291448 SessionManager has isCheckingRemoteSessionIdEncoding

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@1649 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Greg Wilkins 2010-05-03 13:48:54 +00:00
parent 820855b3b5
commit ab71e91877
6 changed files with 70 additions and 34 deletions

View File

@ -1,6 +1,6 @@
jetty-7.1.0.RC1-SNAPSHOT
+ 291448 encodeRedirectURL only encodes absolute URLs to same host/port/context
+ 291448 SessionManager has isCheckingRemoteSessionIdEncoding
+ 297104 HTTP CONNECT does not work correct with SSL destinations
+ 308848 Update test suite to JUnit4 - Module jetty-ajp
+ 308861 Update test suite to JUnit4 - Module jetty-security

View File

@ -154,16 +154,30 @@ public class Response implements HttpServletResponse
*/
public String encodeURL(String url)
{
Request request=_connection.getRequest();
final Request request=_connection.getRequest();
SessionManager sessionManager = request.getSessionManager();
if (sessionManager==null)
return url;
if (sessionManager.isCheckingRemoteSessionIdEncoding() && URIUtil.hasScheme(url))
{
HttpURI uri = new HttpURI(url);
int port=uri.getPort();
if (port<0)
port = HttpSchemes.HTTPS.equalsIgnoreCase(uri.getScheme())?443:80;
if (!request.getServerName().equalsIgnoreCase(uri.getHost()) ||
request.getServerPort()!=port ||
!uri.getPath().startsWith(request.getContextPath()))
return url;
}
String sessionURLPrefix = sessionManager.getSessionIdPathParameterNamePrefix();
if (sessionURLPrefix==null)
return url;
if (url==null)
return null;
// should not encode if cookies in evidence
if (request.isRequestedSessionIdFromCookie())
{
@ -188,15 +202,12 @@ public class Response implements HttpServletResponse
if (session == null)
return url;
// invalid session
if (!sessionManager.isValid(session))
return url;
String id=sessionManager.getNodeId(session);
// TODO Check host and port are for this server
// Already encoded
int prefix=url.indexOf(sessionURLPrefix);
if (prefix!=-1)
@ -223,28 +234,10 @@ public class Response implements HttpServletResponse
/* ------------------------------------------------------------ */
/**
* Encode Redirect URL.
* <p>This method differs from {@link #encodeURL(String)}, in that it only encodes
* relative URLs or absolute URLs to the same host/port/contextPath as the request.
* @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(java.lang.String)
*/
public String encodeRedirectURL(String url)
{
if (URIUtil.hasScheme(url))
{
HttpURI uri = new HttpURI(url);
Request request=_connection.getRequest();
int port=uri.getPort();
if (port<0)
port = HttpSchemes.HTTPS.equalsIgnoreCase(uri.getScheme())?443:80;
if (request.getServerName().equalsIgnoreCase(uri.getHost()) &&
request.getServerPort()==port &&
uri.getPath().startsWith(request.getContextPath()))
return encodeURL(url);
return url;
}
return encodeURL(url);
}

View File

@ -28,7 +28,6 @@ import org.eclipse.jetty.util.component.LifeCycle;
* Session Manager.
* The API required to manage sessions for a servlet context.
*
*
*/
public interface SessionManager extends LifeCycle
{
@ -51,6 +50,7 @@ public interface SessionManager extends LifeCycle
*/
public final static String __SessionIdPathParameterNameProperty = "org.eclipse.jetty.servlet.SessionIdPathParameterName";
public final static String __DefaultSessionIdPathParameterName = "jsessionid";
public final static String __CheckRemoteSessionEncoding = "org.eclipse.jetty.servlet.CheckingRemoteSessionIdEncoding";
/* ------------------------------------------------------------ */
@ -326,4 +326,14 @@ public interface SessionManager extends LifeCycle
* @return whether the session management is handled via cookies.
*/
public boolean isUsingCookies();
/**
* @return True if absolute URLs are check for remoteness before being session encoded.
*/
public boolean isCheckingRemoteSessionIdEncoding();
/**
* @param remote True if absolute URLs are check for remoteness before being session encoded.
*/
public void setCheckingRemoteSessionIdEncoding(boolean remote);
}

