This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new fcda8f4 Expose the HttpServletRequest to
CookieProcessor.generateHeader()
fcda8f4 is described below
commit fcda8f4e40d38997f167ad7d41a259cb846f9272
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Apr 2 12:36:55 2020 +0100
Expose the HttpServletRequest to CookieProcessor.generateHeader()
---
java/org/apache/catalina/connector/Response.java | 11 +++++---
.../catalina/core/ApplicationPushBuilder.java | 2 +-
.../apache/tomcat/util/http/CookieProcessor.java | 33 ++++++++++++++++++++++
.../tomcat/util/http/LegacyCookieProcessor.java | 8 ++++++
.../tomcat/util/http/Rfc6265CookieProcessor.java | 8 ++++++
.../util/http/TestCookieProcessorGeneration.java | 6 ++--
webapps/docs/changelog.xml | 6 ++++
7 files changed, 66 insertions(+), 8 deletions(-)
diff --git a/java/org/apache/catalina/connector/Response.java
b/java/org/apache/catalina/connector/Response.java
index 3900c30..a58945d 100644
--- a/java/org/apache/catalina/connector/Response.java
+++ b/java/org/apache/catalina/connector/Response.java
@@ -42,6 +42,7 @@ import javax.servlet.ServletOutputStream;
import javax.servlet.ServletResponse;
import javax.servlet.SessionTrackingMode;
import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
@@ -968,9 +969,9 @@ public class Response implements HttpServletResponse {
// from the generateHeader() invocation
if (SecurityUtil.isPackageProtectionEnabled()) {
return AccessController.doPrivileged(
- new PrivilegedGenerateCookieString(getContext(), cookie));
+ new PrivilegedGenerateCookieString(getContext(), cookie,
request.getRequest()));
} else {
- return getContext().getCookieProcessor().generateHeader(cookie);
+ return getContext().getCookieProcessor().generateHeader(cookie,
request.getRequest());
}
}
@@ -1829,15 +1830,17 @@ public class Response implements HttpServletResponse {
private final Context context;
private final Cookie cookie;
+ private final HttpServletRequest request;
- public PrivilegedGenerateCookieString(Context context, Cookie cookie) {
+ public PrivilegedGenerateCookieString(Context context, Cookie cookie,
HttpServletRequest request) {
this.context = context;
this.cookie = cookie;
+ this.request = request;
}
@Override
public String run(){
- return context.getCookieProcessor().generateHeader(cookie);
+ return context.getCookieProcessor().generateHeader(cookie,
request);
}
}
diff --git a/java/org/apache/catalina/core/ApplicationPushBuilder.java
b/java/org/apache/catalina/core/ApplicationPushBuilder.java
index 58858ae..277413e 100644
--- a/java/org/apache/catalina/core/ApplicationPushBuilder.java
+++ b/java/org/apache/catalina/core/ApplicationPushBuilder.java
@@ -439,7 +439,7 @@ public class ApplicationPushBuilder implements PushBuilder {
// However, if passed a Cookie with just a name and value set it
// will generate an appropriate header for the Cookie header on the
// pushed request.
- result.append(cookieProcessor.generateHeader(cookie));
+ result.append(cookieProcessor.generateHeader(cookie, null));
}
return result.toString();
}
diff --git a/java/org/apache/tomcat/util/http/CookieProcessor.java
b/java/org/apache/tomcat/util/http/CookieProcessor.java
index e0efbf1..19d7070 100644
--- a/java/org/apache/tomcat/util/http/CookieProcessor.java
+++ b/java/org/apache/tomcat/util/http/CookieProcessor.java
@@ -19,6 +19,7 @@ package org.apache.tomcat.util.http;
import java.nio.charset.Charset;
import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
public interface CookieProcessor {
@@ -38,10 +39,42 @@ public interface CookieProcessor {
*
* @return The header value in a form that can be added directly to the
* response
+ *
+ * @deprecated This method has been replaced with
+ * {@link #generateHeader(Cookie, HttpServletRequest)} and will
+ * be removed from Tomcat 10 onwards.
