You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by lh...@apache.org on 2009/01/21 07:01:47 UTC
svn commit: r736234 - in /incubator/jsecurity/trunk/web:
src/org/jsecurity/web/attr/CookieAttribute.java
test/org/jsecurity/web/attr/CookieAttributeTest.java
Author: lhazlewood
Date: Tue Jan 20 22:01:46 2009
New Revision: 736234
URL: http://svn.apache.org/viewvc?rev=736234&view=rev
Log:
JSEC-34 - added logic to add '/' if the request contextPath is null or empty, accompanied by two test cases for verification
Modified:
incubator/jsecurity/trunk/web/src/org/jsecurity/web/attr/CookieAttribute.java
incubator/jsecurity/trunk/web/test/org/jsecurity/web/attr/CookieAttributeTest.java
Modified: incubator/jsecurity/trunk/web/src/org/jsecurity/web/attr/CookieAttribute.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/src/org/jsecurity/web/attr/CookieAttribute.java?rev=736234&r1=736233&r2=736234&view=diff
==============================================================================
--- incubator/jsecurity/trunk/web/src/org/jsecurity/web/attr/CookieAttribute.java (original)
+++ incubator/jsecurity/trunk/web/src/org/jsecurity/web/attr/CookieAttribute.java Tue Jan 20 22:01:46 2009
@@ -20,6 +20,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.jsecurity.util.StringUtils;
import static org.jsecurity.web.WebUtils.toHttp;
import javax.servlet.ServletRequest;
@@ -39,9 +40,11 @@
public class CookieAttribute<T> extends AbstractWebAttribute<T> {
//TODO - complete JavaDoc
-
- /** Private internal log instance. */
- private static final Log log = LogFactory.getLog(CookieAttribute.class);
+
+ /**
+ * Private internal log instance.
+ */
+ private static final Log log = LogFactory.getLog(CookieAttribute.class);
/**
* The number of seconds in one year (= 60 * 60 * 24 * 365).
@@ -58,6 +61,11 @@
* <code>null</code>, indicating the cookie should be set on the request context root.
*/
public static final String DEFAULT_PATH = null;
+
+ /**
+ * Root path to use when the path hasn't been set and request context root is empty or null.
+ */
+ public static final String ROOT_PATH = "/";
/**
* <code>-1</code>, indicating the cookie should expire when the browser closes.
*/
@@ -233,7 +241,7 @@
String stringValue;
Cookie cookie = getCookie(toHttp(request), getName());
- if (cookie != null && cookie.getMaxAge() != 0 ) {
+ if (cookie != null && cookie.getMaxAge() != 0) {
stringValue = cookie.getValue();
if (log.isInfoEnabled()) {
log.info("Found string value [" + stringValue + "] from HttpServletRequest Cookie [" + getName() + "]");
@@ -257,6 +265,12 @@
int maxAge = getMaxAge();
String path = getPath() != null ? getPath() : request.getContextPath();
+ //fix for http://issues.apache.org/jira/browse/JSEC-34:
+ path = StringUtils.clean(path);
+ if (path == null) {
+ path = ROOT_PATH;
+ }
+
String stringValue = toStringValue(value);
Cookie cookie = new Cookie(name, stringValue);
cookie.setMaxAge(maxAge);
Modified: incubator/jsecurity/trunk/web/test/org/jsecurity/web/attr/CookieAttributeTest.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/web/test/org/jsecurity/web/attr/CookieAttributeTest.java?rev=736234&r1=736233&r2=736234&view=diff
==============================================================================
--- incubator/jsecurity/trunk/web/test/org/jsecurity/web/attr/CookieAttributeTest.java (original)
+++ incubator/jsecurity/trunk/web/test/org/jsecurity/web/attr/CookieAttributeTest.java Tue Jan 20 22:01:46 2009
@@ -20,6 +20,7 @@
import junit.framework.TestCase;
import static org.easymock.EasyMock.*;
+import org.easymock.IArgumentMatcher;
import org.junit.Before;
import org.junit.Test;
@@ -67,4 +68,57 @@
assertTrue(cookie.getMaxAge() == 0);
assertTrue(cookie.getPath().equals("/somepath"));
}
+
+ private void testContextPath(String contextPath) {
+ Cookie cookie = new Cookie("test", "blah");
+ cookie.setMaxAge(-1);
+ cookie.setPath("/");
+
+ expect(mockRequest.getContextPath()).andReturn(contextPath);
+
+ mockResponse.addCookie(eqCookie(cookie));
+
+ replay(mockRequest);
+ replay(mockResponse);
+
+ cookieAttribute.setName("test");
+ cookieAttribute.storeValue("blah", mockRequest, mockResponse);
+
+ verify(mockRequest);
+ verify(mockResponse);
+ }
+
+ @Test
+ /** Verifies fix for <a href="http://issues.apache.org/jira/browse/JSEC-34">JSEC-34</a> (1 of 2)*/
+ public void testEmptyContextPath() throws Exception {
+ testContextPath("");
+ }
+
+
+ @Test
+ /** Verifies fix for <a href="http://issues.apache.org/jira/browse/JSEC-34">JSEC-34</a> (2 of 2)*/
+ public void testNullContextPath() throws Exception {
+ testContextPath(null);
+ }
+
+ private static <T extends Cookie> T eqCookie(final T in) {
+ reportMatcher(new IArgumentMatcher() {
+ public boolean matches(Object o) {
+ Cookie c = (Cookie) o;
+ return c.getName().equals(in.getName()) &&
+ c.getPath().equals(in.getPath()) &&
+ c.getMaxAge() == in.getMaxAge() &&
+ c.getSecure() == in.getSecure() &&
+ c.getValue().equals(in.getValue());
+ }
+
+ public void appendTo(StringBuffer sb) {
+ sb.append("eqCookie(");
+ sb.append(in.getClass().getName());
+ sb.append(")");
+
+ }
+ });
+ return null;
+ }
}