This is an automated email from the ASF dual-hosted git repository.
jensdeppe pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/develop by this push:
new e5d07a3 GEODE-7438: Honor isHttpOnly and isSecure from the
SessionCookieConfig in the ServletContext. (#4311)
e5d07a3 is described below
commit e5d07a33cc6a68a0c68b2ea9eabbb8713def9e14
Author: thefire <[email protected]>
AuthorDate: Mon Dec 2 08:12:30 2019 -0700
GEODE-7438: Honor isHttpOnly and isSecure from the SessionCookieConfig in
the ServletContext. (#4311)
---
.../session/internal/filter/CommonTests.java | 35 ++++++-
.../SessionCookieConfigServletTestCaseAdapter.java | 114 +++++++++++++++++++++
.../session/filter/SessionCachingFilter.java | 4 +
.../http_session_mgmt/quick_start.html.md.erb | 2 +-
.../session_mgmt_weblogic.html.md.erb | 2 +-
5 files changed, 153 insertions(+), 4 deletions(-)
diff --git
a/extensions/geode-modules-session/src/integrationTest/java/org/apache/geode/modules/session/internal/filter/CommonTests.java
b/extensions/geode-modules-session/src/integrationTest/java/org/apache/geode/modules/session/internal/filter/CommonTests.java
index 2046f45..d257891 100644
---
a/extensions/geode-modules-session/src/integrationTest/java/org/apache/geode/modules/session/internal/filter/CommonTests.java
+++
b/extensions/geode-modules-session/src/integrationTest/java/org/apache/geode/modules/session/internal/filter/CommonTests.java
@@ -38,7 +38,6 @@ import javax.servlet.http.HttpSession;
import com.mockrunner.mock.web.MockHttpServletRequest;
import com.mockrunner.mock.web.MockHttpServletResponse;
-import com.mockrunner.servlet.BasicServletTestCaseAdapter;
import org.junit.Test;
import org.apache.geode.modules.session.filter.SessionCachingFilter;
@@ -47,7 +46,7 @@ import
org.apache.geode.modules.session.filter.SessionCachingFilter;
* This servlet tests the effects of the downstream SessionCachingFilter
filter. When these tests
* are performed, the filter would already have taken effect.
*/
-public abstract class CommonTests extends BasicServletTestCaseAdapter {
+public abstract class CommonTests extends
SessionCookieConfigServletTestCaseAdapter {
static final String CONTEXT_PATH = "/test";
@Test
@@ -442,6 +441,38 @@ public abstract class CommonTests extends
BasicServletTestCaseAdapter {
}
@Test
+ public void testCookieSecure() {
+
+ boolean secure = true;
+ ((MyMockServletContext) getWebMockObjectFactory().getMockServletContext())
+ .getSessionCookieConfig().setSecure(secure);
+
+ doFilter();
+ ((HttpServletRequest) getFilteredRequest()).getSession();
+
+ MockHttpServletResponse response =
getWebMockObjectFactory().getMockResponse();
+ Cookie cookie = (Cookie) response.getCookies().get(0);
+
+ assertEquals(secure, cookie.getSecure());
+ }
+
+ @Test
+ public void testCookieHttpOnly() {
+
+ boolean httpOnly = true;
+ ((MyMockServletContext) getWebMockObjectFactory().getMockServletContext())
+ .getSessionCookieConfig().setHttpOnly(httpOnly);
+
+ doFilter();
+ ((HttpServletRequest) getFilteredRequest()).getSession();
+
+ MockHttpServletResponse response =
getWebMockObjectFactory().getMockResponse();
+ Cookie cookie = (Cookie) response.getCookies().get(0);
+
+ assertEquals(httpOnly, cookie.isHttpOnly());
+ }
+
+ @Test
public void testIsNew1() {
doFilter();
diff --git
a/extensions/geode-modules-session/src/integrationTest/java/org/apache/geode/modules/session/internal/filter/SessionCookieConfigServletTestCaseAdapter.java
b/extensions/geode-modules-session/src/integrationTest/java/org/apache/geode/modules/session/internal/filter/SessionCookieConfigServletTestCaseAdapter.java
new file mode 100644
index 0000000..a56675a
--- /dev/null
+++
b/extensions/geode-modules-session/src/integrationTest/java/org/apache/geode/modules/session/internal/filter/SessionCookieConfigServletTestCaseAdapter.java
@@ -0,0 +1,114 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
contributor license
+ * agreements. See the NOTICE file distributed with this work for additional
information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache
License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express
+ * or implied. See the License for the specific language governing permissions
and limitations under
+ * the License.
