http.LegacyCookieProcessor</code> instead.
+ </p>
<p>If this is <code>true</code> Tomcat will allow HTTP separators in
cookie names and values.</p>
<p>If not specified, the default specification compliant value of
@@ -415,6 +419,10 @@
</property>
<property name="org.apache.tomcat.util.http. ServerCookie.ALLOW_NAME_ONLY">
+ <p>Deprecated. This will be removed in Tomcat 9. Specify the
+ <code>allowNameOnly</code> attribute on the
+ <code>org.apache.tomcat.util.http.LegacyCookieProcessor</code> instead.
+ </p>
<p> If this is true then the requirements of the cookie specifications
that cookies must have values will be enforced and cookies consisting only
of a name but no value will be ignored.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org