You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by je...@apache.org on 2019/12/02 15:13:03 UTC
[geode] branch develop updated: GEODE-7438: Honor isHttpOnly and
isSecure from the SessionCookieConfig in the ServletContext. (#4311)
This is an automated email from the ASF dual-hosted git repository.
jensdeppe pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/develop by this push:
new e5d07a3 GEODE-7438: Honor isHttpOnly and isSecure from the SessionCookieConfig in the ServletContext. (#4311)
e5d07a3 is described below
commit e5d07a33cc6a68a0c68b2ea9eabbb8713def9e14
Author: thefire <81...@users.noreply.github.com>
AuthorDate: Mon Dec 2 08:12:30 2019 -0700
GEODE-7438: Honor isHttpOnly and isSecure from the SessionCookieConfig in the ServletContext. (#4311)
---
.../session/internal/filter/CommonTests.java | 35 ++++++-
.../SessionCookieConfigServletTestCaseAdapter.java | 114 +++++++++++++++++++++
.../session/filter/SessionCachingFilter.java | 4 +
.../http_session_mgmt/quick_start.html.md.erb | 2 +-
.../session_mgmt_weblogic.html.md.erb | 2 +-
5 files changed, 153 insertions(+), 4 deletions(-)
diff --git a/extensions/geode-modules-session/src/integrationTest/java/org/apache/geode/modules/session/internal/filter/CommonTests.java b/extensions/geode-modules-session/src/integrationTest/java/org/apache/geode/modules/session/internal/filter/CommonTests.java
index 2046f45..d257891 100644
--- a/extensions/geode-modules-session/src/integrationTest/java/org/apache/geode/modules/session/internal/filter/CommonTests.java
+++ b/extensions/geode-modules-session/src/integrationTest/java/org/apache/geode/modules/session/internal/filter/CommonTests.java
@@ -38,7 +38,6 @@ import javax.servlet.http.HttpSession;
import com.mockrunner.mock.web.MockHttpServletRequest;
import com.mockrunner.mock.web.MockHttpServletResponse;
-import com.mockrunner.servlet.BasicServletTestCaseAdapter;
import org.junit.Test;
import org.apache.geode.modules.session.filter.SessionCachingFilter;
@@ -47,7 +46,7 @@ import org.apache.geode.modules.session.filter.SessionCachingFilter;
* This servlet tests the effects of the downstream SessionCachingFilter filter. When these tests
* are performed, the filter would already have taken effect.
*/
-public abstract class CommonTests extends BasicServletTestCaseAdapter {
+public abstract class CommonTests extends SessionCookieConfigServletTestCaseAdapter {
static final String CONTEXT_PATH = "/test";
@Test
@@ -442,6 +441,38 @@ public abstract class CommonTests extends BasicServletTestCaseAdapter {
}
@Test
+ public void testCookieSecure() {
+
+ boolean secure = true;
+ ((MyMockServletContext) getWebMockObjectFactory().getMockServletContext())
+ .getSessionCookieConfig().setSecure(secure);
+
+ doFilter();
+ ((HttpServletRequest) getFilteredRequest()).getSession();
+
+ MockHttpServletResponse response = getWebMockObjectFactory().getMockResponse();
+ Cookie cookie = (Cookie) response.getCookies().get(0);
+
+ assertEquals(secure, cookie.getSecure());
+ }
+
+ @Test
+ public void testCookieHttpOnly() {
+
+ boolean httpOnly = true;
+ ((MyMockServletContext) getWebMockObjectFactory().getMockServletContext())
