Author: markt
Date: Sat Oct 31 12:59:51 2009
New Revision: 831536
URL: http://svn.apache.org/viewvc?rev=831536&view=rev
Log:
Add an explicit configuration option for cookie version switching and update
test cases and docs to include it.
Added:
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesSwitchSysProps.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java
tomcat/trunk/test/org/apache/tomcat/util/http/CookiesBaseTest.java
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesDefaultSysProps.java
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesStrictSysProps.java
tomcat/trunk/webapps/docs/config/systemprops.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java?rev=831536&r1=831535&r2=831536&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java Sat Oct 31
12:59:51 2009
@@ -75,6 +75,14 @@
public static final boolean STRICT_SERVLET_COMPLIANCE;
/**
+ * If set to false, we don't auto switch invalid v0 cookies to v1 and add
+ * quotes to make them valid.
+ * Default is usually true. If STRICT_SERVLET_COMPLIANCE==true then default
+ * is false. Explicitly setting always takes priority.
+ */
+ public static final boolean ALLOW_VERSION_SWITCH;
+
+ /**
* If set to false, we don't use the IE6/7 Max-Age/Expires work around.
* Default is usually true. If STRICT_SERVLET_COMPLIANCE==true then default
* is false. Explicitly setting always takes priority.
@@ -97,6 +105,15 @@
"false")).booleanValue();
+ String allowVersionSwitch = System.getProperty(
+
"org.apache.tomcat.util.http.ServerCookie.ALLOW_VERSION_SWITCH");
+ if (allowVersionSwitch == null) {
+ ALLOW_VERSION_SWITCH = !STRICT_SERVLET_COMPLIANCE;
+ } else {
+ ALLOW_VERSION_SWITCH =
+ Boolean.valueOf(allowVersionSwitch).booleanValue();
+ }
+
String alwaysAddExpires = System.getProperty(
"org.apache.tomcat.util.http.ServerCookie.ALWAYS_ADD_EXPIRES");
if (alwaysAddExpires == null) {
@@ -400,7 +417,7 @@
buf.append('"');
buf.append(escapeDoubleQuotes(value,1,value.length()-1));
buf.append('"');
- } else if (allowVersionSwitch && (!STRICT_SERVLET_COMPLIANCE) &&
version==0 && !isToken2(value, literals)) {
+ } else if (allowVersionSwitch && ALLOW_VERSION_SWITCH && version==0 &&
!isToken2(value, literals)) {
buf.append('"');
buf.append(escapeDoubleQuotes(value,0,value.length()));
buf.append('"');
Modified: tomcat/trunk/test/org/apache/tomcat/util/http/CookiesBaseTest.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/CookiesBaseTest.java?rev=831536&r1=831535&r2=831536&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/CookiesBaseTest.java
(original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/CookiesBaseTest.java Sat Oct
31 12:59:51 2009
@@ -39,20 +39,22 @@
/**
* Servlet for cookie naming test.
*/
- public static class CookieName extends HttpServlet {
+ public static class CookieServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
private final String cookieName;
-
- public CookieName(String cookieName) {
+ private final String cookieValue;
+
+ public CookieServlet(String cookieName, String cookieValue) {
this.cookieName = cookieName;
+ this.cookieValue = cookieValue;
}
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws IOException {
try {
- Cookie cookie = new Cookie(cookieName,"Value");
+ Cookie cookie = new Cookie(cookieName, cookieValue);
res.addCookie(cookie);
res.getWriter().write("Cookie name ok");
} catch (IllegalArgumentException iae) {
@@ -68,14 +70,18 @@
StandardContext ctx =
tomcat.addContext("/", System.getProperty("java.io.tmpdir"));
- Tomcat.addServlet(ctx, "invalid", new CookieName("na;me"));
+ Tomcat.addServlet(ctx, "invalid", new CookieServlet("na;me", "value"));
ctx.addServletMapping("/invalid", "invalid");
- Tomcat.addServlet(ctx, "invalidFwd", new CookieName("na/me"));
+ Tomcat.addServlet(ctx, "invalidFwd",
+ new CookieServlet("na/me", "value"));
ctx.addServletMapping("/invalidFwd", "invalidFwd");
- Tomcat.addServlet(ctx, "invalidStrict", new CookieName("na?me"));
+ Tomcat.addServlet(ctx, "invalidStrict",
+ new CookieServlet("na?me", "value"));
ctx.addServletMapping("/invalidStrict", "invalidStrict");
- Tomcat.addServlet(ctx, "valid", new CookieName("name"));
+ Tomcat.addServlet(ctx, "valid", new CookieServlet("name", "value"));
ctx.addServletMapping("/valid", "valid");
+ Tomcat.addServlet(ctx, "switch", new CookieServlet("name", "val?ue"));
+ ctx.addServletMapping("/switch", "switch");
}
Modified:
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesDefaultSysProps.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesDefaultSysProps.java?rev=831536&r1=831535&r2=831536&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesDefaultSysProps.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesDefaultSysProps.java
Sat Oct 31 12:59:51 2009
@@ -17,6 +17,10 @@
package org.apache.tomcat.util.http;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
import org.apache.catalina.startup.Tomcat;
import org.apache.tomcat.util.buf.ByteChunk;
@@ -46,6 +50,16 @@
res = getUrl("http://localhost:"; + getPort() + "/valid");
