ServletContext#setSessionTrackingModes must throw IAE if SSL and another mode (#3976)

* according to Javadoc and failing tck tests
ServletContext#setSessionTrackingModes
IllegalArgumentException - if sessionTrackingModes specifies a combination of SessionTrackingMode.SSL with a session tracking mode other than SessionTrackingMode.SSL

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* test adding only SSL

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* fixes from Jan review

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>

* fix package order

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
This commit is contained in:
Olivier Lamy 2019-08-19 12:54:05 +10:00 committed by GitHub
parent 7c0266af4c
commit 95f7fddc59
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 47 additions and 0 deletions

View File

@ -1019,6 +1019,12 @@ public class SessionHandler extends ScopedHandler
public void setSessionTrackingModes(Set<SessionTrackingMode> sessionTrackingModes) public void setSessionTrackingModes(Set<SessionTrackingMode> sessionTrackingModes)
{ {
if (sessionTrackingModes != null &&
sessionTrackingModes.size() > 1 &&
sessionTrackingModes.contains(SessionTrackingMode.SSL))
{
throw new IllegalArgumentException ("sessionTrackingModes specifies a combination of SessionTrackingMode.SSL with a session tracking mode other than SessionTrackingMode.SSL");
}
_sessionTrackingModes = new HashSet<>(sessionTrackingModes); _sessionTrackingModes = new HashSet<>(sessionTrackingModes);
_usingCookies = _sessionTrackingModes.contains(SessionTrackingMode.COOKIE); _usingCookies = _sessionTrackingModes.contains(SessionTrackingMode.COOKIE);
_usingURLs = _sessionTrackingModes.contains(SessionTrackingMode.URL); _usingURLs = _sessionTrackingModes.contains(SessionTrackingMode.URL);

View File

@ -0,0 +1,41 @@
//
// ========================================================================
// Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.server.session;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import javax.servlet.SessionTrackingMode;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
public class SessionHandlerTest
{
@Test
public void testSessionTrackingMode()
{
SessionHandler sessionHandler = new SessionHandler();
sessionHandler.setSessionTrackingModes(new HashSet<>(Arrays.asList(SessionTrackingMode.COOKIE, SessionTrackingMode.URL)));
sessionHandler.setSessionTrackingModes(Collections.singleton(SessionTrackingMode.SSL));
Assertions.assertThrows(IllegalArgumentException.class,() ->
sessionHandler.setSessionTrackingModes(new HashSet<>(Arrays.asList(SessionTrackingMode.SSL, SessionTrackingMode.URL))));
}
}