You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/04/02 12:05:53 UTC
[tomcat] branch 8.5.x updated: Expose the HttpServletRequest to
CookieProcessor.generateHeader()
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new e81d0ff Expose the HttpServletRequest to CookieProcessor.generateHeader()
e81d0ff is described below
commit e81d0ff318818243c3a9d520ebf2f51491d81c0f
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Apr 2 12:36:55 2020 +0100
Expose the HttpServletRequest to CookieProcessor.generateHeader()
---
java/org/apache/catalina/connector/Response.java | 4 ++--
.../catalina/core/ApplicationPushBuilder.java | 2 +-
.../apache/tomcat/util/http/CookieProcessor.java | 25 ++++++++++++++++++++++
.../tomcat/util/http/CookieProcessorBase.java | 17 +++++++++++++++
.../tomcat/util/http/LegacyCookieProcessor.java | 8 +++++++
.../tomcat/util/http/Rfc6265CookieProcessor.java | 8 +++++++
.../util/http/TestCookieProcessorGeneration.java | 6 +++---
webapps/docs/changelog.xml | 6 ++++++
8 files changed, 70 insertions(+), 6 deletions(-)
diff --git a/java/org/apache/catalina/connector/Response.java b/java/org/apache/catalina/connector/Response.java
index 97c18a5..b204bca 100644
--- a/java/org/apache/catalina/connector/Response.java
+++ b/java/org/apache/catalina/connector/Response.java
@@ -974,11 +974,11 @@ public class Response implements HttpServletResponse {
return AccessController.doPrivileged(new PrivilegedAction<String>() {
@Override
public String run(){
- return getContext().getCookieProcessor().generateHeader(cookie);
+ return getContext().getCookieProcessor().generateHeader(cookie, request.getRequest());
}
});
} else {
- return getContext().getCookieProcessor().generateHeader(cookie);
+ return getContext().getCookieProcessor().generateHeader(cookie, request.getRequest());
}
}
diff --git a/java/org/apache/catalina/core/ApplicationPushBuilder.java b/java/org/apache/catalina/core/ApplicationPushBuilder.java
index 98ba60d..052bef0 100644
--- a/java/org/apache/catalina/core/ApplicationPushBuilder.java
+++ b/java/org/apache/catalina/core/ApplicationPushBuilder.java
@@ -425,7 +425,7 @@ public class ApplicationPushBuilder {
// However, if passed a Cookie with just a name and value set it
// will generate an appropriate header for the Cookie header on the
// pushed request.
- result.append(cookieProcessor.generateHeader(cookie));
+ result.append(cookieProcessor.generateHeader(cookie, null));
}
return result.toString();
}
diff --git a/java/org/apache/tomcat/util/http/CookieProcessor.java b/java/org/apache/tomcat/util/http/CookieProcessor.java
index e0efbf1..ffda7b7 100644
--- a/java/org/apache/tomcat/util/http/CookieProcessor.java
+++ b/java/org/apache/tomcat/util/http/CookieProcessor.java
@@ -19,6 +19,7 @@ package org.apache.tomcat.util.http;
import java.nio.charset.Charset;
import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
public interface CookieProcessor {
@@ -38,10 +39,34 @@ public interface CookieProcessor {
*
* @return The header value in a form that can be added directly to the
* response
+ *
+ * @deprecated This method has been replaced with
+ * {@link #generateHeader(Cookie, HttpServletRequest)} and will
+ * be removed from Tomcat 10 onwards.
*/
+ @Deprecated
String generateHeader(Cookie cookie);
/**
+ * Generate the {@code Set-Cookie} HTTP header value for the given Cookie.
+ * This method receives as parameter the servlet request so that it can make
+ * decisions based on request properties. One such use-case is decide if the
+ * SameSite attribute should be added to the cookie based on the User-Agent
+ * or other request header because there are browser versions incompatible
+ * with the SameSite attribute. This is described by <a
+ * href="https://www.chromium.org/updates/same-site/incompatible-clients">the
+ * Chromium project</a>.
+ *
+ * @param request The servlet request
+ *
+ * @param cookie The cookie for which the header will be generated
+ *
+ * @return The header value in a form that can be added directly to the
+ * response
+ */
+ String generateHeader(Cookie cookie, HttpServletRequest request);
+
+ /**
* Obtain the character set that will be used when converting between bytes
* and characters when parsing and/or generating HTTP headers for cookies.
