This is an automated email from the ASF dual-hosted git repository.
cziegeler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/felix-dev.git
The following commit(s) were added to refs/heads/master by this push:
new 0e0729d FELIX-6342 : HTTP Session not invalidated over HTTPS
0e0729d is described below
commit 0e0729d578f76508b4daee640509bada2eedd43c
Author: Carsten Ziegeler <[email protected]>
AuthorDate: Sun Oct 4 12:16:22 2020 +0200
FELIX-6342 : HTTP Session not invalidated over HTTPS
---
.../felix/http/base/internal/HttpConfig.java | 13 +++++---
.../base/internal/handler/HttpSessionWrapper.java | 2 +-
http/itest/pom.xml | 36 +++++++++++-----------
http/jetty/pom.xml | 2 +-
.../jetty/internal/ConfigMetaTypeProvider.java | 4 +--
.../felix/http/jetty/internal/JettyConfig.java | 4 +--
6 files changed, 32 insertions(+), 29 deletions(-)
diff --git
a/http/base/src/main/java/org/apache/felix/http/base/internal/HttpConfig.java
b/http/base/src/main/java/org/apache/felix/http/base/internal/HttpConfig.java
index 6af61a7..150d39a 100644
---
a/http/base/src/main/java/org/apache/felix/http/base/internal/HttpConfig.java
+++
b/http/base/src/main/java/org/apache/felix/http/base/internal/HttpConfig.java
@@ -17,7 +17,6 @@
package org.apache.felix.http.base.internal;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.Collection;
import java.util.Dictionary;
import java.util.HashSet;
@@ -43,7 +42,7 @@ public class HttpConfig {
public static final String PROP_CONTAINER_ADDED_ATTRIBUTE =
"org.apache.felix.http.session.container.attribute";
- private volatile Set<String> containerAddedAttribueSet = null;
+ private volatile Set<String> containerAddedAttribueSet;
public boolean isUniqueSessionId() {
return uniqueSessionId;
@@ -61,9 +60,13 @@ public class HttpConfig {
this.invalidateContainerSession = invalidateContainerSession;
}
- public Set<String> getContainerAddedAttribueSet() { return
containerAddedAttribueSet; }
+ public Set<String> getContainerAddedAttribueSet() {
+ return containerAddedAttribueSet;
+ }
- public void setContainerAddedAttribueSet(Set<String>
containerAddedAttribueSet) { this.containerAddedAttribueSet =
containerAddedAttribueSet; }
+ public void setContainerAddedAttribueSet(Set<String>
containerAddedAttribueSet) {
+ this.containerAddedAttribueSet = containerAddedAttribueSet;
+ }
public void configure(@NotNull final Dictionary<String, Object> props) {
@@ -93,7 +96,7 @@ public class HttpConfig {
*/
private String[] getStringArrayProperty(final Dictionary<String, Object>
props,String name, String[] defValue)
{
- Object value = props.get(name);;
+ Object value = props.get(name);
if (value instanceof String)
{
final String stringVal = ((String) value).trim();
diff --git
a/http/base/src/main/java/org/apache/felix/http/base/internal/handler/HttpSessionWrapper.java
b/http/base/src/main/java/org/apache/felix/http/base/internal/handler/HttpSessionWrapper.java
index 896ec9b..d048ece 100644
---
a/http/base/src/main/java/org/apache/felix/http/base/internal/handler/HttpSessionWrapper.java
+++
b/http/base/src/main/java/org/apache/felix/http/base/internal/handler/HttpSessionWrapper.java
@@ -362,7 +362,7 @@ public class HttpSessionWrapper implements HttpSession
while (names.hasMoreElements()) {
final String name = names.nextElement();
- if (name == null ||
!attributeAddedByContainerSet.contains(name.trim())) {
+ if (name == null ||
!attributeAddedByContainerSet.contains(name)) {
return false;
}
}
diff --git a/http/itest/pom.xml b/http/itest/pom.xml
index 9cde727..ea2fed9 100644
--- a/http/itest/pom.xml
+++ b/http/itest/pom.xml
@@ -11,18 +11,18 @@
<project xmlns="http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd";>
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.felix</groupId>
- <artifactId>org.apache.felix.http.parent</artifactId>
- <version>12</version>
- <relativePath>../parent/pom.xml</relativePath>
