291448 SessionManager has isCheckingRemoteSessionIdEncoding

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@1649 7e9141cc-0065-0410-87d8-b60c137991c4

VERSION.txt

@@ -1,6 +1,6 @@
 
 jetty-7.1.0.RC1-SNAPSHOT
- + 291448 encodeRedirectURL only encodes absolute URLs to same host/port/context
+ + 291448 SessionManager has isCheckingRemoteSessionIdEncoding
  + 297104 HTTP CONNECT does not work correct with SSL destinations
  + 308848 Update test suite to JUnit4 - Module jetty-ajp
  + 308861 Update test suite to JUnit4 - Module jetty-security

jetty-server/src/main/java/org/eclipse/jetty/server/Response.java

@@ -154,16 +154,30 @@ public class Response implements HttpServletResponse
      */
     public String encodeURL(String url)
     {
-        Request request=_connection.getRequest();
+        final Request request=_connection.getRequest();
         SessionManager sessionManager = request.getSessionManager();
         if (sessionManager==null)
             return url;
+        
+        if (sessionManager.isCheckingRemoteSessionIdEncoding() && URIUtil.hasScheme(url))
+        {
+            HttpURI uri = new HttpURI(url);
+            int port=uri.getPort();
+            if (port<0) 
+                port = HttpSchemes.HTTPS.equalsIgnoreCase(uri.getScheme())?443:80;
+            if (!request.getServerName().equalsIgnoreCase(uri.getHost()) ||
+                request.getServerPort()!=port ||
+                !uri.getPath().startsWith(request.getContextPath()))
+                return url;
+        }
+        
         String sessionURLPrefix = sessionManager.getSessionIdPathParameterNamePrefix();
         if (sessionURLPrefix==null)
             return url;
 
         if (url==null)
             return null;
+        
         // should not encode if cookies in evidence
         if (request.isRequestedSessionIdFromCookie())
         {
@@ -188,15 +202,12 @@ public class Response implements HttpServletResponse
         if (session == null)
             return url;
 
-
         // invalid session
         if (!sessionManager.isValid(session))
             return url;
 
         String id=sessionManager.getNodeId(session);
 
-
-        // TODO Check host and port are for this server
         // Already encoded
         int prefix=url.indexOf(sessionURLPrefix);
         if (prefix!=-1)
@@ -223,28 +234,10 @@ public class Response implements HttpServletResponse
 
     /* ------------------------------------------------------------ */
     /**
-     * Encode Redirect URL.
-     * <p>This method differs from {@link #encodeURL(String)}, in that it only encodes 
-     * relative URLs or absolute URLs to the same host/port/contextPath as the request.
+     * @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(java.lang.String)
      */
     public String encodeRedirectURL(String url)
     {
-        if (URIUtil.hasScheme(url))
-        {
-            HttpURI uri = new HttpURI(url);
-            Request request=_connection.getRequest();
-            int port=uri.getPort();
-            if (port<0) 
-                port = HttpSchemes.HTTPS.equalsIgnoreCase(uri.getScheme())?443:80;
-            if (request.getServerName().equalsIgnoreCase(uri.getHost()) &&
-                request.getServerPort()==port && 
-                uri.getPath().startsWith(request.getContextPath()))
-
-                return encodeURL(url);
-            return url;
-        }
-
-        
         return encodeURL(url);
     }
 

jetty-server/src/main/java/org/eclipse/jetty/server/SessionManager.java

@@ -28,7 +28,6 @@ import org.eclipse.jetty.util.component.LifeCycle;
  * Session Manager.
  * The API required to manage sessions for a servlet context.
  *
- * 
  */
 public interface SessionManager extends LifeCycle
 {
@@ -51,6 +50,7 @@ public interface SessionManager extends LifeCycle
      */
     public final static String __SessionIdPathParameterNameProperty = "org.eclipse.jetty.servlet.SessionIdPathParameterName";
     public final static String __DefaultSessionIdPathParameterName = "jsessionid";
+    public final static String __CheckRemoteSessionEncoding = "org.eclipse.jetty.servlet.CheckingRemoteSessionIdEncoding";
 
