JETTY-1133 Handle multiple URL ; parameters

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@1327 7e9141cc-0065-0410-87d8-b60c137991c4
2010-03-02 09:34:33 +00:00 · 2010-03-02 09:34:33 +00:00 · d5de0a20c5
parent aea99b14aa
commit d5de0a20c5
3 changed files with 24 additions and 17 deletions
--- a/VERSION.txt
+++ b/VERSION.txt
@ -19,7 +19,7 @@ jetty-7.0.2-SNAPSHOT
 + 302246 redirect loop using form authenticator
 + 302556 CrossOriginFilter does not work correctly when Access-Control-Request-Headers header is not present
 + 302669 WebInfConfiguration.unpack() unpacks WEB-INF/* from a ResourceCollection, breaking JSP reloading with ResourceCollections
- + 304307 JETTY-1133 Handle ;jsessionid in FROM Auth
+ + 304307 Handle ;jsessionid in FROM Auth
 + JETTY-776 Make new session-tests module to concentrate all reusable session clustering test code
 + JETTY-910 Allow request listeners to access session
 + JETTY-983 Range handling cleanup
@ -31,6 +31,7 @@ jetty-7.0.2-SNAPSHOT
 + JETTY-1177 Allow error handler to set cacheControl
 + JETTY-1179 Persistant session tables created on MySQL use wrong datatype
 + JETTY-1184 shrink thread pool even with frequent small jobs
+ + JETTY-1133 Handle multiple URL ; parameters
 + COMETD-46 reset ContentExchange response content on resend
 + Added IPAccessHandler
 + Updated Servlet3Continuation to final 3.0.20100224
--- a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java
+++ b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java
@ -355,19 +355,19 @@ public class ConstraintTest extends TestCase
        int jsession=response.indexOf(";jsessionid=");
        String session = response.substring(jsession + 12, response.indexOf("\r\n",jsession));
        
-        response = _connector.getResponses("GET /ctx/testLoginPage;jsessionid="+session+" HTTP/1.0\r\n"+
+        response = _connector.getResponses("GET /ctx/testLoginPage;jsessionid="+session+";other HTTP/1.0\r\n"+
                "\r\n");
        assertTrue(response.indexOf(" 200 OK") > 0);
        assertTrue(response.indexOf("URI=/ctx/testLoginPage") > 0);
        
-        response = _connector.getResponses("POST /ctx/j_security_check;jsessionid="+session+" HTTP/1.0\r\n" +
+        response = _connector.getResponses("POST /ctx/j_security_check;jsessionid="+session+";other HTTP/1.0\r\n" +
                "Content-Type: application/x-www-form-urlencoded\r\n" +
                "Content-Length: 31\r\n" +
                "\r\n" +
        "j_username=user&j_password=wrong\r\n");
        assertTrue(response.indexOf("Location") > 0);

-        response = _connector.getResponses("POST /ctx/j_security_check;jsessionid="+session+" HTTP/1.0\r\n" +
+        response = _connector.getResponses("POST /ctx/j_security_check;jsessionid="+session+";other HTTP/1.0\r\n" +
                "Content-Type: application/x-www-form-urlencoded\r\n" +
                "Content-Length: 35\r\n" +
                "\r\n" +
@ -376,11 +376,11 @@ public class ConstraintTest extends TestCase
        assertTrue(response.indexOf("Location") > 0);
        assertTrue(response.indexOf("/ctx/auth/info") > 0);

-        response = _connector.getResponses("GET /ctx/auth/info;jsessionid="+session+" HTTP/1.0\r\n" +
+        response = _connector.getResponses("GET /ctx/auth/info;jsessionid="+session+";other HTTP/1.0\r\n" +
                "\r\n");
        assertTrue(response.startsWith("HTTP/1.1 200 OK"));

-        response = _connector.getResponses("GET /ctx/admin/info;jsessionid="+session+" HTTP/1.0\r\n" +
+        response = _connector.getResponses("GET /ctx/admin/info;jsessionid="+session+";other HTTP/1.0\r\n" +
                "\r\n");
        assertTrue(response.startsWith("HTTP/1.1 403"));
        assertTrue(response.indexOf("!role") > 0);
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionHandler.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionHandler.java
@ -279,20 +279,26 @@ public class SessionHandler extends ScopedHandler
        {
            String uri = request.getRequestURI();

-            int semi = uri.lastIndexOf(';');
-            if (semi>=0)
+            String prefix=sessionManager.getSessionIdPathParameterNamePrefix();
+            if (prefix!=null)
            {
-                // check if there is a url encoded session param.
-                String param=sessionManager.getSessionIdPathParameterName();
-                if (param!=null)
-                {
-                    int p=uri.indexOf(param,semi+1);
-                    if (p>0)
+                int s = uri.indexOf(prefix);
+                if (s>=0)
+                {   
+                    s+=prefix.length();
+                    int i=s;
+                    while (i<uri.length())
                    {
-                        requested_session_id = uri.substring(p+param.length()+1);
-                        requested_session_id_from_cookie = false;
-                        if(Log.isDebugEnabled())Log.debug("Got Session ID "+requested_session_id+" from URL");
+                        char c=uri.charAt(i);
+                        if (c==';'||c=='#'||c=='?'||c=='/')
+                            break;
+                        i++;
                    }
+
+                    requested_session_id = uri.substring(s,i);
+                    requested_session_id_from_cookie = false;
+                    if(Log.isDebugEnabled())
+                        Log.debug("Got Session ID "+requested_session_id+" from URL");                    
                }
            }
        }