- </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>org.apache.felix.http.parent</artifactId>
+ <version>12</version>
+ <relativePath>../parent/pom.xml</relativePath>
+ </parent>
- <name>Apache Felix Http Integration Tests</name>
- <artifactId>org.apache.felix.http.itest</artifactId>
- <version>0.0.3-SNAPSHOT</version>
- <packaging>jar</packaging>
+ <name>Apache Felix Http Integration Tests</name>
+ <artifactId>org.apache.felix.http.itest</artifactId>
+ <version>0.0.3-SNAPSHOT</version>
+ <packaging>jar</packaging>
<scm>
<connection>scm:git:https://github.com/apache/felix-dev.git</connection>
@@ -30,13 +30,13 @@
<url>https://gitbox.apache.org/repos/asf?p=felix-dev.git</url>
</scm>
- <properties>
- <felix.java.version>8</felix.java.version>
- <pax.exam.version>4.13.1</pax.exam.version>
- <pax.url.aether.version>2.6.2</pax.url.aether.version>
- <http.servlet.api.version>1.1.2</http.servlet.api.version>
- <http.jetty.version>4.0.21-SNAPSHOT</http.jetty.version>
- </properties>
+ <properties>
+ <felix.java.version>8</felix.java.version>
+ <pax.exam.version>4.13.1</pax.exam.version>
+ <pax.url.aether.version>2.6.2</pax.url.aether.version>
+ <http.servlet.api.version>1.1.2</http.servlet.api.version>
+ <http.jetty.version>4.1.1-SNAPSHOT</http.jetty.version>
+ </properties>
<build>
<plugins>
diff --git a/http/jetty/pom.xml b/http/jetty/pom.xml
index 6a97c77..e42fb29 100644
--- a/http/jetty/pom.xml
+++ b/http/jetty/pom.xml
@@ -398,7 +398,7 @@
<dependency>
<groupId>org.apache.felix</groupId>
<artifactId>org.apache.felix.http.base</artifactId>
- <version>4.1.0</version>
+ <version>4.1.1-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>commons-fileupload</groupId>
diff --git
a/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/ConfigMetaTypeProvider.java
b/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/ConfigMetaTypeProvider.java
index 6ba3966..c92f51c 100644
---
a/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/ConfigMetaTypeProvider.java
+++
b/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/ConfigMetaTypeProvider.java
@@ -425,9 +425,9 @@ class ConfigMetaTypeProvider implements MetaTypeProvider
bundle.getBundleContext().getProperty(HttpConfig.PROP_INVALIDATE_SESSION)));
adList.add(new
AttributeDefinitionImpl(HttpConfig.PROP_CONTAINER_ADDED_ATTRIBUTE,
"Attributes added by server.",
- "The atrrtibutes added by underlying session.Use this to
invalidate session.",
+ "The attributes added by underlying session. Use this to
invalidate session.",
AttributeDefinition.STRING,
- null,
+ new String[]
{"org.eclipse.jetty.security.sessionCreatedSecure"},
2147483647,
null, null,
getStringArray(bundle.getBundleContext().getProperty(HttpConfig.PROP_CONTAINER_ADDED_ATTRIBUTE))));
diff --git
a/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
b/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
index 470aa59..1f5cf44 100644
---
a/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
+++
b/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
@@ -263,7 +263,7 @@ public final class JettyConfig
/** Felix specific property to specify the excluded mime types. */
public static final String FELIX_JETTY_GZIP_EXCLUDED_MIME_TYPES =
"org.apache.felix.jetty.gzip.excludedMimeTypes";
-
+
/** Felix specific property to specify the stop timeout of the jetty
server */
public static final String FELIX_JETTY_STOP_TIMEOUT =
"org.apache.felix.jetty.stopTimeout";
@@ -736,7 +736,7 @@ public final class JettyConfig
props.put(HttpConfig.PROP_UNIQUE_SESSION_ID,
getBooleanProperty(HttpConfig.PROP_UNIQUE_SESSION_ID,
HttpConfig.DEFAULT_UNIQUE_SESSION_ID));
props.put(HttpConfig.PROP_CONTAINER_ADDED_ATTRIBUTE,
getStringArrayProperty(HttpConfig.PROP_CONTAINER_ADDED_ATTRIBUTE,
- new String[0]));
+ new String[]
{"org.eclipse.jetty.security.sessionCreatedSecure"}));
addCustomServiceProperties(props);
}