+ */
+
+package org.apache.geode.modules.session.internal.filter;
+
+import javax.servlet.SessionCookieConfig;
+
+import com.mockrunner.mock.web.MockServletContext;
+import com.mockrunner.mock.web.MockSessionCookieConfig;
+import com.mockrunner.mock.web.WebMockObjectFactory;
+import com.mockrunner.servlet.BasicServletTestCaseAdapter;
+
+/**
+ * Extend the BasicServletTestCaseAdapter with support for a
+ * SessionCookieConfig in the ServletContext.
+ */
+public class SessionCookieConfigServletTestCaseAdapter
+ extends BasicServletTestCaseAdapter {
+
+ public SessionCookieConfigServletTestCaseAdapter() {
+ super();
+ }
+
+ public SessionCookieConfigServletTestCaseAdapter(String name) {
+ super(name);
+ }
+
+ @Override
+ protected WebMockObjectFactory createWebMockObjectFactory() {
+ // create special SessionCookieConfig aware factory
+ return new MyWebMockObjectFactory();
+ }
+
+ @Override
+ protected WebMockObjectFactory createWebMockObjectFactory(
+ WebMockObjectFactory otherFactory) {
+ // create special SessionCookieConfig aware factory
+ return new MyWebMockObjectFactory(otherFactory);
+ }
+
+ @Override
+ protected WebMockObjectFactory createWebMockObjectFactory(
+ WebMockObjectFactory otherFactory, boolean createNewSession) {
+ // create special SessionCookieConfig aware factory
+ return new MyWebMockObjectFactory(otherFactory, createNewSession);
+ }
+
+ /**
+ * MockServletContext that has a SessionCookieConfig.
+ */
+ public static class MyMockServletContext extends MockServletContext {
+
+ private SessionCookieConfig sessionCookieConfig;
+
+ private MyMockServletContext() {
+ super();
+ sessionCookieConfig = new MyMockSessionCookieConfig();
+ }
+
+ @Override
+ public synchronized void resetAll() {
+ super.resetAll();
+ sessionCookieConfig = new MyMockSessionCookieConfig();
+ }
+
+ @Override
+ public SessionCookieConfig getSessionCookieConfig() {
+ return sessionCookieConfig;
+ }
+
+ }
+
+ // why doesn't MockSessionCookieConfig implement SessionCookieConfig...
+ private static class MyMockSessionCookieConfig extends
+ MockSessionCookieConfig implements SessionCookieConfig {
+ }
+
+ /**
+ * WebMockObjectFactory that creates our SessionCookieConfig aware
+ * MockSerletContext.
