Author: jvermillard
Date: Tue Aug 25 12:48:25 2009
New Revision: 807592
URL: http://svn.apache.org/viewvc?rev=807592&view=rev
Log:
ASYNCWEB-35 added HTTPOnly parameters too cookies
Modified:
mina/asyncweb/trunk/client/src/main/java/org/apache/ahc/codec/HttpDecoder.java
mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/Cookie.java
mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/DefaultCookie.java
mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/DefaultHttpRequest.java
mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/MutableCookie.java
mina/asyncweb/trunk/common/src/test/java/org/apache/asyncweb/common/DefaultCookieTest.java
Modified:
mina/asyncweb/trunk/client/src/main/java/org/apache/ahc/codec/HttpDecoder.java
URL:
http://svn.apache.org/viewvc/mina/asyncweb/trunk/client/src/main/java/org/apache/ahc/codec/HttpDecoder.java?rev=807592&r1=807591&r2=807592&view=diff
==============================================================================
---
mina/asyncweb/trunk/client/src/main/java/org/apache/ahc/codec/HttpDecoder.java
(original)
+++
mina/asyncweb/trunk/client/src/main/java/org/apache/ahc/codec/HttpDecoder.java
Tue Aug 25 12:48:25 2009
@@ -61,6 +61,9 @@
/** The Constant COOKIE_SECURE. */
public static final String COOKIE_SECURE = "secure";
+
+ /** The Constant COOKIE_HTTP_ONLY. */
+ public static final String COOKIE_HTTP_ONLY = "HTTPOnly";
/** The Constant COOKIE_VERSION. */
public static final String COOKIE_VERSION = "version";
@@ -300,6 +303,10 @@
cookie.setSecure(true);
}
+ if (name.equalsIgnoreCase(COOKIE_HTTP_ONLY)) {
+ cookie.setHttpOnly(true);
+ }
+
if (name.equalsIgnoreCase(COOKIE_VERSION)) {
cookie.setVersion(Integer.parseInt(nameValue[1]));
}
Modified:
mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/Cookie.java
URL:
http://svn.apache.org/viewvc/mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/Cookie.java?rev=807592&r1=807591&r2=807592&view=diff
==============================================================================
---
mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/Cookie.java
(original)
+++
mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/Cookie.java
Tue Aug 25 12:48:25 2009
@@ -98,4 +98,10 @@
* @return the expiration date of the cookie in milliseconds after Jan.
1, 1970.
*/
long getExpirationDate();
+
+ /**
+ * Returns if this cookie is marked as "HTTP only".
+ * {...@link http://www.owasp.org/index.php/HTTPOnly}
+ */
+ boolean isHttpOnly();
}
Modified:
mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/DefaultCookie.java
URL:
http://svn.apache.org/viewvc/mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/DefaultCookie.java?rev=807592&r1=807591&r2=807592&view=diff
==============================================================================
---
mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/DefaultCookie.java
(original)
+++
mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/DefaultCookie.java
Tue Aug 25 12:48:25 2009
@@ -42,6 +42,8 @@
private boolean secure;
+ private boolean httpOnly;
+
private int version = 0;
private int maxAge = -1;
@@ -88,6 +90,7 @@
this.secure = cookie.isSecure();
this.value = cookie.getValue();
this.version = cookie.getVersion();
+ this.httpOnly = cookie.isHttpOnly();
}
public String getComment() {
@@ -130,6 +133,14 @@
this.secure = secure;
}
+ public boolean isHttpOnly() {
+ return httpOnly;
+ }
+
+ public void setHttpOnly(boolean httpOnly) {
+ this.httpOnly= httpOnly;
+ }
+
public String getValue() {
return value;
}
@@ -255,6 +266,6 @@
public String toString() {
return "name=" + getName() + " value=" + getValue() + " domain="
+ getDomain() + " path=" + getPath() + " maxAge=" + getMaxAge()
- + " secure=" + isSecure();
+ + " secure=" + isSecure()+ " httpOnly="+isHttpOnly();
}
}
Modified:
mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/DefaultHttpRequest.java
URL:
http://svn.apache.org/viewvc/mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/DefaultHttpRequest.java?rev=807592&r1=807591&r2=807592&view=diff
==============================================================================
---
mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/DefaultHttpRequest.java
(original)
+++
mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/DefaultHttpRequest.java
Tue Aug 25 12:48:25 2009
@@ -417,6 +417,9 @@
if (c.isSecure()) {
buf.append("; secure");
}
+ if (c.isHttpOnly()) {
+ buf.append("; HTTPOnly");
+ }
buf.append(';');
Modified:
mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/MutableCookie.java
URL:
http://svn.apache.org/viewvc/mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/MutableCookie.java?rev=807592&r1=807591&r2=807592&view=diff
==============================================================================
---
mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/MutableCookie.java
(original)
+++
mina/asyncweb/trunk/common/src/main/java/org/apache/asyncweb/common/MutableCookie.java
Tue Aug 25 12:48:25 2009
@@ -63,6 +63,13 @@
void setSecure(boolean secure);
/**
+ * Mark the cookie a only for HTTP. Browser are supposed to block access
to this cookie
+ * from client side code.
+ * {...@link http://www.owasp.org/index.php/HTTPOnly}
+ */
+ void setHttpOnly(boolean httpOnly);
+
+ /**
* Sets the maximum age of the cookie in seconds.
* A positive value indicates that the cookie will expire after the
specified number
* of seconds.
@@ -88,4 +95,4 @@
* @param date the date the cookie was created in milliseconds after Jan.
1, 1970.
*/
void setCreatedDate(long date);
-}
\ No newline at end of file
+}
Modified:
mina/asyncweb/trunk/common/src/test/java/org/apache/asyncweb/common/DefaultCookieTest.java
URL:
http://svn.apache.org/viewvc/mina/asyncweb/trunk/common/src/test/java/org/apache/asyncweb/common/DefaultCookieTest.java?rev=807592&r1=807591&r2=807592&view=diff
==============================================================================
---
mina/asyncweb/trunk/common/src/test/java/org/apache/asyncweb/common/DefaultCookieTest.java
(original)
+++
mina/asyncweb/trunk/common/src/test/java/org/apache/asyncweb/common/DefaultCookieTest.java
Tue Aug 25 12:48:25 2009
@@ -12,6 +12,7 @@
final String domain = "mina.apache.org";
final String path = "/cookie/path";
final boolean secure = true;
+ final boolean httpOnly = true;
final int maxAge = 324987;
final String comment = "This is the cookie comment";
final long createdDate = 437874235475L;
@@ -36,6 +37,9 @@
public boolean isSecure() {
return secure;
}
+ public boolean isHttpOnly() {
+ return httpOnly;
+ }
public int getMaxAge() {
return maxAge;
}
@@ -45,6 +49,7 @@
public long getCreatedDate() {
return createdDate;
}
+
public long getExpirationDate() {
// This should be a calculated field so we'll just return 0
return 0;
@@ -64,6 +69,7 @@
assertEquals(domain, copy.getDomain());
assertEquals(path, copy.getPath());
assertEquals(secure, copy.isSecure());
+ assertEquals(httpOnly, copy.isHttpOnly());
assertEquals(maxAge, copy.getMaxAge());
assertEquals(comment, copy.getComment());
assertEquals(createdDate, copy.getCreatedDate());