assertEquals("Cookie name ok", res.toString());
+ // Need to read response headers to test version switching
+ Map<String,List<String>> headers = new HashMap<String,List<String>>();
+ getUrl("http://localhost:"; + getPort() + "/switch", res, headers);
+ List<String> cookieHeaders = headers.get("Set-Cookie");
+ for (String cookieHeader : cookieHeaders) {
+ if (cookieHeader.contains("name=")) {
+ assertTrue(cookieHeader.contains("name=\"val?ue\";"));
+ }
+ }
+
}
}
Modified:
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesStrictSysProps.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesStrictSysProps.java?rev=831536&r1=831535&r2=831536&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesStrictSysProps.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesStrictSysProps.java
Sat Oct 31 12:59:51 2009
@@ -17,6 +17,10 @@
package org.apache.tomcat.util.http;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
import org.apache.catalina.startup.Tomcat;
import org.apache.tomcat.util.buf.ByteChunk;
@@ -49,6 +53,16 @@
res = getUrl("http://localhost:"; + getPort() + "/valid");
assertEquals("Cookie name ok", res.toString());
+ // Need to read response headers to test version switching
+ Map<String,List<String>> headers = new HashMap<String,List<String>>();
+ getUrl("http://localhost:"; + getPort() + "/switch", res, headers);
+ List<String> cookieHeaders = headers.get("Set-Cookie");
+ for (String cookieHeader : cookieHeaders) {
+ if (cookieHeader.contains("name=")) {
+ assertTrue(cookieHeader.contains("name=val?ue"));
+ }
+ }
+
}
}
Added:
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesSwitchSysProps.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesSwitchSysProps.java?rev=831536&view=auto
==============================================================================
---
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesSwitchSysProps.java
(added)
+++
tomcat/trunk/test/org/apache/tomcat/util/http/TestCookiesSwitchSysProps.java
Sat Oct 31 12:59:51 2009
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.tomcat.util.http;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.catalina.startup.Tomcat;
+import org.apache.tomcat.util.buf.ByteChunk;
+
+/**
+ * Test case for {...@link Cookies}. <b>Note</b> because of the use of
<code>final
+ * static</code> constants in {...@link Cookies}, each of these tests must be
+ * executed in a new JVM instance. The tests have been place in separate
classes
+ * to facilitate this when running the unit tests via Ant.
+ */
+public class TestCookiesSwitchSysProps extends CookiesBaseTest {
+
+ @Override
+ public void testCookiesInstance() throws Exception {
+
+ System.setProperty("org.apache.catalina.STRICT_SERVLET_COMPLIANCE",
+ "true");
+ System.setProperty(
+
"org.apache.tomcat.util.http.ServerCookie.ALLOW_VERSION_SWITCH",
+ "true");
+
+ Tomcat tomcat = getTomcatInstance();
+
+ addServlets(tomcat);
+
+ tomcat.start();
+
+ ByteChunk res = getUrl("http://localhost:"; + getPort() + "/invalid");
+ assertEquals("Cookie name fail", res.toString());
+ res = getUrl("http://localhost:"; + getPort() + "/invalidFwd");
+ assertEquals("Cookie name fail", res.toString());
+ res = getUrl("http://localhost:"; + getPort() + "/invalidStrict");
+ assertEquals("Cookie name fail", res.toString());
+ res = getUrl("http://localhost:"; + getPort() + "/valid");
+ assertEquals("Cookie name ok", res.toString());
+
+ // Need to read response headers to test version switching
+ Map<String,List<String>> headers = new HashMap<String,List<String>>();
+ getUrl("http://localhost:"; + getPort() + "/switch", res, headers);
+ List<String> cookieHeaders = headers.get("Set-Cookie");
+ for (String cookieHeader : cookieHeaders) {
+ if (cookieHeader.contains("name=")) {
+ assertTrue(cookieHeader.contains("name=\"val?ue\""));
+ }
+ }
+
+ }
+
+}
Modified: tomcat/trunk/webapps/docs/config/systemprops.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/systemprops.xml?rev=831536&r1=831535&r2=831536&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/systemprops.xml (original)
+++ tomcat/trunk/webapps/docs/config/systemprops.xml Sat Oct 31 12:59:51 2009
@@ -272,6 +272,16 @@
</property>
<property
+ name="org.apache.tomcat.util.http. ServerCookie.ALLOW_VERSION_SWITCH">
+ <p>If this is <code>true</code> Tomcat will convert a v0 cookie that
+ contains invalid characters (i.e. separators) to a v1 cookie and add
+ quotes as required. If not specified, the default value will be used. If
+ <code>org.apache.catalina.STRICT_SERVLET_COMPLIANCE</code> is set to
+ <code>true</code>, the default of this setting will be
<code>false</code>,
+ else the default value will be <code>true</code>.</p>
+ </property>
+
+ <property
name="org.apache.tomcat.util.http. ServerCookie.ALWAYS_ADD_EXPIRES">
<p>If this is <code>true</code> Tomcat will always add an expires
parameter to a SetCookie header even for cookies with version greater
than
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
