JETTY-1146 Encode jsessionid in sendRedirect

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@3267 7e9141cc-0065-0410-87d8-b60c137991c4

VERSION.txt

@@ -10,10 +10,11 @@ jetty-7.4.2-SNAPSHOT
  + 346179 o.e.j.util.ScannerTest fails on MacOS X platform
  + 346181 o.e.j.server.StressTest stalls on MacOS X platform
  + 346998 AbstractLifeCycle.isRunning() returns false if state changes from STARTING to STARTED during call
- + JETTY-1342 Recreate selector if wakeup throws JVM bug
  + 346614 HttpConnection.handle() spins in case of SSL truncation attacks
  + 346764 OrderedGroupBinding deployment binding
- + 347137 - Allow SSL renegotiations by default in HttpClient
+ + 347137 Allow SSL renegotiations by default in HttpClient
+ + JETTY-1146 Encode jsessionid in sendRedirect
+ + JETTY-1342 Recreate selector if wakeup throws JVM bug
 
 jetty-7.4.1.v20110513
  + 288563 remove unsupported and deprecated --secure option

jetty-server/src/main/java/org/eclipse/jetty/server/Response.java

@@ -427,8 +427,9 @@ public class Response implements HttpServletResponse
                 location=buf.toString();
             }
         }
+        
+        location=encodeRedirectURL(location);
         resetBuffer();
-
         setHeader(HttpHeaders.LOCATION,location);
         setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
         complete();

jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java

@@ -34,6 +34,7 @@ import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSessionContext;
 
 import org.eclipse.jetty.http.HttpHeaders;
+import org.eclipse.jetty.http.HttpURI;
 import org.eclipse.jetty.io.ByteArrayBuffer;
 import org.eclipse.jetty.io.ByteArrayEndPoint;
 import org.eclipse.jetty.server.bio.SocketConnector;
@@ -347,6 +348,37 @@ public class ResponseTest
         assertEquals("http://myhost:8888/other/info;param?query=0&more=1#target",response.encodeURL("http://myhost:8888/other/info;param?query=0&more=1#target"));
     }
 
+    @Test
+    public void testSendRedirect()
+        throws Exception
+    {
+        ByteArrayEndPoint out=new ByteArrayEndPoint(new byte[]{},4096);
+        HttpConnection connection=new HttpConnection(connector,out, connector.getServer());
+        Response response = new Response(connection);
+        Request request = connection.getRequest();
+        request.setServerName("myhost");
+        request.setServerPort(8888);
+        request.setUri(new HttpURI("/path/info;param;jsessionid=12345?query=0&more=1#target"));
+        request.setContextPath("/path");
+        request.setRequestedSessionId("12345");
+        request.setRequestedSessionIdFromCookie(false);
+        AbstractSessionManager manager=new HashSessionManager();
+        manager.setIdManager(new HashSessionIdManager());
+        request.setSessionManager(manager);
+        request.setSession(new TestSession(manager,"12345"));
+        manager.setCheckingRemoteSessionIdEncoding(false);
+
+        response.sendRedirect("/other/location");
+        
+        String location = out.getOut().toString();
+        int l=location.indexOf("Location: ");
+        int e=location.indexOf('\n',l);
+        location=location.substring(l+10,e).trim();
+        
+        assertEquals("http://myhost:8888/other/location;jsessionid=12345",location);
+        
+    }
+
     @Test
     public void testSetBufferSize () throws Exception
     {

test-jetty-webapp/src/main/java/com/acme/Dump.java

@@ -15,6 +15,7 @@ package com.acme;
 import java.io.BufferedWriter;
 import java.io.File;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.OutputStream;
 import java.io.OutputStreamWriter;
 import java.io.PrintWriter;
@@ -44,6 +45,7 @@ import org.eclipse.jetty.continuation.Continuation;
 import org.eclipse.jetty.continuation.ContinuationListener;
 import org.eclipse.jetty.continuation.ContinuationSupport;
 import org.eclipse.jetty.http.HttpHeaders;
+import org.eclipse.jetty.util.IO;
 import org.eclipse.jetty.util.StringUtil;
 import org.eclipse.jetty.util.log.Log;
 
@@ -78,6 +80,25 @@ public class Dump extends HttpServlet
         doGet(request, response);
     }
 
+    /* ------------------------------------------------------------ */
+    @Override
+    public void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
+    {
+        byte[] buffer = new byte[8192];
+        int len=request.getContentLength();
+        int c=0;
+        InputStream in=request.getInputStream();
+        while (c<len)
+        {
+            int l = in.read(buffer);
+            if (l<0)
+                break;
+            c+=l;
+        }
+        request.setAttribute("PUT",c+"bytes");
+        doGet(request, response);
+    }
+
     /* ------------------------------------------------------------ */
     @Override
     public void doGet(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException