You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2009/01/10 14:37:33 UTC
svn commit: r733271 - in /tomcat/trunk/java:
javax/servlet/SessionCookieConfig.java
org/apache/catalina/connector/Request.java
org/apache/catalina/connector/Response.java
org/apache/catalina/core/ApplicationContext.java
Author: markt
Date: Sat Jan 10 05:37:33 2009
New Revision: 733271
URL: http://svn.apache.org/viewvc?rev=733271&view=rev
Log:
Implement SessionCookieConfig
Modified:
tomcat/trunk/java/javax/servlet/SessionCookieConfig.java
tomcat/trunk/java/org/apache/catalina/connector/Request.java
tomcat/trunk/java/org/apache/catalina/connector/Response.java
tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java
Modified: tomcat/trunk/java/javax/servlet/SessionCookieConfig.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/SessionCookieConfig.java?rev=733271&r1=733270&r2=733271&view=diff
==============================================================================
--- tomcat/trunk/java/javax/servlet/SessionCookieConfig.java (original)
+++ tomcat/trunk/java/javax/servlet/SessionCookieConfig.java Sat Jan 10 05:37:33 2009
@@ -20,7 +20,6 @@
*
* @since 3.0
* $Id$
- * TODO SERVLET3
*/
public class SessionCookieConfig {
private String domain;
@@ -29,6 +28,25 @@
private boolean httpOnly;
private boolean secure;
+ /**
+ *
+ * @param domain Domain to use for session cookies generated for a
+ * {@link ServletContext} in which this
+ * {@link SessionCookieConfig} has been set
+ * @param path Path to use for session cookies generated for a
+ * {@link ServletContext} in which this
+ * {@link SessionCookieConfig} has been set. If null
+ * {@link ServletContext#getContextPath()} is used
+ * @param comment Comment to use for session cookies generated for a
+ * {@link ServletContext} in which this
+ * {@link SessionCookieConfig} has been set
+ * @param isHttpOnly HttpOnly flag to use for session cookies generated for
+ * a {@link ServletContext} in which this
+ * {@link SessionCookieConfig} has been set
+ * @param isSecure If <code>true</code>, the cookie will always be marked
+ * as secure. If <code>false</code> the cookie will only
+ * be marked as secure if the request is secure.
+ */
public SessionCookieConfig(String domain, String path, String comment,
boolean isHttpOnly, boolean isSecure) {
this.domain = domain;
Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Request.java?rev=733271&r1=733270&r2=733271&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/Request.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Request.java Sat Jan 10 05:37:33 2009
@@ -45,6 +45,7 @@
import javax.servlet.ServletRequestAttributeEvent;
import javax.servlet.ServletRequestAttributeListener;
import javax.servlet.ServletResponse;
+import javax.servlet.SessionCookieConfig;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
@@ -2381,7 +2382,7 @@
Cookie cookie = new Cookie(Globals.SESSION_COOKIE_NAME,
session.getIdInternal());
configureSessionCookie(cookie);
- response.addCookieInternal(cookie, manager.getUseHttpOnly());
+ response.addCookieInternal(cookie);
}
if (session != null) {
@@ -2399,19 +2400,42 @@
* @param cookie The JSESSIONID cookie to be configured
*/
protected void configureSessionCookie(Cookie cookie) {
+ SessionCookieConfig scc =
+ context.getServletContext().getSessionCookieConfig();
+
cookie.setMaxAge(-1);
- String contextPath = null;
- if (!connector.getEmptySessionPath() && (getContext() != null)) {
- contextPath = getContext().getEncodedPath();
+
+ if (scc != null) {
+ cookie.setComment(scc.getComment());
}
- if ((contextPath != null) && (contextPath.length() > 0)) {
- cookie.setPath(contextPath);
- } else {
- cookie.setPath("/");
+
+ if (scc != null) {
+ cookie.setDomain(scc.getDomain());
}
- if (isSecure()) {
+
+ if ((scc != null && scc.isSecure()) || isSecure()) {
cookie.setSecure(true);
}
+
+ if ((scc != null && scc.isHttpOnly()) ||
+ context.getManager().getUseHttpOnly()) {
+ cookie.setHttpOnly(true);
+ }
+
+ if (!connector.getEmptySessionPath() &&
+ scc != null && scc.getPath() != null) {
+ cookie.setPath(scc.getPath());
+ } else {
+ String contextPath = null;
+ if (!connector.getEmptySessionPath() && (getContext() != null)) {
+ contextPath = getContext().getEncodedPath();
+ }
+ if ((contextPath != null) && (contextPath.length() > 0)) {
+ cookie.setPath(contextPath);
+ } else {
+ cookie.setPath("/");
+ }
+ }
}
protected String unescape(String s) {
Modified: tomcat/trunk/java/org/apache/catalina/connector/Response.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Response.java?rev=733271&r1=733270&r2=733271&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/Response.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Response.java Sat Jan 10 05:37:33 2009
@@ -974,20 +974,9 @@
* Add the specified Cookie to those that will be included with
* this Response.
*
- * @param cookie Cookie to be added
- */
- public void addCookieInternal(final Cookie cookie) {
- addCookieInternal(cookie, false);
- }
-
- /**
- * Add the specified Cookie to those that will be included with
- * this Response.
- *
* @param cookie Cookie to be added
- * @param httpOnly Should the httpOnly falg be set on this cookie
*/
- public void addCookieInternal(final Cookie cookie, final boolean httpOnly) {
+ public void addCookieInternal(final Cookie cookie) {
if (isCommitted())
return;
@@ -1003,7 +992,7 @@
cookie.getValue(), cookie.getPath(),
cookie.getDomain(), cookie.getComment(),
cookie.getMaxAge(), cookie.getSecure(),
- httpOnly);
+ cookie.isHttpOnly());
return null;
}
});
@@ -1011,7 +1000,8 @@
ServerCookie.appendCookieValue
(sb, cookie.getVersion(), cookie.getName(), cookie.getValue(),
cookie.getPath(), cookie.getDomain(), cookie.getComment(),
- cookie.getMaxAge(), cookie.getSecure(), httpOnly);
+ cookie.getMaxAge(), cookie.getSecure(),
+ cookie.isHttpOnly());
}
//if we reached here, no exception, cookie is valid
// the header name is Set-Cookie for both "old" and v.1 ( RFC2109 )
Modified: tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java?rev=733271&r1=733270&r2=733271&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java Sat Jan 10 05:37:33 2009
@@ -150,6 +150,11 @@
new ThreadLocal<DispatchData>();
+ /**
+ * Session Cookie config
+ */
+ private SessionCookieConfig sessionCookieConfig;
+
// --------------------------------------------------------- Public Methods
@@ -848,13 +853,12 @@
public SessionCookieConfig getSessionCookieConfig() {
- // TODO SERVLET3
- return null;
+ return sessionCookieConfig;
}
public void setSessionCookieConfig(SessionCookieConfig sessionCookieConfig) {
- // TODO SERVLET3
+ this.sessionCookieConfig = sessionCookieConfig;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org