 
     /* ------------------------------------------------------------ */
@@ -326,4 +326,14 @@ public interface SessionManager extends LifeCycle
      * @return whether the session management is handled via cookies.
      */
     public boolean isUsingCookies();
+    
+    /**
+     * @return True if absolute URLs are check for remoteness before being session encoded.
+     */
+    public boolean isCheckingRemoteSessionIdEncoding();
+    
+    /**
+     * @param remote True if absolute URLs are check for remoteness before being session encoded.
+     */
+    public void setCheckingRemoteSessionIdEncoding(boolean remote);
 }

jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionManager.java

@@ -51,7 +51,7 @@ import org.eclipse.jetty.util.statistic.SampleStatistic;
  * SessionManager interface provides the majority of the handling required to
  * implement a SessionManager. Concrete implementations of SessionManager based
  * on AbstractSessionManager need only implement the newSession method to return
- * a specialized version of the Session inner class that provides an attribute
+ * a specialised version of the Session inner class that provides an attribute
  * Map.
  * <p>
  *
@@ -87,6 +87,7 @@ public abstract class AbstractSessionManager extends AbstractLifeCycle implement
     protected int _maxCookieAge=-1;
     protected int _refreshCookieAge;
     protected boolean _nodeIdInSessionId;
+    protected boolean _checkingRemoteSessionIdEncoding;
 
     protected final CounterStatistic _sessionsStats = new CounterStatistic();
     protected final SampleStatistic _sessionTimeStats = new SampleStatistic();
@@ -192,6 +193,10 @@ public abstract class AbstractSessionManager extends AbstractLifeCycle implement
             // set up the sessionPath if it isn't already
             if (_sessionPath==null)
                 _sessionPath=_context.getInitParameter(SessionManager.__SessionPathProperty);
+            
+            tmp=_context.getInitParameter(SessionManager.__CheckRemoteSessionEncoding);
+            if (tmp!=null)
+                _checkingRemoteSessionIdEncoding=Boolean.parseBoolean(tmp);
         }
 
         super.doStart();
@@ -741,6 +746,24 @@ public abstract class AbstractSessionManager extends AbstractLifeCycle implement
         return _sessionTimeStats.getStdDev();
     }
 
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.server.SessionManager#isCheckingRemoteSessionIdEncoding()
+     */
+    public boolean isCheckingRemoteSessionIdEncoding()
+    {
+        return _checkingRemoteSessionIdEncoding;
+    }
+
+    /* ------------------------------------------------------------ */
+    /**
+     * @see org.eclipse.jetty.server.SessionManager#setCheckingRemoteSessionIdEncoding(boolean)
+     */
+    public void setCheckingRemoteSessionIdEncoding(boolean remote)
+    {
+        _checkingRemoteSessionIdEncoding=remote;
+    }
+
     /* ------------------------------------------------------------ */
     /**
      * Null returning implementation of HttpSessionContext

jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java

@@ -338,19 +338,18 @@ public class ResponseTest extends TestCase
         request.setSessionManager(manager);
         request.setSession(new TestSession(manager,"12345"));
 
+        manager.setCheckingRemoteSessionIdEncoding(false);
+        
         assertEquals("http://myhost:8888/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost:8888/path/info;param?query=0&more=1#target"));
- 
         assertEquals("http://other:8888/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://other:8888/path/info;param?query=0&more=1#target"));
-        assertEquals("http://other:8888/path/info;param?query=0&more=1#target",response.encodeRedirectURL("http://other:8888/path/info;param?query=0&more=1#target"));
-        
         assertEquals("http://myhost/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost/path/info;param?query=0&more=1#target"));
-        assertEquals("http://myhost/path/info;param?query=0&more=1#target",response.encodeRedirectURL("http://myhost/path/info;param?query=0&more=1#target"));
-
         assertEquals("http://myhost:8888/other/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost:8888/other/info;param?query=0&more=1#target"));
-        assertEquals("http://myhost:8888/other/info;param?query=0&more=1#target",response.encodeRedirectURL("http://myhost:8888/other/info;param?query=0&more=1#target"));
         
-    
-    
+        manager.setCheckingRemoteSessionIdEncoding(true);
+        assertEquals("http://myhost:8888/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost:8888/path/info;param?query=0&more=1#target"));
+        assertEquals("http://other:8888/path/info;param?query=0&more=1#target",response.encodeURL("http://other:8888/path/info;param?query=0&more=1#target"));
+        assertEquals("http://myhost/path/info;param?query=0&more=1#target",response.encodeURL("http://myhost/path/info;param?query=0&more=1#target"));
+        assertEquals("http://myhost:8888/other/info;param?query=0&more=1#target",response.encodeURL("http://myhost:8888/other/info;param?query=0&more=1#target"));    
     }
 
     public void testSetBufferSize ()

jetty-server/src/test/java/org/eclipse/jetty/server/session/SessionHandlerTest.java

@@ -574,6 +574,17 @@ public class SessionHandlerTest extends TestCase
         {
         }
 
+        boolean _checkRemote=false;
+        public boolean isCheckingRemoteSessionIdEncoding()
+        {
+            return _checkRemote;
+        }
+
+        public void setCheckingRemoteSessionIdEncoding(boolean remote)
+        {
+            _checkRemote=remote;
+        }
+
     }
 
 }