*/
+ @Deprecated
String generateHeader(Cookie cookie);
/**
+ * Generate the {@code Set-Cookie} HTTP header value for the given Cookie.
+ * This method receives as parameter the servlet request so that it can
make
+ * decisions based on request properties. One such use-case is decide if
the
+ * SameSite attribute should be added to the cookie based on the User-Agent
+ * or other request header because there are browser versions incompatible
+ * with the SameSite attribute. This is described by <a
+ *
href="https://www.chromium.org/updates/same-site/incompatible-clients";>the
+ * Chromium project</a>.
+ * <p>
+ * The default implementation calls the deprecated
+ * {@link #generateHeader(Cookie)} method. Implementors should not rely on
+ * this default method as it is present only for transitional compatibility
+ * and will be removed in Tomcat 10 at the same time as the
+ * {@link #generateHeader(Cookie)} method.
+ *
+ * @param request The servlet request
+ *
+ * @param cookie The cookie for which the header will be generated
+ *
+ * @return The header value in a form that can be added directly to the
+ * response
+ */
+ default String generateHeader(Cookie cookie, HttpServletRequest request) {
+ return generateHeader(cookie);
+ }
+
+ /**
* Obtain the character set that will be used when converting between bytes
* and characters when parsing and/or generating HTTP headers for cookies.
*
diff --git a/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
b/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
index 4f9ea2f..ca84541 100644
--- a/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
+++ b/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
@@ -23,6 +23,7 @@ import java.util.BitSet;
import java.util.Date;
import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -234,6 +235,13 @@ public final class LegacyCookieProcessor extends
CookieProcessorBase {
@Override
public String generateHeader(Cookie cookie) {
+ return generateHeader(cookie, null);
+ }
+
+
+ @Override
+ public String generateHeader(Cookie cookie, HttpServletRequest request) {
+
/*
* The spec allows some latitude on when to send the version attribute
* with a Set-Cookie header. To be nice to clients, we'll make sure the
diff --git a/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
b/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
index 2021f3d..b0ff82f 100644
--- a/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
+++ b/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
@@ -22,6 +22,8 @@ import java.text.FieldPosition;
import java.util.BitSet;
import java.util.Date;
+import javax.servlet.http.HttpServletRequest;
+
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteChunk;
@@ -99,6 +101,12 @@ public class Rfc6265CookieProcessor extends
CookieProcessorBase {
@Override
public String generateHeader(javax.servlet.http.Cookie cookie) {
+ return generateHeader(cookie, null);
+ }
+
+
+ @Override
+ public String generateHeader(javax.servlet.http.Cookie cookie,
HttpServletRequest request) {
// Can't use StringBuilder due to DateFormat
StringBuffer header = new StringBuffer();
diff --git
a/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
b/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
index c9d4b65..ef0ffc9 100644
--- a/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
+++ b/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
@@ -358,7 +358,7 @@ public class TestCookieProcessorGeneration {
if (expected == null) {
IllegalArgumentException e = null;
try {
- cookieProcessor.generateHeader(cookie);
+ cookieProcessor.generateHeader(cookie, null);
} catch (IllegalArgumentException iae) {
e = iae;
}
@@ -368,9 +368,9 @@ public class TestCookieProcessorGeneration {
cookie.getMaxAge() > 0) {
// Expires attribute will depend on time cookie is generated so
// use a modified test
-
Assert.assertTrue(cookieProcessor.generateHeader(cookie).startsWith(expected));
+ Assert.assertTrue(cookieProcessor.generateHeader(cookie,
null).startsWith(expected));
} else {
- Assert.assertEquals(expected,
cookieProcessor.generateHeader(cookie));
+ Assert.assertEquals(expected,
cookieProcessor.generateHeader(cookie, null));
}
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index eeeecb3..00f5eb8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,12 @@
to the application without decoding it in addition to rejecting such
sequences and decoding such sequences. (markt)
</add>
+ <add>
+ Expose the associated <code>HttpServletRequest</code> to the
+ <code>CookieProcessor</code> when generating a cookie header so the
+ header can be tailored based on the properties of the request, such as
+ the user agent, if required. Based on a patch by Lazar Kirchev. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
