You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by jb...@apache.org on 2014/01/20 19:30:14 UTC

svn commit: r1559801 - /tomcat/trunk/java/javax/servlet/http/Cookie.java

Author: jboynes
Date: Mon Jan 20 18:30:13 2014
New Revision: 1559801

URL: http://svn.apache.org/r1559801
Log:
Refactor cookie name validation into a helper class to prepare for enabling RFC6265.
This should have no functional change.

Modified:
    tomcat/trunk/java/javax/servlet/http/Cookie.java

Modified: tomcat/trunk/java/javax/servlet/http/Cookie.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/http/Cookie.java?rev=1559801&r1=1559800&r2=1559801&view=diff
==============================================================================
--- tomcat/trunk/java/javax/servlet/http/Cookie.java (original)
+++ tomcat/trunk/java/javax/servlet/http/Cookie.java Mon Jan 20 18:30:13 2014
@@ -54,53 +54,26 @@ import java.util.ResourceBundle;
  */
 public class Cookie implements Cloneable, Serializable {
 
-    private static final BitSet allowed;
+    private static final CookieNameValidator validation;
     static {
-        boolean STRICT_SERVLET_COMPLIANCE =
-                Boolean.getBoolean("org.apache.catalina.STRICT_SERVLET_COMPLIANCE");
-
-        boolean STRICT_NAMING =
-                getBoolean("org.apache.tomcat.util.http.ServerCookie.STRICT_NAMING",
-                        STRICT_SERVLET_COMPLIANCE);
-
-        String separators;
-        if (STRICT_NAMING) {
-            separators = "()<>@,;:\\\"/[]?={} \t"; // separators as defined by RFC2616 2.2
-        }
-        else {
-            separators = ",; "; // semi-colon, comma and space as defined by Netscape
-        }
-
-        allowed = new BitSet(128);
-        allowed.set(0x20, 0x7f); // any CHAR except CTLs or separators
-        for (int i = 0; i < separators.length(); i++) {
-            char ch = separators.charAt(i);
-            allowed.clear(ch);
+        boolean strictNaming;
+        String prop = System.getProperty("org.apache.tomcat.util.http.ServerCookie.STRICT_NAMING");
+        if (prop != null) {
+            strictNaming = Boolean.parseBoolean(prop);
+        } else {
+            strictNaming = Boolean.getBoolean("org.apache.catalina.STRICT_SERVLET_COMPLIANCE");
         }
 
-        // special treatment to allow for FWD_SLASH_IS_SEPARATOR property
-        if (STRICT_NAMING) {
-            boolean FWD_SLASH_IS_SEPARATOR =
-                    getBoolean("org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR",
-                               STRICT_SERVLET_COMPLIANCE);
-            allowed.set('/', !FWD_SLASH_IS_SEPARATOR);
+        if (strictNaming) {
+            validation = new RFC2109Validator();
         }
-    }
-
-    private static boolean getBoolean(String prop, boolean def) {
-        String value = System.getProperty(prop);
-        if (value == null) {
-            return def;
-        } else {
-            return Boolean.parseBoolean(value);
+        else {
+            validation = new NetscapeValidator();
         }
     }
 
     private static final long serialVersionUID = 1L;
 
-    private static final String LSTRING_FILE = "javax.servlet.http.LocalStrings";
-    private static final ResourceBundle lStrings = ResourceBundle.getBundle(LSTRING_FILE);
-
     private final String name;
     private String value;
 