+ .getSessionCookieConfig().setHttpOnly(httpOnly);
+
+ doFilter();
+ ((HttpServletRequest) getFilteredRequest()).getSession();
+
+ MockHttpServletResponse response = getWebMockObjectFactory().getMockResponse();
+ Cookie cookie = (Cookie) response.getCookies().get(0);
+
+ assertEquals(httpOnly, cookie.isHttpOnly());
+ }
+
+ @Test
public void testIsNew1() {
doFilter();
diff --git a/extensions/geode-modules-session/src/integrationTest/java/org/apache/geode/modules/session/internal/filter/SessionCookieConfigServletTestCaseAdapter.java b/extensions/geode-modules-session/src/integrationTest/java/org/apache/geode/modules/session/internal/filter/SessionCookieConfigServletTestCaseAdapter.java
new file mode 100644
index 0000000..a56675a
--- /dev/null
+++ b/extensions/geode-modules-session/src/integrationTest/java/org/apache/geode/modules/session/internal/filter/SessionCookieConfigServletTestCaseAdapter.java
@@ -0,0 +1,114 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.geode.modules.session.internal.filter;
+
+import javax.servlet.SessionCookieConfig;
+
+import com.mockrunner.mock.web.MockServletContext;
+import com.mockrunner.mock.web.MockSessionCookieConfig;
+import com.mockrunner.mock.web.WebMockObjectFactory;
+import com.mockrunner.servlet.BasicServletTestCaseAdapter;
+
+/**
+ * Extend the BasicServletTestCaseAdapter with support for a
+ * SessionCookieConfig in the ServletContext.
+ */
+public class SessionCookieConfigServletTestCaseAdapter
+ extends BasicServletTestCaseAdapter {
+
+ public SessionCookieConfigServletTestCaseAdapter() {
+ super();
+ }
+
+ public SessionCookieConfigServletTestCaseAdapter(String name) {
+ super(name);
+ }
+
+ @Override
+ protected WebMockObjectFactory createWebMockObjectFactory() {
+ // create special SessionCookieConfig aware factory
+ return new MyWebMockObjectFactory();
+ }
+
+ @Override
+ protected WebMockObjectFactory createWebMockObjectFactory(
+ WebMockObjectFactory otherFactory) {
+ // create special SessionCookieConfig aware factory
+ return new MyWebMockObjectFactory(otherFactory);
+ }
+
+ @Override
+ protected WebMockObjectFactory createWebMockObjectFactory(
+ WebMockObjectFactory otherFactory, boolean createNewSession) {
+ // create special SessionCookieConfig aware factory
+ return new MyWebMockObjectFactory(otherFactory, createNewSession);
+ }
+
+ /**
+ * MockServletContext that has a SessionCookieConfig.
+ */
+ public static class MyMockServletContext extends MockServletContext {
+
+ private SessionCookieConfig sessionCookieConfig;
+
+ private MyMockServletContext() {
+ super();
+ sessionCookieConfig = new MyMockSessionCookieConfig();
+ }
+
+ @Override
+ public synchronized void resetAll() {
+ super.resetAll();
+ sessionCookieConfig = new MyMockSessionCookieConfig();
+ }
+
+ @Override
+ public SessionCookieConfig getSessionCookieConfig() {
+ return sessionCookieConfig;
+ }
+
+ }
+
+ // why doesn't MockSessionCookieConfig implement SessionCookieConfig...
+ private static class MyMockSessionCookieConfig extends
+ MockSessionCookieConfig implements SessionCookieConfig {
+ }
+
+ /**
+ * WebMockObjectFactory that creates our SessionCookieConfig aware
+ * MockSerletContext.
