Author: markt
Date: Mon Sep 29 21:45:10 2014
New Revision: 1628324
URL: http://svn.apache.org/r1628324
Log:
Move cookie header preservation to an option on the legacy cookie processor
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java
tomcat/trunk/webapps/docs/config/cookie-processor.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java?rev=1628324&r1=1628323&r2=1628324&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java Mon Sep 29
21:45:10 2014
@@ -67,7 +67,10 @@ public final class CookieSupport {
/**
* If set to true, the cookie header will be preserved. In most cases
* except debugging, this is not useful.
+ *
+ * @deprecated Will be removed in Tomcat 9.
*/
+ @Deprecated
public static final boolean PRESERVE_COOKIE_HEADER;
/**
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java?rev=1628324&r1=1628323&r2=1628324&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
Mon Sep 29 21:45:10 2014
@@ -54,6 +54,10 @@ public final class LegacyCookieProcessor
@SuppressWarnings("deprecation") // Default to false when deprecated code
is removed
private boolean allowHttpSepsInV0 =
CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0;
+ @SuppressWarnings("deprecation") // Default to STRICT_SERVLET_COMPLIANCE
+ // when deprecated code is removed
+ private boolean presserveCookieHeader =
CookieSupport.PRESERVE_COOKIE_HEADER;
+
public boolean getAllowEqualsInValue() {
return allowEqualsInValue;
@@ -85,6 +89,16 @@ public final class LegacyCookieProcessor
}
+ public boolean getPreserveCookieHeader() {
+ return presserveCookieHeader;
+ }
+
+
+ public void setPreserveCookieHeader(boolean presserveCookieHeader) {
+ this.presserveCookieHeader = presserveCookieHeader;
+ }
+
+
@Override
public Charset getCharset() {
return StandardCharsets.ISO_8859_1;
@@ -113,7 +127,7 @@ public final class LegacyCookieProcessor
log.debug("Cookies: Parsing b[]: " +
cookieValue.toString());
}
ByteChunk bc = cookieValue.getByteChunk();
- if (CookieSupport.PRESERVE_COOKIE_HEADER) {
+ if (getPreserveCookieHeader()) {
int len = bc.getLength();
if (len > 0) {
byte[] buf = new byte[len];
Modified: tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java?rev=1628324&r1=1628323&r2=1628324&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java
(original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java Mon
Sep 29 21:45:10 2014
@@ -44,9 +44,12 @@ public class TestCookieParsing extends T
private static final String COOKIES_WITH_NAME_ONLY_CONCAT = "bob=bob=";
private static final String[] COOKIES_WITH_SEPS = new String[] {
- "name=val(ue" };
+ "name=val(ue" };
private static final String COOKIES_WITH_SEPS_TRUNC = "name=val";
+ private static final String[] COOKIES_WITH_QUOTES = new String[] {
+ "name=\"val\\\"ue\"" };
+ private static final String COOKIES_WITH_QUOTES_TRUNC =
"name=\"val\"uee\"";
@Test
public void testLegacyWithEquals() throws Exception {
@@ -163,6 +166,43 @@ public class TestCookieParsing extends T
}
+ @Test
+ public void testLegacyPreserveHeader() throws Exception {
+ doTestLegacyPreserveHeader(true);
+ }
+
+
+ @Test
+ public void testLegacyNoPreserveHeader() throws Exception {
+ doTestLegacyPreserveHeader(false);
+ }
+
+
+ private void doTestLegacyPreserveHeader(boolean preserveHeader) throws
Exception {
+ LegacyCookieProcessor legacyCookieProcessor = new
LegacyCookieProcessor();
+ legacyCookieProcessor.setPreserveCookieHeader(preserveHeader);
+
+ String expected;
+ if (preserveHeader) {
+ expected = concat(COOKIES_WITH_QUOTES);
+ } else {
+ expected = COOKIES_WITH_QUOTES_TRUNC;
+ }
+ TestCookieParsingClient client = new TestCookieParsingClient(