@@ -144,39 +117,11 @@ public class Cookie implements Cloneable
      * @see #setVersion
      */
     public Cookie(String name, String value) {
-        if (name == null || name.length() == 0) {
-            throw new IllegalArgumentException(lStrings.getString("err.cookie_name_blank"));
-        }
-        if (!isToken(name) ||
-                name.equalsIgnoreCase("Comment") ||
-                name.equalsIgnoreCase("Discard") ||
-                name.equalsIgnoreCase("Domain") ||
-                name.equalsIgnoreCase("Expires") ||
-                name.equalsIgnoreCase("Max-Age") ||
-                name.equalsIgnoreCase("Path") ||
-                name.equalsIgnoreCase("Secure") ||
-                name.equalsIgnoreCase("Version") ||
-                name.startsWith("$")) {
-            String errMsg = lStrings.getString("err.cookie_name_is_token");
-            throw new IllegalArgumentException(MessageFormat.format(errMsg, name));
-        }
-
+        validation.validate(name);
         this.name = name;
         this.value = value;
     }
 
-    private boolean isToken(String possibleToken) {
-        int len = possibleToken.length();
-
-        for (int i = 0; i < len; i++) {
-            char c = possibleToken.charAt(i);
-            if (!allowed.get(c)) {
-                return false;
-            }
-        }
-        return true;
-    }
-
     /**
      * Specifies a comment that describes a cookie's purpose. The comment is
      * useful if the browser presents the cookie to the user. Comments are not
@@ -435,3 +380,79 @@ public class Cookie implements Cloneable
         return httpOnly;
     }
 }
+
+
+class CookieNameValidator {
+    private static final String LSTRING_FILE = "javax.servlet.http.LocalStrings";
+    private static final ResourceBundle lStrings = ResourceBundle.getBundle(LSTRING_FILE);
+
+    protected final BitSet allowed;
+
+    protected CookieNameValidator(String separators) {
+        allowed = new BitSet(128);
+        allowed.set(0x20, 0x7f); // any CHAR except CTLs or separators
+        for (int i = 0; i < separators.length(); i++) {
+            char ch = separators.charAt(i);
+            allowed.clear(ch);
+        }
+    }
+
+    void validate(String name) {
+        if (name == null || name.length() == 0) {
+            throw new IllegalArgumentException(lStrings.getString("err.cookie_name_blank"));
+        }
+        if (!isToken(name) ||
+                name.equalsIgnoreCase("Comment") ||
+                name.equalsIgnoreCase("Discard") ||
+                name.equalsIgnoreCase("Domain") ||
+                name.equalsIgnoreCase("Expires") ||
+                name.equalsIgnoreCase("Max-Age") ||
+                name.equalsIgnoreCase("Path") ||
+                name.equalsIgnoreCase("Secure") ||
+                name.equalsIgnoreCase("Version") ||
+                name.startsWith("$")) {
+            String errMsg = lStrings.getString("err.cookie_name_is_token");
+            throw new IllegalArgumentException(MessageFormat.format(errMsg, name));
+        }
+    }
+
+    private boolean isToken(String possibleToken) {
+        int len = possibleToken.length();
+
+        for (int i = 0; i < len; i++) {
+            char c = possibleToken.charAt(i);
+            if (!allowed.get(c)) {
+                return false;
+            }
+        }
+        return true;
+    }
+}
+
+class NetscapeValidator extends CookieNameValidator {
+    private static final String NETSCAPE_SEPARATORS = ",; ";
+
+    NetscapeValidator() {
+        super(NETSCAPE_SEPARATORS);
+    }
+}
+
+class RFC2109Validator extends CookieNameValidator {
+    private static final String RFC2616_SEPARATORS = "()<>@,;:\\\"/[]?={} \t";
+
+    RFC2109Validator() {
+        super(RFC2616_SEPARATORS);
+
+        // special treatment to allow for FWD_SLASH_IS_SEPARATOR property
+        boolean allowSlash;
+        String prop = System.getProperty("org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR");
+        if (prop != null) {
+            allowSlash = !Boolean.parseBoolean(prop);
+        } else {
+            allowSlash = !Boolean.getBoolean("org.apache.catalina.STRICT_SERVLET_COMPLIANCE");
+        }
+        if (allowSlash) {
+            allowed.set('/');
+        }
+    }
+}



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org