+ */
+ public static class MyWebMockObjectFactory extends WebMockObjectFactory {
+ public MyWebMockObjectFactory() {
+ super();
+ }
+
+ public MyWebMockObjectFactory(WebMockObjectFactory factory) {
+ super(factory);
+ }
+
+ public MyWebMockObjectFactory(WebMockObjectFactory factory, boolean createNewSession) {
+ super(factory, createNewSession);
+ }
+
+ @Override
+ public MyMockServletContext createMockServletContext() {
+ return new MyMockServletContext();
+ }
+
+ }
+
+}
diff --git a/extensions/geode-modules-session/src/main/java/org/apache/geode/modules/session/filter/SessionCachingFilter.java b/extensions/geode-modules-session/src/main/java/org/apache/geode/modules/session/filter/SessionCachingFilter.java
index f2a368e..6f9a643 100644
--- a/extensions/geode-modules-session/src/main/java/org/apache/geode/modules/session/filter/SessionCachingFilter.java
+++ b/extensions/geode-modules-session/src/main/java/org/apache/geode/modules/session/filter/SessionCachingFilter.java
@@ -31,6 +31,7 @@ import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletRequestWrapper;
import javax.servlet.ServletResponse;
+import javax.servlet.SessionCookieConfig;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
@@ -203,8 +204,11 @@ public class SessionCachingFilter implements Filter {
return;
}
+ SessionCookieConfig cookieConfig = context.getSessionCookieConfig();
Cookie cookie = new Cookie(manager.getSessionCookieName(), session.getId());
cookie.setPath("".equals(getContextPath()) ? "/" : getContextPath());
+ cookie.setHttpOnly(cookieConfig.isHttpOnly());
+ cookie.setSecure(cookieConfig.isSecure());
response.addCookie(cookie);
}
diff --git a/geode-docs/tools_modules/http_session_mgmt/quick_start.html.md.erb b/geode-docs/tools_modules/http_session_mgmt/quick_start.html.md.erb
index 682719b..66d79d1 100644
--- a/geode-docs/tools_modules/http_session_mgmt/quick_start.html.md.erb
+++ b/geode-docs/tools_modules/http_session_mgmt/quick_start.html.md.erb
@@ -31,7 +31,7 @@ In this section you download, install, and set up the HTTP Session Management mo
| Tomcat | 8.5 | [http://tomcat.apache.org/download-80.cgi](http://tomcat.apache.org/download-80.cgi) |
| Tomcat | 9.0 | [https://tomcat.apache.org/download-90.cgi](https://tomcat.apache.org/download-90.cgi) |
- The generic HTTP Session Management Module for AppServers is implemented as a servlet filter and should work on any application server platform that supports the Java Servlet 2.4 specification.
+ The generic HTTP Session Management Module for AppServers is implemented as a servlet filter and should work on any application server platform that supports the Java Servlet 3.1 specification.
2. The HTTP Session Management Modules installation .zip files are located in the `tools/Modules` directory of the product installation directory. Locate the .zip file for the HTTP Session Management Module that you wish to install. Unzip the appropriate HTTP Session Management Module into the specified directory for your application server:
diff --git a/geode-docs/tools_modules/http_session_mgmt/session_mgmt_weblogic.html.md.erb b/geode-docs/tools_modules/http_session_mgmt/session_mgmt_weblogic.html.md.erb
index fc1be0c..0ef1868 100644
--- a/geode-docs/tools_modules/http_session_mgmt/session_mgmt_weblogic.html.md.erb
+++ b/geode-docs/tools_modules/http_session_mgmt/session_mgmt_weblogic.html.md.erb
@@ -21,7 +21,7 @@ limitations under the License.
You implement session caching with the HTTP Session Management Module for AppServers with a special filter, defined in the `web.xml`, which is configured to intercept and wrap all requests.
-You can use this HTTP module with a variety of application servers. Wrapping each request allows the interception of `getSession()` calls to be handled by <%=vars.product_name%> instead of the native container. This approach is a generic solution, which is supported by any container that implements the Servlet 2.4 specification.
+You can use this HTTP module with a variety of application servers. Wrapping each request allows the interception of `getSession()` calls to be handled by <%=vars.product_name%> instead of the native container. This approach is a generic solution, which is supported by any container that implements the Servlet 3.1 specification.
- **[Setting Up the HTTP Module for AppServers](../../tools_modules/http_session_mgmt/weblogic_setting_up_the_module.html)**