HTTPCLIENT-1788: RFC 6265 policy must not reject cookies with paths that are no prefix of the uri path

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/branches/4.5.x@1778459 13f79535-47bb-0310-9956-ffa450edef68
2017-01-12 19:20:44 +00:00 · 2017-01-12 19:20:44 +00:00 · b88ab92f7b
parent 75f7b398ea
commit b88ab92f7b
4 changed files with 27 additions and 24 deletions
--- a/httpclient/src/main/java/org/apache/http/impl/cookie/BasicPathHandler.java
+++ b/httpclient/src/main/java/org/apache/http/impl/cookie/BasicPathHandler.java
@ -32,7 +32,6 @@ import org.apache.http.cookie.ClientCookie;
 import org.apache.http.cookie.CommonCookieAttributeHandler;
 import org.apache.http.cookie.Cookie;
 import org.apache.http.cookie.CookieOrigin;
-import org.apache.http.cookie.CookieRestrictionViolationException;
 import org.apache.http.cookie.MalformedCookieException;
 import org.apache.http.cookie.SetCookie;
 import org.apache.http.util.Args;
@ -59,11 +58,6 @@ public class BasicPathHandler implements CommonCookieAttributeHandler {
    @Override
    public void validate(final Cookie cookie, final CookieOrigin origin)
            throws MalformedCookieException {
-        if (!match(cookie, origin)) {
-            throw new CookieRestrictionViolationException(
-                "Illegal 'path' attribute \"" + cookie.getPath()
-                + "\". Path of origin: \"" + origin.getPath() + "\"");
-        }
    }

    static boolean pathMatch(final String uriPath, final String cookiePath) {
--- a/httpclient/src/main/java/org/apache/http/impl/cookie/RFC2109Spec.java
+++ b/httpclient/src/main/java/org/apache/http/impl/cookie/RFC2109Spec.java
@ -72,7 +72,19 @@ public class RFC2109Spec extends CookieSpecBase {
    /** Default constructor */
    public RFC2109Spec(final String[] datepatterns, final boolean oneHeader) {
        super(new RFC2109VersionHandler(),
-                new BasicPathHandler(),
+                new BasicPathHandler() {
+
+                    @Override
+                    public void validate(
+                            final Cookie cookie, final CookieOrigin origin) throws MalformedCookieException {
+                        if (!match(cookie, origin)) {
+                            throw new CookieRestrictionViolationException(
+                                    "Illegal 'path' attribute \"" + cookie.getPath()
+                                            + "\". Path of origin: \"" + origin.getPath() + "\"");
+                        }
+                    }
+
+                },
                new RFC2109DomainHandler(),
                new BasicMaxAgeHandler(),
                new BasicSecureHandler(),
--- a/httpclient/src/main/java/org/apache/http/impl/cookie/RFC2965Spec.java
+++ b/httpclient/src/main/java/org/apache/http/impl/cookie/RFC2965Spec.java
@ -43,6 +43,7 @@ import org.apache.http.cookie.CommonCookieAttributeHandler;
 import org.apache.http.cookie.Cookie;
 import org.apache.http.cookie.CookieAttributeHandler;
 import org.apache.http.cookie.CookieOrigin;
+import org.apache.http.cookie.CookieRestrictionViolationException;
 import org.apache.http.cookie.MalformedCookieException;
 import org.apache.http.cookie.SM;
 import org.apache.http.message.BufferedHeader;
@ -72,7 +73,19 @@ public class RFC2965Spec extends RFC2109Spec {
    public RFC2965Spec(final String[] datepatterns, final boolean oneHeader) {
        super(oneHeader,
                new RFC2965VersionAttributeHandler(),
-                new BasicPathHandler(),
+                new BasicPathHandler() {
+
+                    @Override
+                    public void validate(
+                            final Cookie cookie, final CookieOrigin origin) throws MalformedCookieException {
+                        if (!match(cookie, origin)) {
+                            throw new CookieRestrictionViolationException(
+                                    "Illegal 'path' attribute \"" + cookie.getPath()
+                                            + "\". Path of origin: \"" + origin.getPath() + "\"");
+                        }
+                    }
+
+                },
                new RFC2965DomainAttributeHandler(),
                new RFC2965PortAttributeHandler(),
                new BasicMaxAgeHandler(),
--- a/httpclient/src/test/java/org/apache/http/impl/cookie/TestBasicCookieAttribHandlers.java
+++ b/httpclient/src/test/java/org/apache/http/impl/cookie/TestBasicCookieAttribHandlers.java
@ -297,22 +297,6 @@ public class TestBasicCookieAttribHandlers {
        Assert.assertTrue(h.match(cookie, origin));
    }

-    @Test
-    public void testBasicPathValidate() throws Exception {
-        final BasicClientCookie cookie = new BasicClientCookie("name", "value");
-        final CookieOrigin origin = new CookieOrigin("somehost", 80, "/stuff", false);
-        final CookieAttributeHandler h = new BasicPathHandler();
-        cookie.setPath("/stuff");
-        h.validate(cookie, origin);
-        cookie.setPath("/stuffed");
-        try {
-            h.validate(cookie, origin);
-            Assert.fail("MalformedCookieException must have been thrown");
-        } catch (final MalformedCookieException ex) {
-            // expected
-        }
-    }
-
    @Test
    public void testBasicPathInvalidInput() throws Exception {
        final CookieAttributeHandler h = new BasicPathHandler();