You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by ja...@apache.org on 2011/06/17 20:25:49 UTC
svn commit: r1136967 -
/myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java
Author: jakobk
Date: Fri Jun 17 18:25:49 2011
New Revision: 1136967
URL: http://svn.apache.org/viewvc?rev=1136967&view=rev
Log:
MYFACES-3177 Add secure flag for cookies if the page is accessed over a secure protocol
Modified:
myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java
Modified: myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java?rev=1136967&r1=1136966&r2=1136967&view=diff
==============================================================================
--- myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java (original)
+++ myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java Fri Jun 17 18:25:49 2011
@@ -26,6 +26,7 @@ import javax.faces.context.ExternalConte
import javax.faces.context.FacesContext;
import javax.faces.context.Flash;
import javax.faces.event.PhaseId;
+import javax.servlet.ServletRequest;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import java.io.Serializable;
@@ -39,7 +40,6 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
-import java.util.logging.Level;
import java.util.logging.Logger;
/**
@@ -588,9 +588,7 @@ public class FlashImpl extends Flash
.getHttpServletResponse(externalContext);
if (httpResponse != null)
{
- Cookie cookie = new Cookie(FLASH_REDIRECT, "true");
- cookie.setMaxAge(-1);
- cookie.setPath(_getCookiePath(externalContext));
+ Cookie cookie = _createFlashCookie(FLASH_REDIRECT, "true", externalContext);
httpResponse.addCookie(cookie);
}
else
@@ -598,7 +596,7 @@ public class FlashImpl extends Flash
externalContext.getSessionMap().put(FLASH_REDIRECT, true);
}
}
-
+
/**
* Restores the redirect value of the previous request and saves
* it in the RequestMap under the key FLASH_PREVIOUS_REQUEST_REDIRECT.
@@ -734,9 +732,7 @@ public class FlashImpl extends Flash
HttpServletResponse httpResponse = ExternalContextUtils.getHttpServletResponse(externalContext);
if (httpResponse != null)
{
- Cookie cookie = new Cookie(FLASH_RENDER_MAP_TOKEN, tokenValue);
- cookie.setMaxAge(-1);
- cookie.setPath(_getCookiePath(externalContext));
+ Cookie cookie = _createFlashCookie(FLASH_RENDER_MAP_TOKEN, tokenValue, externalContext);
httpResponse.addCookie(cookie);
}
else
@@ -1004,6 +1000,26 @@ public class FlashImpl extends Flash
}
/**
+ * Creates a Cookie with the given name and value.
+ * In addition, it will be configured with maxAge=-1, the current request path and secure value.
+ *
+ * @param name
+ * @param value
+ * @param externalContext
+ * @return
+ */
+ private Cookie _createFlashCookie(String name, String value, ExternalContext externalContext)
+ {
+ Cookie cookie = new Cookie(name, value);
+
+ cookie.setMaxAge(-1);
+ cookie.setPath(_getCookiePath(externalContext));
+ cookie.setSecure(_isCurrentRequestSecure(externalContext));
+
+ return cookie;
+ }
+
+ /**
* Returns the path for the Flash-Cookies.
* @param externalContext
* @return
@@ -1019,6 +1035,27 @@ public class FlashImpl extends Flash
return contextPath;
}
+
+ /**
+ * Return true if the current request is secure (--> HTTPS).
+ *
+ * @param externalContext
+ * @return
+ */
+ private boolean _isCurrentRequestSecure(ExternalContext externalContext)
+ {
+ boolean secure = false;
+
+ // NOTE that ExternalContext.isSecure() is only available
+ // since JSF 2.1, thus we have to check ServletRequest directly here
+ Object requestObject = externalContext.getRequest();
+ if (requestObject instanceof ServletRequest)
+ {
+ secure = ((ServletRequest) requestObject).isSecure();
+ }
+
+ return secure;
+ }
/**
* Convert the Object to a Boolean.