+ */
+ public static class MyWebMockObjectFactory extends WebMockObjectFactory {
+ public MyWebMockObjectFactory() {
+ super();
+ }
+
+ public MyWebMockObjectFactory(WebMockObjectFactory factory) {
+ super(factory);
+ }
+
+ public MyWebMockObjectFactory(WebMockObjectFactory factory, boolean
createNewSession) {
+ super(factory, createNewSession);
+ }
+
+ @Override
+ public MyMockServletContext createMockServletContext() {
+ return new MyMockServletContext();
+ }
+
+ }
+
+}
diff --git
a/extensions/geode-modules-session/src/main/java/org/apache/geode/modules/session/filter/SessionCachingFilter.java
b/extensions/geode-modules-session/src/main/java/org/apache/geode/modules/session/filter/SessionCachingFilter.java
index f2a368e..6f9a643 100644
---
a/extensions/geode-modules-session/src/main/java/org/apache/geode/modules/session/filter/SessionCachingFilter.java
+++
b/extensions/geode-modules-session/src/main/java/org/apache/geode/modules/session/filter/SessionCachingFilter.java
@@ -31,6 +31,7 @@ import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletRequestWrapper;
import javax.servlet.ServletResponse;
+import javax.servlet.SessionCookieConfig;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
@@ -203,8 +204,11 @@ public class SessionCachingFilter implements Filter {
return;
}
+ SessionCookieConfig cookieConfig = context.getSessionCookieConfig();
Cookie cookie = new Cookie(manager.getSessionCookieName(),
session.getId());
cookie.setPath("".equals(getContextPath()) ? "/" : getContextPath());
+ cookie.setHttpOnly(cookieConfig.isHttpOnly());
+ cookie.setSecure(cookieConfig.isSecure());
response.addCookie(cookie);
}
diff --git a/geode-docs/tools_modules/http_session_mgmt/quick_start.html.md.erb
b/geode-docs/tools_modules/http_session_mgmt/quick_start.html.md.erb
index 682719b..66d79d1 100644
--- a/geode-docs/tools_modules/http_session_mgmt/quick_start.html.md.erb
+++ b/geode-docs/tools_modules/http_session_mgmt/quick_start.html.md.erb
@@ -31,7 +31,7 @@ In this section you download, install, and set up the HTTP
Session Management mo
| Tomcat | 8.5 |
[http://tomcat.apache.org/download-80.cgi](http://tomcat.apache.org/download-80.cgi)
|
| Tomcat | 9.0 |
[https://tomcat.apache.org/download-90.cgi](https://tomcat.apache.org/download-90.cgi)
|
- The generic HTTP Session Management Module for AppServers is implemented
as a servlet filter and should work on any application server platform that
supports the Java Servlet 2.4 specification.
+ The generic HTTP Session Management Module for AppServers is implemented
as a servlet filter and should work on any application server platform that
supports the Java Servlet 3.1 specification.
2. The HTTP Session Management Modules installation .zip files are located in
the `tools/Modules` directory of the product installation directory. Locate the
.zip file for the HTTP Session Management Module that you wish to install.
Unzip the appropriate HTTP Session Management Module into the specified
directory for your application server:
diff --git
a/geode-docs/tools_modules/http_session_mgmt/session_mgmt_weblogic.html.md.erb
b/geode-docs/tools_modules/http_session_mgmt/session_mgmt_weblogic.html.md.erb
index fc1be0c..0ef1868 100644
---
a/geode-docs/tools_modules/http_session_mgmt/session_mgmt_weblogic.html.md.erb
+++
b/geode-docs/tools_modules/http_session_mgmt/session_mgmt_weblogic.html.md.erb
@@ -21,7 +21,7 @@ limitations under the License.
You implement session caching with the HTTP Session Management Module for
AppServers with a special filter, defined in the `web.xml`, which is configured
to intercept and wrap all requests.
-You can use this HTTP module with a variety of application servers. Wrapping
each request allows the interception of `getSession()` calls to be handled by
<%=vars.product_name%> instead of the native container. This approach is a
generic solution, which is supported by any container that implements the
Servlet 2.4 specification.
+You can use this HTTP module with a variety of application servers. Wrapping
each request allows the interception of `getSession()` calls to be handled by
<%=vars.product_name%> instead of the native container. This approach is a
generic solution, which is supported by any container that implements the
Servlet 3.1 specification.
- **[Setting Up the HTTP Module for
AppServers](../../tools_modules/http_session_mgmt/weblogic_setting_up_the_module.html)**
