364657 Support HTTP only cookies from standard API

This commit is contained in:
Greg Wilkins 2011-11-24 09:11:52 +11:00
parent eaa83f29d1
commit 1907944aef
2 changed files with 42 additions and 2 deletions

View File

@ -53,6 +53,7 @@ public class Response implements HttpServletResponse
{
private static final Logger LOG = Log.getLogger(Response.class);
public static final int
NONE=0,
STREAM=1,
@ -65,6 +66,12 @@ public class Response implements HttpServletResponse
*/
public final static String SET_INCLUDE_HEADER_PREFIX = "org.eclipse.jetty.server.include.";
/**
* If this string is found within the comment of a cookie added with {@link #addCookie(Cookie)}, then the cookie
* will be set as HTTP ONLY.
*/
public final static String HTTP_ONLY_COMMENT="__HTTP_ONLY__";
private final AbstractHttpConnection _connection;
private int _status=SC_OK;
private String _reason;
@ -120,14 +127,28 @@ public class Response implements HttpServletResponse
*/
public void addCookie(Cookie cookie)
{
String comment=cookie.getComment();
boolean http_only=false;
if (comment!=null)
{
int i=comment.indexOf(HTTP_ONLY_COMMENT);
if (i>=0)
{
http_only=true;
comment=comment.substring(i,i+HTTP_ONLY_COMMENT.length()).trim();
if (comment.length()==0)
comment=null;
}
}
_connection.getResponseFields().addSetCookie(cookie.getName(),
cookie.getValue(),
cookie.getDomain(),
cookie.getPath(),
cookie.getMaxAge(),
cookie.getComment(),
comment,
cookie.getSecure(),
false,//cookie.isHttpOnly(),
http_only,// || cookie.isHttpOnly(),
cookie.getVersion());
}

View File

@ -29,6 +29,7 @@ import java.util.Map;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSessionContext;
@ -485,6 +486,24 @@ public class ResponseTest
}
}
@Test
public void testAddCookie() throws Exception
{
Response response = new Response(new TestHttpConnection(connector,new ByteArrayEndPoint(), connector.getServer()));
Cookie cookie=new Cookie("name","value");
cookie.setDomain("domain");
cookie.setPath("/path");
cookie.setSecure(true);
cookie.setComment("comment__HTTP_ONLY__");
response.addCookie(cookie);
String set = response.getHttpFields().getStringField("Set-Cookie");
assertEquals("name=value;Path=/path;Domain=domain;Secure;HttpOnly",set);
}
private Response newResponse()
{
ByteArrayEndPoint endPoint = new ByteArrayEndPoint();