SessionCookieConfig name may be null (#5557)
* SessionCookieConfig name may be null Protect against NPE by make a null name in SessionCookieConfig deactive session cookies. * SessionCookieConfig name may be null Protect against NPE by make a null name in SessionCookieConfig deactive session cookies. * SessionCookieConfig name may be null Protect against NPE by make a null name in SessionCookieConfig deactive session cookies. * feedback from review added static method to convert null name to default.
This commit is contained in:
parent
69185bf31d
commit
f88f09a148
|
@ -46,6 +46,7 @@ import javax.servlet.http.HttpSessionListener;
|
||||||
|
|
||||||
import org.eclipse.jetty.http.BadMessageException;
|
import org.eclipse.jetty.http.BadMessageException;
|
||||||
import org.eclipse.jetty.http.HttpCookie;
|
import org.eclipse.jetty.http.HttpCookie;
|
||||||
|
import org.eclipse.jetty.http.Syntax;
|
||||||
import org.eclipse.jetty.server.Request;
|
import org.eclipse.jetty.server.Request;
|
||||||
import org.eclipse.jetty.server.Server;
|
import org.eclipse.jetty.server.Server;
|
||||||
import org.eclipse.jetty.server.SessionIdManager;
|
import org.eclipse.jetty.server.SessionIdManager;
|
||||||
|
@ -662,7 +663,7 @@ public class SessionHandler extends ScopedHandler
|
||||||
HttpCookie cookie = null;
|
HttpCookie cookie = null;
|
||||||
|
|
||||||
cookie = new HttpCookie(
|
cookie = new HttpCookie(
|
||||||
_cookieConfig.getName(),
|
getSessionCookieName(_cookieConfig),
|
||||||
id,
|
id,
|
||||||
_cookieConfig.getDomain(),
|
_cookieConfig.getDomain(),
|
||||||
sessionPath,
|
sessionPath,
|
||||||
|
@ -1378,6 +1379,13 @@ public class SessionHandler extends ScopedHandler
|
||||||
Session getSession();
|
Session getSession();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static String getSessionCookieName(SessionCookieConfig config)
|
||||||
|
{
|
||||||
|
if (config == null || config.getName() == null)
|
||||||
|
return __DefaultSessionCookie;
|
||||||
|
return config.getName();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* CookieConfig
|
* CookieConfig
|
||||||
*
|
*
|
||||||
|
@ -1466,6 +1474,10 @@ public class SessionHandler extends ScopedHandler
|
||||||
{
|
{
|
||||||
if (_context != null && _context.getContextHandler().isAvailable())
|
if (_context != null && _context.getContextHandler().isAvailable())
|
||||||
throw new IllegalStateException("CookieConfig cannot be set after ServletContext is started");
|
throw new IllegalStateException("CookieConfig cannot be set after ServletContext is started");
|
||||||
|
if ("".equals(name))
|
||||||
|
throw new IllegalArgumentException("Blank cookie name");
|
||||||
|
if (name != null)
|
||||||
|
Syntax.requireValidRFC2616Token(name, "Bad Session cookie name");
|
||||||
_sessionCookie = name;
|
_sessionCookie = name;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1645,18 +1657,18 @@ public class SessionHandler extends ScopedHandler
|
||||||
Cookie[] cookies = request.getCookies();
|
Cookie[] cookies = request.getCookies();
|
||||||
if (cookies != null && cookies.length > 0)
|
if (cookies != null && cookies.length > 0)
|
||||||
{
|
{
|
||||||
final String sessionCookie = getSessionCookieConfig().getName();
|
final String sessionCookie = getSessionCookieName(getSessionCookieConfig());
|
||||||
for (int i = 0; i < cookies.length; i++)
|
for (Cookie cookie : cookies)
|
||||||
{
|
{
|
||||||
if (sessionCookie.equalsIgnoreCase(cookies[i].getName()))
|
if (sessionCookie.equalsIgnoreCase(cookie.getName()))
|
||||||
{
|
{
|
||||||
String id = cookies[i].getValue();
|
String id = cookie.getValue();
|
||||||
requestedSessionIdFromCookie = true;
|
requestedSessionIdFromCookie = true;
|
||||||
if (LOG.isDebugEnabled())
|
if (LOG.isDebugEnabled())
|
||||||
LOG.debug("Got Session ID {} from cookie {}", id, sessionCookie);
|
LOG.debug("Got Session ID {} from cookie {}", id, sessionCookie);
|
||||||
|
|
||||||
HttpSession s = getHttpSession(id);
|
HttpSession s = getHttpSession(id);
|
||||||
|
|
||||||
if (requestedSessionId == null)
|
if (requestedSessionId == null)
|
||||||
{
|
{
|
||||||
//no previous id, always accept this one
|
//no previous id, always accept this one
|
||||||
|
|
|
@ -38,6 +38,7 @@ import org.eclipse.jetty.http.pathmap.ServletPathSpec;
|
||||||
import org.eclipse.jetty.security.ConstraintAware;
|
import org.eclipse.jetty.security.ConstraintAware;
|
||||||
import org.eclipse.jetty.security.ConstraintMapping;
|
import org.eclipse.jetty.security.ConstraintMapping;
|
||||||
import org.eclipse.jetty.security.authentication.FormAuthenticator;
|
import org.eclipse.jetty.security.authentication.FormAuthenticator;
|
||||||
|
import org.eclipse.jetty.server.session.SessionHandler;
|
||||||
import org.eclipse.jetty.servlet.ErrorPageErrorHandler;
|
import org.eclipse.jetty.servlet.ErrorPageErrorHandler;
|
||||||
import org.eclipse.jetty.servlet.FilterHolder;
|
import org.eclipse.jetty.servlet.FilterHolder;
|
||||||
import org.eclipse.jetty.servlet.FilterMapping;
|
import org.eclipse.jetty.servlet.FilterMapping;
|
||||||
|
@ -732,7 +733,7 @@ public class StandardDescriptorProcessor extends IterativeDescriptorProcessor
|
||||||
case WebFragment:
|
case WebFragment:
|
||||||
{
|
{
|
||||||
//a web-fragment set the value, all web-fragments must have the same value
|
//a web-fragment set the value, all web-fragments must have the same value
|
||||||
if (!context.getSessionHandler().getSessionCookieConfig().getName().equals(name))
|
if (!name.equals(SessionHandler.getSessionCookieName(context.getSessionHandler().getSessionCookieConfig())))
|
||||||
throw new IllegalStateException("Conflicting cookie-config name " + name + " in " + descriptor.getResource());
|
throw new IllegalStateException("Conflicting cookie-config name " + name + " in " + descriptor.getResource());
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -806,7 +807,7 @@ public class StandardDescriptorProcessor extends IterativeDescriptorProcessor
|
||||||
case WebFragment:
|
case WebFragment:
|
||||||
{
|
{
|
||||||
//a web-fragment set the value, all web-fragments must have the same value
|
//a web-fragment set the value, all web-fragments must have the same value
|
||||||
if (!context.getSessionHandler().getSessionCookieConfig().getPath().equals(path))
|
if (!path.equals(context.getSessionHandler().getSessionCookieConfig().getPath()))
|
||||||
throw new IllegalStateException("Conflicting cookie-config path " + path + " in " + descriptor.getResource());
|
throw new IllegalStateException("Conflicting cookie-config path " + path + " in " + descriptor.getResource());
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue