You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lu...@apache.org on 2014/09/24 00:12:31 UTC
svn commit: r1627165 - in
/myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared:
context/flash/FlashImpl.java context/flash/_Servlet30Utils.java
util/ServletSpecifications.java
Author: lu4242
Date: Tue Sep 23 22:12:30 2014
New Revision: 1627165
URL: http://svn.apache.org/r1627165
Log:
MYFACES-3923 MyFaces uses Servlet 3.0 only method cookie.setHttpOnly(true)
Added:
myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/context/flash/_Servlet30Utils.java
myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/util/ServletSpecifications.java
Modified:
myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java
Modified: myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java?rev=1627165&r1=1627164&r2=1627165&view=diff
==============================================================================
--- myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java (original)
+++ myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java Tue Sep 23 22:12:30 2014
@@ -46,6 +46,7 @@ import javax.faces.event.PreClearFlashEv
import javax.faces.event.PreRemoveFlashValueEvent;
import javax.faces.lifecycle.ClientWindow;
import org.apache.myfaces.shared.config.MyfacesConfig;
+import org.apache.myfaces.shared.util.ServletSpecifications;
/**
* Implementation of Flash object
@@ -1057,8 +1058,11 @@ public class FlashImpl extends Flash
cookie.setMaxAge(-1);
cookie.setPath(_getCookiePath(externalContext));
cookie.setSecure(externalContext.isSecure());
- cookie.setHttpOnly(true);
-
+ //cookie.setHttpOnly(true);
+ if (ServletSpecifications.isServlet30Available())
+ {
+ _Servlet30Utils.setCookieHttpOnly(cookie, true);
+ }
return cookie;
}
Added: myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/context/flash/_Servlet30Utils.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/context/flash/_Servlet30Utils.java?rev=1627165&view=auto
==============================================================================
--- myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/context/flash/_Servlet30Utils.java (added)
+++ myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/context/flash/_Servlet30Utils.java Tue Sep 23 22:12:30 2014
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.shared.context.flash;
+
+import javax.servlet.http.Cookie;
+
+/**
+ *
+ */
+public final class _Servlet30Utils
+{
+
+ public static void setCookieHttpOnly(Cookie cookie, boolean value)
+ {
+ cookie.setHttpOnly(value);
+ }
+}
Added: myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/util/ServletSpecifications.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/util/ServletSpecifications.java?rev=1627165&view=auto
==============================================================================
--- myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/util/ServletSpecifications.java (added)
+++ myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/util/ServletSpecifications.java Tue Sep 23 22:12:30 2014
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.shared.util;
+
+import java.lang.reflect.Method;
+
+/**
+ *
+ */
+public final class ServletSpecifications
+{
+ private static volatile Boolean servlet30Available;
+
+ public static boolean isServlet30Available()
+ {
+ if (servlet30Available == null)
+ {
+ Class clazz = ClassUtils.simpleClassForName("javax.servlet.http.Cookie");
+ try
+ {
+ Method m = clazz.getMethod("setHttpOnly", boolean.class);
+ if (m != null)
+ {
+ servlet30Available = Boolean.TRUE;
+ }
+ else
+ {
+ servlet30Available = Boolean.FALSE;
+ }
+ }
+ catch (NoSuchMethodException ex)
+ {
+ servlet30Available = Boolean.FALSE;
+ }
+ catch (SecurityException ex)
+ {
+ // Don't assume servlet 2.5 if a SecurityException is thrown,
+ // assume always servlet 3.0
+ servlet30Available = Boolean.TRUE;
+ }
+ }
+ return servlet30Available;
+ }
+
+}