You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by ja...@apache.org on 2011/06/17 20:55:09 UTC
svn commit: r1136978 - in /myfaces/shared/trunk/core/src:
main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java
test/java/org/apache/myfaces/shared/context/flash/FlashImplTest.java
Author: jakobk
Date: Fri Jun 17 18:55:09 2011
New Revision: 1136978
URL: http://svn.apache.org/viewvc?rev=1136978&view=rev
Log:
MYFACES-3177 Add secure flag for cookies if the page is accessed over a secure protocol (implement for 2.1.x)
Modified:
myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java
myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/context/flash/FlashImplTest.java
Modified: myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java?rev=1136978&r1=1136977&r2=1136978&view=diff
==============================================================================
--- myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java (original)
+++ myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java Fri Jun 17 18:55:09 2011
@@ -39,7 +39,6 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
-import java.util.logging.Level;
import java.util.logging.Logger;
/**
@@ -588,9 +587,7 @@ public class FlashImpl extends Flash
.getHttpServletResponse(externalContext);
if (httpResponse != null)
{
- Cookie cookie = new Cookie(FLASH_REDIRECT, "true");
- cookie.setMaxAge(-1);
- cookie.setPath(_getCookiePath(externalContext));
+ Cookie cookie = _createFlashCookie(FLASH_REDIRECT, "true", externalContext);
httpResponse.addCookie(cookie);
}
else
@@ -598,7 +595,7 @@ public class FlashImpl extends Flash
externalContext.getSessionMap().put(FLASH_REDIRECT, true);
}
}
-
+
/**
* Restores the redirect value of the previous request and saves
* it in the RequestMap under the key FLASH_PREVIOUS_REQUEST_REDIRECT.
@@ -734,9 +731,7 @@ public class FlashImpl extends Flash
HttpServletResponse httpResponse = ExternalContextUtils.getHttpServletResponse(externalContext);
if (httpResponse != null)
{
- Cookie cookie = new Cookie(FLASH_RENDER_MAP_TOKEN, tokenValue);
- cookie.setMaxAge(-1);
- cookie.setPath(_getCookiePath(externalContext));
+ Cookie cookie = _createFlashCookie(FLASH_RENDER_MAP_TOKEN, tokenValue, externalContext);
httpResponse.addCookie(cookie);
}
else
@@ -1004,6 +999,26 @@ public class FlashImpl extends Flash
}
/**
+ * Creates a Cookie with the given name and value.
+ * In addition, it will be configured with maxAge=-1, the current request path and secure value.
+ *
+ * @param name
+ * @param value
+ * @param externalContext
+ * @return
+ */
+ private Cookie _createFlashCookie(String name, String value, ExternalContext externalContext)
+ {
+ Cookie cookie = new Cookie(name, value);
+
+ cookie.setMaxAge(-1);
+ cookie.setPath(_getCookiePath(externalContext));
+ cookie.setSecure(externalContext.isSecure());
+
+ return cookie;
+ }
+
+ /**
* Returns the path for the Flash-Cookies.
* @param externalContext
* @return
Modified: myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/context/flash/FlashImplTest.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/context/flash/FlashImplTest.java?rev=1136978&r1=1136977&r2=1136978&view=diff
==============================================================================
--- myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/context/flash/FlashImplTest.java (original)
+++ myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/context/flash/FlashImplTest.java Fri Jun 17 18:55:09 2011
@@ -26,9 +26,13 @@ import java.util.Map;
import javax.faces.application.FacesMessage;
import javax.faces.event.PhaseId;
+import javax.servlet.ServletContext;
import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.apache.myfaces.test.base.AbstractViewControllerTestCase;
+import org.apache.myfaces.test.mock.MockExternalContext20;
import org.apache.myfaces.test.mock.MockFacesContext20;
import org.apache.myfaces.test.mock.MockHttpServletRequest;
import org.apache.myfaces.test.mock.MockHttpServletResponse;
@@ -49,6 +53,16 @@ public class FlashImplTest extends Abstr
}
@Override
+ protected void setUpFacesContext() throws Exception
+ {
+ super.setUpFacesContext();
+
+ // Unfortunately, setUpExternalContext() does not work, b/c MockFacesContext20 overwrites it!
+ externalContext = new MockExternalContext21(servletContext, request, response);
+ facesContext.setExternalContext(externalContext);
+ }
+
+ @Override
protected void setUp() throws Exception
{
super.setUp();
@@ -1049,4 +1063,31 @@ public class FlashImplTest extends Abstr
}
}
+ /**
+ * Adds isSecure() implementation to MockExternalContext20.
+ *
+ * TODO remove this one as soon as MyFaces-Test provides MockExternalContext21.
+ */
+ private static class MockExternalContext21 extends MockExternalContext20
+ {
+
+ private boolean secure = false;
+
+ private MockExternalContext21(ServletContext context, HttpServletRequest request, HttpServletResponse response)
+ {
+ super(context, request, response);
+ }
+
+ @Override
+ public boolean isSecure()
+ {
+ return secure;
+ }
+
+ public void setSecure(boolean secure)
+ {
+ this.secure = secure;
+ }
+ }
+
}