291448 SessionManager has isCheckingRemoteSessionIdEncoding
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@1649 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
parent
820855b3b5
commit
ab71e91877
|
@ -1,6 +1,6 @@
|
|||
|
||||
jetty-7.1.0.RC1-SNAPSHOT
|
||||
+ 291448 encodeRedirectURL only encodes absolute URLs to same host/port/context
|
||||
+ 291448 SessionManager has isCheckingRemoteSessionIdEncoding
|
||||
+ 297104 HTTP CONNECT does not work correct with SSL destinations
|
||||
+ 308848 Update test suite to JUnit4 - Module jetty-ajp
|
||||
+ 308861 Update test suite to JUnit4 - Module jetty-security
|
||||
|
|
|
@ -154,16 +154,30 @@ public class Response implements HttpServletResponse
|
|||
*/
|
||||
public String encodeURL(String url)
|
||||
{
|
||||
Request request=_connection.getRequest();
|
||||
final Request request=_connection.getRequest();
|
||||
SessionManager sessionManager = request.getSessionManager();
|
||||
if (sessionManager==null)
|
||||
return url;
|
||||
|
||||
if (sessionManager.isCheckingRemoteSessionIdEncoding() && URIUtil.hasScheme(url))
|
||||
{
|
||||
HttpURI uri = new HttpURI(url);
|
||||
int port=uri.getPort();
|
||||
if (port<0)
|
||||
port = HttpSchemes.HTTPS.equalsIgnoreCase(uri.getScheme())?443:80;
|
||||
if (!request.getServerName().equalsIgnoreCase(uri.getHost()) ||
|
||||
request.getServerPort()!=port ||
|
||||
!uri.getPath().startsWith(request.getContextPath()))
|
||||
return url;
|
||||
}
|
||||
|
||||
String sessionURLPrefix = sessionManager.getSessionIdPathParameterNamePrefix();
|
||||
if (sessionURLPrefix==null)
|
||||
return url;
|
||||
|
||||
if (url==null)
|
||||
return null;
|
||||
|
||||
// should not encode if cookies in evidence
|
||||
if (request.isRequestedSessionIdFromCookie())
|
||||
{
|
||||
|
@ -188,15 +202,12 @@ public class Response implements HttpServletResponse
|
|||
if (session == null)
|
||||
return url;
|
||||
|
||||
|
||||
// invalid session
|
||||
if (!sessionManager.isValid(session))
|
||||
return url;
|
||||
|
||||
String id=sessionManager.getNodeId(session);
|
||||
|
||||
|
||||
// TODO Check host and port are for this server
|
||||
// Already encoded
|
||||
int prefix=url.indexOf(sessionURLPrefix);
|
||||
if (prefix!=-1)
|
||||
|
@ -223,28 +234,10 @@ public class Response implements HttpServletResponse
|
|||
|
||||
/* ------------------------------------------------------------ */
|
||||
/**
|
||||
* Encode Redirect URL.
|
||||
* <p>This method differs from {@link #encodeURL(String)}, in that it only encodes
|
||||
* relative URLs or absolute URLs to the same host/port/contextPath as the request.
|
||||
* @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(java.lang.String)
|
||||
*/
|
||||
public String encodeRedirectURL(String url)
|
||||
{
|
||||
if (URIUtil.hasScheme(url))
|
||||
{
|
||||
HttpURI uri = new HttpURI(url);
|
||||
Request request=_connection.getRequest();
|
||||
int port=uri.getPort();
|
||||
if (port<0)
|
||||
port = HttpSchemes.HTTPS.equalsIgnoreCase(uri.getScheme())?443:80;
|
||||
if (request.getServerName().equalsIgnoreCase(uri.getHost()) &&
|
||||
request.getServerPort()==port &&
|
||||
uri.getPath().startsWith(request.getContextPath()))
|
||||
|
||||
return encodeURL(url);
|
||||
return url;
|
||||
}
|
||||
|
||||
|
||||
return encodeURL(url);
|
||||
}
|
||||
|
||||
|
|
|
@ -28,7 +28,6 @@ import org.eclipse.jetty.util.component.LifeCycle;
|
|||
* Session Manager.
|
||||
* The API required to manage sessions for a servlet context.
|
||||
*
|
||||
*
|
||||
*/
|
||||
public interface SessionManager extends LifeCycle
|
||||
{
|
||||
|
@ -51,6 +50,7 @@ public interface SessionManager extends LifeCycle
|
|||
*/
|
||||
public final static String __SessionIdPathParameterNameProperty = "org.eclipse.jetty.servlet.SessionIdPathParameterName";
|
||||
public final static String __DefaultSessionIdPathParameterName = "jsessionid";
|
||||
public final static String __CheckRemoteSessionEncoding = "org.eclipse.jetty.servlet.CheckingRemoteSessionIdEncoding";
|
||||
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
|
@ -326,4 +326,14 @@ public interface SessionManager extends LifeCycle
|
|||
* @return whether the session management is handled via cookies.
|
||||
*/
|
||||
public boolean isUsingCookies();
|
||||
|
||||
/**
|
||||
* @return True if absolute URLs are check for remoteness before being session encoded.
|
||||
*/
|
||||
public boolean isCheckingRemoteSessionIdEncoding();
|
||||
|
||||
/**
|
||||
* @param remote True if absolute URLs are check for remoteness before being session encoded.