*
diff --git a/java/org/apache/tomcat/util/http/CookieProcessorBase.java b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
index 589df47..f00fc95 100644
--- a/java/org/apache/tomcat/util/http/CookieProcessorBase.java
+++ b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
@@ -22,6 +22,9 @@ import java.util.Date;
import java.util.Locale;
import java.util.TimeZone;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+
public abstract class CookieProcessorBase implements CookieProcessor {
private static final String COOKIE_DATE_PATTERN = "EEE, dd-MMM-yyyy HH:mm:ss z";
@@ -52,4 +55,18 @@ public abstract class CookieProcessorBase implements CookieProcessor {
public void setSameSiteCookies(String sameSiteCookies) {
this.sameSiteCookies = SameSiteCookies.fromString(sameSiteCookies);
}
+
+ /**
+ * {@inheritDoc}
+ *
+ * @deprecated This implementation calls the deprecated
+ * {@link #generateHeader(Cookie)} method. Implementors should
+ * not rely on this method as it is present only for
+ * transitional compatibility and will be removed in Tomcat 9.
+ */
+ @Deprecated
+ @Override
+ public String generateHeader(Cookie cookie, HttpServletRequest request) {
+ return generateHeader(cookie);
+ }
}
diff --git a/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java b/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
index 1692ee2..d87c7c2 100644
--- a/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
+++ b/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
@@ -23,6 +23,7 @@ import java.util.BitSet;
import java.util.Date;
import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -235,6 +236,13 @@ public final class LegacyCookieProcessor extends CookieProcessorBase {
@Override
public String generateHeader(Cookie cookie) {
+ return generateHeader(cookie, null);
+ }
+
+
+ @Override
+ public String generateHeader(Cookie cookie, HttpServletRequest request) {
+
/*
* The spec allows some latitude on when to send the version attribute
* with a Set-Cookie header. To be nice to clients, we'll make sure the
diff --git a/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java b/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
index 2021f3d..b0ff82f 100644
--- a/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
+++ b/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
@@ -22,6 +22,8 @@ import java.text.FieldPosition;
import java.util.BitSet;
import java.util.Date;
+import javax.servlet.http.HttpServletRequest;
+
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteChunk;
@@ -99,6 +101,12 @@ public class Rfc6265CookieProcessor extends CookieProcessorBase {
@Override
public String generateHeader(javax.servlet.http.Cookie cookie) {
+ return generateHeader(cookie, null);
+ }
+
+
+ @Override
+ public String generateHeader(javax.servlet.http.Cookie cookie, HttpServletRequest request) {
// Can't use StringBuilder due to DateFormat
StringBuffer header = new StringBuffer();
diff --git a/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java b/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
index c9d4b65..ef0ffc9 100644
--- a/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
+++ b/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
@@ -358,7 +358,7 @@ public class TestCookieProcessorGeneration {
if (expected == null) {
IllegalArgumentException e = null;
try {
- cookieProcessor.generateHeader(cookie);
+ cookieProcessor.generateHeader(cookie, null);
} catch (IllegalArgumentException iae) {
e = iae;
}
@@ -368,9 +368,9 @@ public class TestCookieProcessorGeneration {
cookie.getMaxAge() > 0) {
// Expires attribute will depend on time cookie is generated so
// use a modified test
- Assert.assertTrue(cookieProcessor.generateHeader(cookie).startsWith(expected));
+ Assert.assertTrue(cookieProcessor.generateHeader(cookie, null).startsWith(expected));
} else {
- Assert.assertEquals(expected, cookieProcessor.generateHeader(cookie));
+ Assert.assertEquals(expected, cookieProcessor.generateHeader(cookie, null));
}
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b2e481a..0245bd2 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -101,6 +101,12 @@
to the application without decoding it in addition to rejecting such
sequences and decoding such sequences. (markt)
</add>
+ <add>
+ Expose the associated <code>HttpServletRequest</code> to the
+ <code>CookieProcessor</code> when generating a cookie header so the
+ header can be tailored based on the properties of the request, such as
+ the user agent, if required. Based on a patch by Lazar Kirchev. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org