View File

@ -51,7 +51,7 @@ import org.eclipse.jetty.util.statistic.SampleStatistic;
* SessionManager interface provides the majority of the handling required to
* implement a SessionManager. Concrete implementations of SessionManager based
* on AbstractSessionManager need only implement the newSession method to return
* a specialized version of the Session inner class that provides an attribute
* a specialised version of the Session inner class that provides an attribute
* Map.
* <p>
*
@ -87,6 +87,7 @@ public abstract class AbstractSessionManager extends AbstractLifeCycle implement
protected int _maxCookieAge=-1;
protected int _refreshCookieAge;
protected boolean _nodeIdInSessionId;
protected boolean _checkingRemoteSessionIdEncoding;
protected final CounterStatistic _sessionsStats = new CounterStatistic();
protected final SampleStatistic _sessionTimeStats = new SampleStatistic();
@ -192,6 +193,10 @@ public abstract class AbstractSessionManager extends AbstractLifeCycle implement
// set up the sessionPath if it isn't already
if (_sessionPath==null)
_sessionPath=_context.getInitParameter(SessionManager.__SessionPathProperty);
tmp=_context.getInitParameter(SessionManager.__CheckRemoteSessionEncoding);
if (tmp!=null)
_checkingRemoteSessionIdEncoding=Boolean.parseBoolean(tmp);
}
super.doStart();
@ -741,6 +746,24 @@ public abstract class AbstractSessionManager extends AbstractLifeCycle implement
return _sessionTimeStats.getStdDev();
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.SessionManager#isCheckingRemoteSessionIdEncoding()
*/
public boolean isCheckingRemoteSessionIdEncoding()
{
return _checkingRemoteSessionIdEncoding;
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.SessionManager#setCheckingRemoteSessionIdEncoding(boolean)
*/
public void setCheckingRemoteSessionIdEncoding(boolean remote)
{
_checkingRemoteSessionIdEncoding=remote;
}
/* ------------------------------------------------------------ */
/**
* Null returning implementation of HttpSessionContext

View File

@ -338,19 +338,18 @@ public class ResponseTest extends TestCase
request.setSessionManager(manager);
request.setSession(new TestSession(manager,"12345"));
manager.setCheckingRemoteSessionIdEncoding(false);
assertEquals("http://myhost:8888/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost:8888/path/info;param?query=0&more=1#target"));
assertEquals("http://other:8888/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://other:8888/path/info;param?query=0&more=1#target"));
assertEquals("http://other:8888/path/info;param?query=0&more=1#target",response.encodeRedirectURL("http://other:8888/path/info;param?query=0&more=1#target"));
assertEquals("http://myhost/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost/path/info;param?query=0&more=1#target"));
assertEquals("http://myhost/path/info;param?query=0&more=1#target",response.encodeRedirectURL("http://myhost/path/info;param?query=0&more=1#target"));
assertEquals("http://myhost:8888/other/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost:8888/other/info;param?query=0&more=1#target"));
assertEquals("http://myhost:8888/other/info;param?query=0&more=1#target",response.encodeRedirectURL("http://myhost:8888/other/info;param?query=0&more=1#target"));
manager.setCheckingRemoteSessionIdEncoding(true);
assertEquals("http://myhost:8888/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost:8888/path/info;param?query=0&more=1#target"));
assertEquals("http://other:8888/path/info;param?query=0&more=1#target",response.encodeURL("http://other:8888/path/info;param?query=0&more=1#target"));
assertEquals("http://myhost/path/info;param?query=0&more=1#target",response.encodeURL("http://myhost/path/info;param?query=0&more=1#target"));
assertEquals("http://myhost:8888/other/info;param?query=0&more=1#target",response.encodeURL("http://myhost:8888/other/info;param?query=0&more=1#target"));
}
public void testSetBufferSize ()

View File

@ -574,6 +574,17 @@ public class SessionHandlerTest extends TestCase
{
}
boolean _checkRemote=false;
public boolean isCheckingRemoteSessionIdEncoding()
{
return _checkRemote;
}
public void setCheckingRemoteSessionIdEncoding(boolean remote)
{
_checkRemote=remote;
}
}
}