Author: markt Date: Mon Sep 29 21:45:10 2014 New Revision: 1628324 URL: http://svn.apache.org/r1628324 Log: Move cookie header preservation to an option on the legacy cookie processor
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java tomcat/trunk/webapps/docs/config/cookie-processor.xml Modified: tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java?rev=1628324&r1=1628323&r2=1628324&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java Mon Sep 29 21:45:10 2014 @@ -67,7 +67,10 @@ public final class CookieSupport { /** * If set to true, the cookie header will be preserved. In most cases * except debugging, this is not useful. + * + * @deprecated Will be removed in Tomcat 9. */ + @Deprecated public static final boolean PRESERVE_COOKIE_HEADER; /** Modified: tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java?rev=1628324&r1=1628323&r2=1628324&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java Mon Sep 29 21:45:10 2014 @@ -54,6 +54,10 @@ public final class LegacyCookieProcessor @SuppressWarnings("deprecation") // Default to false when deprecated code is removed private boolean allowHttpSepsInV0 = CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0; + @SuppressWarnings("deprecation") // Default to STRICT_SERVLET_COMPLIANCE + // when deprecated code is removed + private boolean presserveCookieHeader = CookieSupport.PRESERVE_COOKIE_HEADER; + public boolean getAllowEqualsInValue() { return allowEqualsInValue; @@ -85,6 +89,16 @@ public final class LegacyCookieProcessor } + public boolean getPreserveCookieHeader() { + return presserveCookieHeader; + } + + + public void setPreserveCookieHeader(boolean presserveCookieHeader) { + this.presserveCookieHeader = presserveCookieHeader; + } + + @Override public Charset getCharset() { return StandardCharsets.ISO_8859_1; @@ -113,7 +127,7 @@ public final class LegacyCookieProcessor log.debug("Cookies: Parsing b[]: " + cookieValue.toString()); } ByteChunk bc = cookieValue.getByteChunk(); - if (CookieSupport.PRESERVE_COOKIE_HEADER) { + if (getPreserveCookieHeader()) { int len = bc.getLength(); if (len > 0) { byte[] buf = new byte[len]; Modified: tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java?rev=1628324&r1=1628323&r2=1628324&view=diff ============================================================================== --- tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java (original) +++ tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java Mon Sep 29 21:45:10 2014 @@ -44,9 +44,12 @@ public class TestCookieParsing extends T private static final String COOKIES_WITH_NAME_ONLY_CONCAT = "bob=bob="; private static final String[] COOKIES_WITH_SEPS = new String[] { - "name=val(ue" }; + "name=val(ue" }; private static final String COOKIES_WITH_SEPS_TRUNC = "name=val"; + private static final String[] COOKIES_WITH_QUOTES = new String[] { + "name=\"val\\\"ue\"" }; + private static final String COOKIES_WITH_QUOTES_TRUNC = "name=\"val\"uee\""; @Test public void testLegacyWithEquals() throws Exception { @@ -163,6 +166,43 @@ public class TestCookieParsing extends T } + @Test + public void testLegacyPreserveHeader() throws Exception { + doTestLegacyPreserveHeader(true); + } + + + @Test + public void testLegacyNoPreserveHeader() throws Exception { + doTestLegacyPreserveHeader(false); + } + + + private void doTestLegacyPreserveHeader(boolean preserveHeader) throws Exception { + LegacyCookieProcessor legacyCookieProcessor = new LegacyCookieProcessor(); + legacyCookieProcessor.setPreserveCookieHeader(preserveHeader); + + String expected; + if (preserveHeader) { + expected = concat(COOKIES_WITH_QUOTES); + } else { + expected = COOKIES_WITH_QUOTES_TRUNC; + } + TestCookieParsingClient client = new TestCookieParsingClient( + legacyCookieProcessor, true, COOKIES_WITH_QUOTES, expected); + client.doRequest(); + } + + + @Test + public void testRfc6265PreserveHeader() throws Exception { + // Always allows equals + TestCookieParsingClient client = new TestCookieParsingClient(new Rfc6265CookieProcessor(), + true, COOKIES_WITH_QUOTES, concat(COOKIES_WITH_QUOTES)); + client.doRequest(); + } + + private static String concat(String[] input) { StringBuilder result = new StringBuilder(); for (String s : input) { @@ -177,11 +217,18 @@ public class TestCookieParsing extends T private final CookieProcessor cookieProcessor; private final String[] cookies; private final String expected; + private final boolean echoHeader; public TestCookieParsingClient(CookieProcessor cookieProcessor, String[] cookies, String expected) { + this(cookieProcessor, false, cookies, expected); + } + + public TestCookieParsingClient(CookieProcessor cookieProcessor, + boolean echoHeader, String[] cookies, String expected) { this.cookieProcessor = cookieProcessor; + this.echoHeader = echoHeader; this.cookies = cookies; this.expected = expected; } @@ -192,8 +239,12 @@ public class TestCookieParsing extends T Context root = tomcat.addContext("", TEMP_DIR); root.setCookieProcessor(cookieProcessor); - Tomcat.addServlet(root, "Simple", new SimpleServlet()); - root.addServletMapping("/test", "Simple"); + if (echoHeader) { + Tomcat.addServlet(root, "Cookies", new EchoCookieHeader()); + } else { + Tomcat.addServlet(root, "Cookies", new EchoCookies()); + } + root.addServletMapping("/test", "Cookies"); tomcat.start(); // Open connection @@ -229,7 +280,7 @@ public class TestCookieParsing extends T } - private static class SimpleServlet extends HttpServlet { + private static class EchoCookies extends HttpServlet { private static final long serialVersionUID = 1L; @@ -246,4 +297,21 @@ public class TestCookieParsing extends T resp.flushBuffer(); } } + + + + + private static class EchoCookieHeader extends HttpServlet { + + private static final long serialVersionUID = 1L; + + @Override + protected void service(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + req.getCookies(); + resp.getWriter().write(req.getHeader("Cookie")); + resp.flushBuffer(); + } + } + } Modified: tomcat/trunk/webapps/docs/config/cookie-processor.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/cookie-processor.xml?rev=1628324&r1=1628323&r2=1628324&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/config/cookie-processor.xml (original) +++ tomcat/trunk/webapps/docs/config/cookie-processor.xml Mon Sep 29 21:45:10 2014 @@ -147,6 +147,18 @@ <a href="systemprops.html">system property</a>.</p> </attribute> + <attribute name="preserveCookieHeader" required="false"> + <p>If this is <code>true</code> Tomcat will ensure that cookie + processing does not modify cookie header returned by + <code>HttpServletRequest.getHeader()</code>. If + <code>org.apache.catalina.STRICT_SERVLET_COMPLIANCE</code> is set to + <code>true</code>, the default of this setting will be + <code>true</code>, else the default value will be <code>false</code>. + This default may be overridden by setting the + <code>org.apache.tomcat.util.http.ServerCookie.PRESERVE_COOKIE_HEADER</code> + system property.</p> + </attribute> + </attributes> </subsection> @@ -169,6 +181,7 @@ <ul> <li>The '<code>=</code>' is always permitted in a cookie value.</li> <li>Name only cookies are always permitted.</li> + <li>The cookie header is always preserved.</li> </ul> <p>No additional attributes are supported by the <strong>RFC 6265 Cookie --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org