+ legacyCookieProcessor, true, COOKIES_WITH_QUOTES, expected);
+ client.doRequest();
+ }
+
+
+ @Test
+ public void testRfc6265PreserveHeader() throws Exception {
+ // Always allows equals
+ TestCookieParsingClient client = new TestCookieParsingClient(new
Rfc6265CookieProcessor(),
+ true, COOKIES_WITH_QUOTES, concat(COOKIES_WITH_QUOTES));
+ client.doRequest();
+ }
+
+
private static String concat(String[] input) {
StringBuilder result = new StringBuilder();
for (String s : input) {
@@ -177,11 +217,18 @@ public class TestCookieParsing extends T
private final CookieProcessor cookieProcessor;
private final String[] cookies;
private final String expected;
+ private final boolean echoHeader;
public TestCookieParsingClient(CookieProcessor cookieProcessor,
String[] cookies, String expected) {
+ this(cookieProcessor, false, cookies, expected);
+ }
+
+ public TestCookieParsingClient(CookieProcessor cookieProcessor,
+ boolean echoHeader, String[] cookies, String expected) {
this.cookieProcessor = cookieProcessor;
+ this.echoHeader = echoHeader;
this.cookies = cookies;
this.expected = expected;
}
@@ -192,8 +239,12 @@ public class TestCookieParsing extends T
Context root = tomcat.addContext("", TEMP_DIR);
root.setCookieProcessor(cookieProcessor);
- Tomcat.addServlet(root, "Simple", new SimpleServlet());
- root.addServletMapping("/test", "Simple");
+ if (echoHeader) {
+ Tomcat.addServlet(root, "Cookies", new EchoCookieHeader());
+ } else {
+ Tomcat.addServlet(root, "Cookies", new EchoCookies());
+ }
+ root.addServletMapping("/test", "Cookies");
tomcat.start();
// Open connection
@@ -229,7 +280,7 @@ public class TestCookieParsing extends T
}
- private static class SimpleServlet extends HttpServlet {
+ private static class EchoCookies extends HttpServlet {
private static final long serialVersionUID = 1L;
@@ -246,4 +297,21 @@ public class TestCookieParsing extends T
resp.flushBuffer();
}
}
+
+
+
+
+ private static class EchoCookieHeader extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ protected void service(HttpServletRequest req, HttpServletResponse
resp)
+ throws ServletException, IOException {
+ req.getCookies();
+ resp.getWriter().write(req.getHeader("Cookie"));
+ resp.flushBuffer();
+ }
+ }
+
}
Modified: tomcat/trunk/webapps/docs/config/cookie-processor.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/cookie-processor.xml?rev=1628324&r1=1628323&r2=1628324&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/cookie-processor.xml (original)
+++ tomcat/trunk/webapps/docs/config/cookie-processor.xml Mon Sep 29 21:45:10
2014
@@ -147,6 +147,18 @@
<a href="systemprops.html">system property</a>.</p>
</attribute>
+ <attribute name="preserveCookieHeader" required="false">
+ <p>If this is <code>true</code> Tomcat will ensure that cookie
+ processing does not modify cookie header returned by
+ <code>HttpServletRequest.getHeader()</code>. If
+ <code>org.apache.catalina.STRICT_SERVLET_COMPLIANCE</code> is set to
+ <code>true</code>, the default of this setting will be
+ <code>true</code>, else the default value will be <code>false</code>.
+ This default may be overridden by setting the
+
<code>org.apache.tomcat.util.http.ServerCookie.PRESERVE_COOKIE_HEADER</code>
+ system property.</p>
+ </attribute>
+
</attributes>
</subsection>
@@ -169,6 +181,7 @@
<ul>
<li>The '<code>=</code>' is always permitted in a cookie value.</li>
<li>Name only cookies are always permitted.</li>
+ <li>The cookie header is always preserved.</li>
</ul>
<p>No additional attributes are supported by the <strong>RFC 6265 Cookie
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
