Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

398285 - ProxyServlet mixes cookies from different clients. 

Now ProxyServlet's HttpClient uses HttpCookieStore.Empty, so it never stores cookies.
This commit is contained in:
Simone Bordet 2013-01-16 14:34:57 +01:00
parent 8c3edce565
commit 6cbac985e5
2 changed files with 79 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
jetty-proxy/src/main/java/org/eclipse/jetty/proxy/ProxyServlet.java
View File

@ -30,7 +30,6 @@ import java.util.Locale;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.servlet.AsyncContext;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
@ -49,6 +48,7 @@ import org.eclipse.jetty.http.HttpField;
import org.eclipse.jetty.http.HttpMethod;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.util.HttpCookieStore;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
@ -247,6 +247,9 @@ public class ProxyServlet extends HttpServlet
// Redirects must be proxied as is, not followed
client.setFollowRedirects(false);
// Must not store cookies, otherwise cookies of different clients will mix
client.setCookieStore(new HttpCookieStore.Empty());
String value = config.getInitParameter("maxThreads");
if (value == null)
value = "256";

81
jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ProxyServletTest.java
View File

@ -18,30 +18,30 @@
package org.eclipse.jetty.proxy;
import static java.nio.file.StandardOpenOption.CREATE;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.net.ConnectException;
import java.net.HttpCookie;
import java.nio.ByteBuffer;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.zip.GZIPOutputStream;
import javax.servlet.AsyncContext;
import javax.servlet.AsyncEvent;
import javax.servlet.AsyncListener;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -72,6 +72,8 @@ import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import static java.nio.file.StandardOpenOption.CREATE;
@RunWith(AdvancedRunner.class)
public class ProxyServletTest
{
@ -98,9 +100,15 @@ public class ProxyServletTest
proxy.start();
client = new HttpClient();
client.setProxyConfiguration(new ProxyConfiguration("localhost", proxyConnector.getLocalPort()));
client.start();
client = prepareClient();
}
private HttpClient prepareClient() throws Exception
{
HttpClient result = new HttpClient();
result.setProxyConfiguration(new ProxyConfiguration("localhost", proxyConnector.getLocalPort()));
result.start();
return result;
}
private void prepareServer(HttpServlet servlet) throws Exception
@ -794,6 +802,67 @@ public class ProxyServletTest
Assert.fail();
}
@Test
public void testCookiesFromDifferentClientsAreNotMixed() throws Exception
{
final String name = "biscuit";
prepareProxy(new ProxyServlet());
prepareServer(new HttpServlet()
{
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
{
if (req.getHeader("Via") != null)
resp.addHeader(PROXIED_HEADER, "true");
String value = req.getHeader(name);
if (value != null)
{
Cookie cookie = new Cookie(name, value);
cookie.setMaxAge(3600);
resp.addCookie(cookie);
}
else
{
Cookie[] cookies = req.getCookies();
Assert.assertEquals(1, cookies.length);
}
}
});
String value1 = "1";
ContentResponse response1 = client.newRequest("localhost", serverConnector.getLocalPort())
.header(name, value1)
.timeout(5, TimeUnit.SECONDS)
.send();
Assert.assertEquals(200, response1.getStatus());
Assert.assertTrue(response1.getHeaders().containsKey(PROXIED_HEADER));
List<HttpCookie> cookies = client.getCookieStore().getCookies();
Assert.assertEquals(1, cookies.size());
Assert.assertEquals(name, cookies.get(0).getName());
Assert.assertEquals(value1, cookies.get(0).getValue());
HttpClient client2 = prepareClient();
String value2 = "2";
ContentResponse response2 = client2.newRequest("localhost", serverConnector.getLocalPort())
.header(name, value2)
.timeout(5, TimeUnit.SECONDS)
.send();
Assert.assertEquals(200, response2.getStatus());
Assert.assertTrue(response2.getHeaders().containsKey(PROXIED_HEADER));
cookies = client2.getCookieStore().getCookies();
Assert.assertEquals(1, cookies.size());
Assert.assertEquals(name, cookies.get(0).getName());
Assert.assertEquals(value2, cookies.get(0).getValue());
// Make a third request to be sure the proxy does not mix cookies
ContentResponse response3 = client.newRequest("localhost", serverConnector.getLocalPort())
.timeout(5, TimeUnit.SECONDS)
.send();
Assert.assertEquals(200, response3.getStatus());
Assert.assertTrue(response3.getHeaders().containsKey(PROXIED_HEADER));
}
// TODO: test proxy authentication
private static class EmptyHttpServlet extends HttpServlet