[cxf] 01/02: [CXF-7720] Bunch of issues with case senstive Set-Cookie headers

Thu, 26 Apr 2018 09:35:38 -0700 

This is an automated email from the ASF dual-hosted git repository.

dkulp pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 7bc22f411fc82c07d33336857aa7476cc0c82c95
Author: Daniel Kulp <dk...@apache.org>
AuthorDate: Thu Apr 26 09:50:31 2018 -0400

    [CXF-7720] Bunch of issues with case senstive Set-Cookie headers
    
    (cherry picked from commit e4da23a719581d5a657b1c4e99fa41a0aca393e5)
---
 .../org/apache/cxf/transport/http/Headers.java     | 39 +++++++++++-----------
 .../org/apache/cxf/systest/jaxrs/BookStore.java    |  4 +--
 2 files changed, 22 insertions(+), 21 deletions(-)

diff --git 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/Headers.java 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/Headers.java
index 6ca427a..f2285dd 100644
--- 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/Headers.java
+++ 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/Headers.java
@@ -28,11 +28,10 @@ import java.util.Collections;
 import java.util.Date;
 import java.util.Enumeration;
 import java.util.HashMap;
-import java.util.HashSet;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
-import java.util.Set;
+import java.util.Map.Entry;
 import java.util.TimeZone;
 import java.util.TreeMap;
 import java.util.logging.Level;
@@ -74,18 +73,8 @@ public class Headers {
     private static final List<String> SENSITIVE_HEADERS = 
Arrays.asList("Authorization", "Proxy-Authorization");
     private static final List<Object> SENSITIVE_HEADER_MARKER = 
Arrays.asList((Object)"***");
     private static final String ALLOW_LOGGING_SENSITIVE_HEADERS = 
"allow.logging.sensitive.headers";
-    /**
-     * Known HTTP headers whose values have to be represented as individual 
HTTP headers
-     */
-    private static final Set<String> HTTP_HEADERS_SINGLE_VALUE_ONLY;
-    private static final String USER_AGENT;
-    static {
-        HTTP_HEADERS_SINGLE_VALUE_ONLY = new HashSet<String>();
-        HTTP_HEADERS_SINGLE_VALUE_ONLY.add(HTTP_HEADERS_SETCOOKIE);
-        HTTP_HEADERS_SINGLE_VALUE_ONLY.add(HTTP_HEADERS_LINK);
-        USER_AGENT = initUserAgent();
-    }
-    
+    private static final String USER_AGENT = initUserAgent();
+
     private final Message message;
     private final Map<String, List<String>> headers;
 
@@ -291,10 +280,18 @@ public class Headers {
     public void readFromConnection(HttpURLConnection connection) {
         Map<String, List<String>> origHeaders = connection.getHeaderFields();
         headers.clear();
-        for (String key : connection.getHeaderFields().keySet()) {
-            if (key != null) {
-                headers.put(HttpHeaderHelper.getHeaderKey(key), 
-                    origHeaders.get(key));
+        for (Entry<String, List<String>> entry : origHeaders.entrySet()) {
+            if (entry.getKey() != null) {
+                String key = HttpHeaderHelper.getHeaderKey(entry.getKey());
+                List<String> old = headers.get(key);
+                if (old != null) {
+                    List<String> nl = new ArrayList<>(old.size() + 
entry.getValue().size()); 
+                    nl.addAll(old);
+                    nl.addAll(entry.getValue());
+                    headers.put(key, nl);
+                } else {
+                    headers.put(key, entry.getValue());
+                }
             }
         }
     }
@@ -505,6 +502,10 @@ public class Headers {
         return true;
     }
 
+    private boolean isSingleHeader(String header) {
+        return HTTP_HEADERS_SETCOOKIE.equalsIgnoreCase(header) || 
HTTP_HEADERS_LINK.equalsIgnoreCase(header);
+    }
+    
     /**
      * Copy the response headers into the response.
      * 
@@ -525,7 +526,7 @@ public class Headers {
             String header = entry.getKey();
             List<?> headerList = entry.getValue();
 
-            if (addHeaders || HTTP_HEADERS_SINGLE_VALUE_ONLY.contains(header)) 
{
+            if (addHeaders || isSingleHeader(header)) {
                 for (int i = 0; i < headerList.size(); i++) {
                     Object headerObject = headerList.get(i);
                     if (headerObject != null) {
diff --git 
a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java 
b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java
index 49b173f..86d4149 100644
--- a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java
+++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java
@@ -529,8 +529,8 @@ public class BookStore {
     @Path("setmanycookies")
     public Response setTwoCookies() {
         return Response.ok().header("Set-Cookie", 
"JSESSIONID=0475F7F30A26E5B0C15D69; Path=/")
-            .header("Set-Cookie", "COOKIETWO=dummy; Expires=Sat, 20-Nov-2010 
19:11:32 GMT; Path=/")
-            .header("Set-Cookie", "COOKIETWO=dummy2; expires=Sat, 20-Nov-2010 
19:11:32 GMT; Path=/")
+            .header("Set-cookie", "COOKIETWO=dummy; Expires=Sat, 20-Nov-2010 
19:11:32 GMT; Path=/")
+            .header("set-cookie", "COOKIETWO=dummy2; expires=Sat, 20-Nov-2010 
19:11:32 GMT; Path=/")
             .build();
     }
     

-- 
To stop receiving notification emails like this one, please contact
dk...@apache.org.

Reply via email to