|
||||
*/
|
||||
public void setCheckingRemoteSessionIdEncoding(boolean remote);
|
||||
}
|
||||
|
|
|
@ -51,7 +51,7 @@ import org.eclipse.jetty.util.statistic.SampleStatistic;
|
|||
* SessionManager interface provides the majority of the handling required to
|
||||
* implement a SessionManager. Concrete implementations of SessionManager based
|
||||
* on AbstractSessionManager need only implement the newSession method to return
|
||||
* a specialized version of the Session inner class that provides an attribute
|
||||
* a specialised version of the Session inner class that provides an attribute
|
||||
* Map.
|
||||
* <p>
|
||||
*
|
||||
|
@ -87,6 +87,7 @@ public abstract class AbstractSessionManager extends AbstractLifeCycle implement
|
|||
protected int _maxCookieAge=-1;
|
||||
protected int _refreshCookieAge;
|
||||
protected boolean _nodeIdInSessionId;
|
||||
protected boolean _checkingRemoteSessionIdEncoding;
|
||||
|
||||
protected final CounterStatistic _sessionsStats = new CounterStatistic();
|
||||
protected final SampleStatistic _sessionTimeStats = new SampleStatistic();
|
||||
|
@ -192,6 +193,10 @@ public abstract class AbstractSessionManager extends AbstractLifeCycle implement
|
|||
// set up the sessionPath if it isn't already
|
||||
if (_sessionPath==null)
|
||||
_sessionPath=_context.getInitParameter(SessionManager.__SessionPathProperty);
|
||||
|
||||
tmp=_context.getInitParameter(SessionManager.__CheckRemoteSessionEncoding);
|
||||
if (tmp!=null)
|
||||
_checkingRemoteSessionIdEncoding=Boolean.parseBoolean(tmp);
|
||||
}
|
||||
|
||||
super.doStart();
|
||||
|
@ -741,6 +746,24 @@ public abstract class AbstractSessionManager extends AbstractLifeCycle implement
|
|||
return _sessionTimeStats.getStdDev();
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
/**
|
||||
* @see org.eclipse.jetty.server.SessionManager#isCheckingRemoteSessionIdEncoding()
|
||||
*/
|
||||
public boolean isCheckingRemoteSessionIdEncoding()
|
||||
{
|
||||
return _checkingRemoteSessionIdEncoding;
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
/**
|
||||
* @see org.eclipse.jetty.server.SessionManager#setCheckingRemoteSessionIdEncoding(boolean)
|
||||
*/
|
||||
public void setCheckingRemoteSessionIdEncoding(boolean remote)
|
||||
{
|
||||
_checkingRemoteSessionIdEncoding=remote;
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
/**
|
||||
* Null returning implementation of HttpSessionContext
|
||||
|
|
|
@ -338,19 +338,18 @@ public class ResponseTest extends TestCase
|
|||
request.setSessionManager(manager);
|
||||
request.setSession(new TestSession(manager,"12345"));
|
||||
|
||||
manager.setCheckingRemoteSessionIdEncoding(false);
|
||||
|
||||
assertEquals("http://myhost:8888/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost:8888/path/info;param?query=0&more=1#target"));
|
||||
|
||||
assertEquals("http://other:8888/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://other:8888/path/info;param?query=0&more=1#target"));
|
||||
assertEquals("http://other:8888/path/info;param?query=0&more=1#target",response.encodeRedirectURL("http://other:8888/path/info;param?query=0&more=1#target"));
|
||||
|
||||
assertEquals("http://myhost/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost/path/info;param?query=0&more=1#target"));
|
||||
assertEquals("http://myhost/path/info;param?query=0&more=1#target",response.encodeRedirectURL("http://myhost/path/info;param?query=0&more=1#target"));
|
||||
|
||||
assertEquals("http://myhost:8888/other/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost:8888/other/info;param?query=0&more=1#target"));
|
||||
assertEquals("http://myhost:8888/other/info;param?query=0&more=1#target",response.encodeRedirectURL("http://myhost:8888/other/info;param?query=0&more=1#target"));
|
||||
|
||||
|
||||
|
||||
manager.setCheckingRemoteSessionIdEncoding(true);
|
||||
assertEquals("http://myhost:8888/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost:8888/path/info;param?query=0&more=1#target"));
|
||||
assertEquals("http://other:8888/path/info;param?query=0&more=1#target",response.encodeURL("http://other:8888/path/info;param?query=0&more=1#target"));
|
||||
assertEquals("http://myhost/path/info;param?query=0&more=1#target",response.encodeURL("http://myhost/path/info;param?query=0&more=1#target"));
|
||||
assertEquals("http://myhost:8888/other/info;param?query=0&more=1#target",response.encodeURL("http://myhost:8888/other/info;param?query=0&more=1#target"));
|
||||
}
|
||||
|
||||
public void testSetBufferSize ()
|
||||
|
|
|
@ -574,6 +574,17 @@ public class SessionHandlerTest extends TestCase
|
|||
{
|
||||
}
|
||||
|
||||
boolean _checkRemote=false;
|
||||
public boolean isCheckingRemoteSessionIdEncoding()
|
||||
{
|
||||
return _checkRemote;
|
||||
}
|
||||
|
||||
public void setCheckingRemoteSessionIdEncoding(boolean remote)
|
||||
{
|
||||
_checkRemote=remote;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue