You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@cocoon.apache.org by an...@apache.org on 2005/07/20 16:04:31 UTC
svn commit: r219902 - in /cocoon/trunk: ./ src/java/org/apache/cocoon/core/ src/java/org/apache/cocoon/generation/ src/java/org/apache/cocoon/servlet/ src/webapp/WEB-INF/

Author: anathaniel
Date: Wed Jul 20 07:04:30 2005
New Revision: 219902

URL: http://svn.apache.org/viewcvs?rev=219902&view=rev
Log:
Added parameter "show-cocoon-version" to web.xml for configuring whether X-Cocoon-Version
response header should be sent.  Default is true.

Bugzilla #33388

Modified:
    cocoon/trunk/src/java/org/apache/cocoon/core/DynamicSettings.java
    cocoon/trunk/src/java/org/apache/cocoon/core/MutableSettings.java
    cocoon/trunk/src/java/org/apache/cocoon/generation/StatusGenerator.java
    cocoon/trunk/src/java/org/apache/cocoon/servlet/CocoonServlet.java
    cocoon/trunk/src/java/org/apache/cocoon/servlet/SettingsHelper.java
    cocoon/trunk/src/webapp/WEB-INF/web.xml
    cocoon/trunk/status.xml

Modified: cocoon/trunk/src/java/org/apache/cocoon/core/DynamicSettings.java
URL: http://svn.apache.org/viewcvs/cocoon/trunk/src/java/org/apache/cocoon/core/DynamicSettings.java?rev=219902&r1=219901&r2=219902&view=diff
==============================================================================
--- cocoon/trunk/src/java/org/apache/cocoon/core/DynamicSettings.java (original)
+++ cocoon/trunk/src/java/org/apache/cocoon/core/DynamicSettings.java Wed Jul 20 07:04:30 2005
@@ -43,6 +43,11 @@
     boolean HIDE_SHOW_TIME = false;
 
     /**
+     * Default value for {@link #isShowCocoonVersion()} parameter (true)
+     */
+    boolean SHOW_COCOON_VERSION = true;
+
+    /**
      * Allow reinstantiating (reloading) of the cocoon instance. If this is
      * set to "yes" or "true", a new cocoon instance can be created using
      * the request parameter "cocoon-reload". It also enables that Cocoon is
@@ -86,6 +91,11 @@
     String KEY_HIDE_SHOWTIME = "hideshowtime";
 
     /**
+     * If true, the X-Cocoon-Version response header will be included.
+     */
+    String KEY_SHOW_COCOON_VERSION = "showcocoonversion";
+
+    /**
      * Delay between reload checks for the configuration
      */
     String KEY_CONFIGURATION_RELOAD_DELAY = "configuration.reloaddelay";
@@ -100,6 +110,12 @@
      * @see #KEY_HIDE_SHOWTIME
      */
     boolean isHideShowTime();
+
+    /**
+     * @return Returns the showCocoonVersion.
+     * @see #KEY_SHOW_COCOON_VERSION
+     */
+    boolean isShowCocoonVersion();
 
     /**
      * @return Returns the allowReload.

Modified: cocoon/trunk/src/java/org/apache/cocoon/core/MutableSettings.java
URL: http://svn.apache.org/viewcvs/cocoon/trunk/src/java/org/apache/cocoon/core/MutableSettings.java?rev=219902&r1=219901&r2=219902&view=diff
==============================================================================
--- cocoon/trunk/src/java/org/apache/cocoon/core/MutableSettings.java (original)
+++ cocoon/trunk/src/java/org/apache/cocoon/core/MutableSettings.java Wed Jul 20 07:04:30 2005
@@ -201,6 +201,11 @@
     protected boolean hideShowTime = HIDE_SHOW_TIME;
 
     /**
+     * If true, the X-Cocoon-Version response header will be included.
+     */
+    protected boolean showCocoonVersion = SHOW_COCOON_VERSION;
+
+    /**
      * If true or not set, this class will try to catch and handle all Cocoon exceptions.
      * If false, it will rethrow them to the servlet container.
      */
@@ -290,6 +295,8 @@
                         this.showTime = BooleanUtils.toBoolean(value);
                     } else if ( key.equals(KEY_HIDE_SHOWTIME) ) {
                         this.hideShowTime = BooleanUtils.toBoolean(value);
+                    } else if ( key.equals(KEY_SHOW_COCOON_VERSION) ) {
+                        this.showCocoonVersion = BooleanUtils.toBoolean(value);
                     } else if ( key.equals(KEY_MANAGE_EXCEPTIONS) ) {
                         this.manageExceptions = BooleanUtils.toBoolean(value);
                     } else if ( key.equals(KEY_FORM_ENCODING) ) {
@@ -453,6 +460,13 @@
     }
 
     /**
+     * @return Returns the showCocoonVersion flag.
+     */
+    public boolean isShowCocoonVersion() {
+        return this.showCocoonVersion;
+    }
+
+    /**
      * @return Returns the uploadDirectory.
      */
     public String getUploadDirectory() {
@@ -634,6 +648,7 @@
           KEY_FORM_ENCODING + " : " + this.formEncoding + '\n' +
           KEY_SHOWTIME + " : " + this.showTime + '\n' +
           KEY_HIDE_SHOWTIME + " : " + this.hideShowTime + '\n' +
+          KEY_SHOW_COCOON_VERSION + " : " + this.showCocoonVersion + '\n' +
           KEY_LAZY_MODE + " : " + this.lazyMode + '\n';
     }
 
@@ -837,6 +852,14 @@
     public void setShowTime(boolean showTime) {
         this.checkWriteable();
         this.showTime = showTime;
+    }
+
+    /**
+     * @param showCocoonVersion The showCocoonVersion flag to set.
+     */
+    public void setShowCocoonVersion(boolean showCocoonVersion) {
+        this.checkWriteable();
+        this.showCocoonVersion = showCocoonVersion;
     }
 
     /**

Modified: cocoon/trunk/src/java/org/apache/cocoon/generation/StatusGenerator.java
URL: http://svn.apache.org/viewcvs/cocoon/trunk/src/java/org/apache/cocoon/generation/StatusGenerator.java?rev=219902&r1=219901&r2=219902&view=diff
==============================================================================
--- cocoon/trunk/src/java/org/apache/cocoon/generation/StatusGenerator.java (original)
+++ cocoon/trunk/src/java/org/apache/cocoon/generation/StatusGenerator.java Wed Jul 20 07:04:30 2005
@@ -424,6 +424,7 @@
         this.addValue(Settings.KEY_UPLOADS_OVERWRITE, s.isAllowOverwrite());
         this.addValue(Settings.KEY_SHOWTIME, s.isShowTime());
         this.addValue(Settings.KEY_HIDE_SHOWTIME, s.isHideShowTime());
+        this.addValue(Settings.KEY_SHOW_COCOON_VERSION, s.isShowCocoonVersion());
         this.addValue(Settings.KEY_LAZY_MODE, s.isLazyMode());
 
         this.endGroup();

Modified: cocoon/trunk/src/java/org/apache/cocoon/servlet/CocoonServlet.java
URL: http://svn.apache.org/viewcvs/cocoon/trunk/src/java/org/apache/cocoon/servlet/CocoonServlet.java?rev=219902&r1=219901&r2=219902&view=diff
==============================================================================
--- cocoon/trunk/src/java/org/apache/cocoon/servlet/CocoonServlet.java (original)
+++ cocoon/trunk/src/java/org/apache/cocoon/servlet/CocoonServlet.java Wed Jul 20 07:04:30 2005
@@ -281,7 +281,9 @@
         stopWatch.start();
 
         // add the cocoon header timestamp
-        res.addHeader("X-Cocoon-Version", Constants.VERSION);
+        if (this.coreUtil.getSettings().isShowCocoonVersion()) {
+            res.addHeader("X-Cocoon-Version", Constants.VERSION);
+        }
 
         // get the request (wrapped if contains multipart-form data)
         HttpServletRequest request;

Modified: cocoon/trunk/src/java/org/apache/cocoon/servlet/SettingsHelper.java
URL: http://svn.apache.org/viewcvs/cocoon/trunk/src/java/org/apache/cocoon/servlet/SettingsHelper.java?rev=219902&r1=219901&r2=219902&view=diff
==============================================================================
--- cocoon/trunk/src/java/org/apache/cocoon/servlet/SettingsHelper.java (original)
+++ cocoon/trunk/src/java/org/apache/cocoon/servlet/SettingsHelper.java Wed Jul 20 07:04:30 2005
@@ -126,6 +126,8 @@
             s.setHideShowTime(false);
         }
 
+        s.setShowCocoonVersion(getInitParameterAsBoolean(config, "show-cocoon-version", s.isShowCocoonVersion()));
+
         s.setManageExceptions(getInitParameterAsBoolean(config, "manage-exceptions", s.isManageExceptions()));
 
         value = getInitParameter(config, "form-encoding");

Modified: cocoon/trunk/src/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewcvs/cocoon/trunk/src/webapp/WEB-INF/web.xml?rev=219902&r1=219901&r2=219902&view=diff
==============================================================================
--- cocoon/trunk/src/webapp/WEB-INF/web.xml (original)
+++ cocoon/trunk/src/webapp/WEB-INF/web.xml Wed Jul 20 07:04:30 2005
@@ -323,6 +323,18 @@
     -->
 
     <!--
+      Whether or not the X-Cocoon-Version response header will be included.
+      This is true by default, but there may be some circumstances when it
+      is not desired (e.g. "information hiding" for added security, or if
+      using jsp:include with Cocoon-generated pages produces a "response is
+      already committed" error).
+    -->
+    <init-param>
+      <param-name>show-cocoon-version</param-name>
+      <param-value>true</param-value>
+    </init-param>
+
+    <!--
        If true or not set, this class will try to catch and handle all Cocoon
        exceptions. If false, it will rethrow them to the servlet container.
     -->

Modified: cocoon/trunk/status.xml
URL: http://svn.apache.org/viewcvs/cocoon/trunk/status.xml?rev=219902&r1=219901&r2=219902&view=diff
==============================================================================
--- cocoon/trunk/status.xml (original)
+++ cocoon/trunk/status.xml Wed Jul 20 07:04:30 2005
@@ -197,6 +197,12 @@
 
   <changes>
   <release version="@version@" date="@date@">
+    <action dev="AN" type="add" fixes-bug="33388" due-to="Andrew Stevens" due-to-email="ats37@hotmail.com">
+      Added parameter "show-cocoon-version" to web.xml for configuring whether X-Cocoon-Version
+      response header should be sent.  Default is true.
+      In a security paranoid environment you may want to set it to false in order to hide from
+      the outside world which Cocoon version you are running.
+    </action>
     <action dev="AN" type="add" fixes-bug="35228" due-to="Jochen Kuhnle" due-to-email="werbung@kuhnle.net">
       XSP block: Added short-cut notation {#expr} for interpolation of
       XSP expressions in attribute values and text nodes.