svn commit: r1628324 - in /tomcat/trunk: java/org/apache/tomcat/util/http/CookieSupport.java java/org/apache/tomcat/util/http/LegacyCookieProcessor.java test/org/apache/tomcat/util/http/TestCookieParsing.java webapps/docs/config/cookie-processor.xml

Mon, 29 Sep 2014 14:46:24 -0700 

Author: markt
Date: Mon Sep 29 21:45:10 2014
New Revision: 1628324

URL: http://svn.apache.org/r1628324
Log:
Move cookie header preservation to an option on the legacy cookie processor

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
    tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
    tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java
    tomcat/trunk/webapps/docs/config/cookie-processor.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java?rev=1628324&r1=1628323&r2=1628324&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java Mon Sep 29 
21:45:10 2014
@@ -67,7 +67,10 @@ public final class CookieSupport {
     /**
      * If set to true, the cookie header will be preserved. In most cases
      * except debugging, this is not useful.
+     *
+     * @deprecated  Will be removed in Tomcat 9.
      */
+    @Deprecated
     public static final boolean PRESERVE_COOKIE_HEADER;
 
     /**

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java?rev=1628324&r1=1628323&r2=1628324&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java 
Mon Sep 29 21:45:10 2014
@@ -54,6 +54,10 @@ public final class LegacyCookieProcessor
     @SuppressWarnings("deprecation") // Default to false when deprecated code 
is removed
     private boolean allowHttpSepsInV0 = 
CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0;
 
+    @SuppressWarnings("deprecation") // Default to STRICT_SERVLET_COMPLIANCE
+                                     // when deprecated code is removed
+    private boolean presserveCookieHeader = 
CookieSupport.PRESERVE_COOKIE_HEADER;
+
 
     public boolean getAllowEqualsInValue() {
         return allowEqualsInValue;
@@ -85,6 +89,16 @@ public final class LegacyCookieProcessor
     }
 
 
+    public boolean getPreserveCookieHeader() {
+        return presserveCookieHeader;
+    }
+
+
+    public void setPreserveCookieHeader(boolean presserveCookieHeader) {
+        this.presserveCookieHeader = presserveCookieHeader;
+    }
+
+
     @Override
     public Charset getCharset() {
         return StandardCharsets.ISO_8859_1;
@@ -113,7 +127,7 @@ public final class LegacyCookieProcessor
                     log.debug("Cookies: Parsing b[]: " + 
cookieValue.toString());
                 }
                 ByteChunk bc = cookieValue.getByteChunk();
-                if (CookieSupport.PRESERVE_COOKIE_HEADER) {
+                if (getPreserveCookieHeader()) {
                     int len = bc.getLength();
                     if (len > 0) {
                         byte[] buf = new byte[len];

Modified: tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java?rev=1628324&r1=1628323&r2=1628324&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java 
(original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java Mon 
Sep 29 21:45:10 2014
@@ -44,9 +44,12 @@ public class TestCookieParsing extends T
     private static final String COOKIES_WITH_NAME_ONLY_CONCAT = "bob=bob=";
 
     private static final String[] COOKIES_WITH_SEPS = new String[] {
-        "name=val(ue" };
+            "name=val(ue" };
     private static final String COOKIES_WITH_SEPS_TRUNC = "name=val";
 
+    private static final String[] COOKIES_WITH_QUOTES = new String[] {
+            "name=\"val\\\"ue\"" };
+    private static final String COOKIES_WITH_QUOTES_TRUNC = 
"name=\"val\"uee\"";
 
     @Test
     public void testLegacyWithEquals() throws Exception {
@@ -163,6 +166,43 @@ public class TestCookieParsing extends T
     }
 
 
+    @Test
+    public void testLegacyPreserveHeader() throws Exception {
+        doTestLegacyPreserveHeader(true);
+    }
+
+
+    @Test
+    public void testLegacyNoPreserveHeader() throws Exception {
+        doTestLegacyPreserveHeader(false);
+    }
+
+
+    private void doTestLegacyPreserveHeader(boolean preserveHeader) throws 
Exception {
+        LegacyCookieProcessor legacyCookieProcessor = new 
LegacyCookieProcessor();
+        legacyCookieProcessor.setPreserveCookieHeader(preserveHeader);
+
+        String expected;
+        if (preserveHeader) {
+            expected = concat(COOKIES_WITH_QUOTES);
+        } else {
+            expected = COOKIES_WITH_QUOTES_TRUNC;
+        }
+        TestCookieParsingClient client = new TestCookieParsingClient(
+                legacyCookieProcessor, true, COOKIES_WITH_QUOTES, expected);
+        client.doRequest();
+    }
+
+
+    @Test
+    public void testRfc6265PreserveHeader() throws Exception {
+        // Always allows equals
+        TestCookieParsingClient client = new TestCookieParsingClient(new 
Rfc6265CookieProcessor(),
+                true, COOKIES_WITH_QUOTES, concat(COOKIES_WITH_QUOTES));
+        client.doRequest();
+    }
+
+
     private static String concat(String[] input) {
         StringBuilder result = new StringBuilder();
         for (String s : input) {
@@ -177,11 +217,18 @@ public class TestCookieParsing extends T
         private final CookieProcessor cookieProcessor;
         private final String[] cookies;
         private final String expected;
+        private final boolean echoHeader;
 
 
         public TestCookieParsingClient(CookieProcessor cookieProcessor,
                 String[] cookies, String expected) {
+            this(cookieProcessor, false, cookies, expected);
+        }
+
+        public TestCookieParsingClient(CookieProcessor cookieProcessor,
+                boolean echoHeader, String[] cookies, String expected) {
             this.cookieProcessor = cookieProcessor;
+            this.echoHeader = echoHeader;
             this.cookies = cookies;
             this.expected = expected;
         }
@@ -192,8 +239,12 @@ public class TestCookieParsing extends T
             Context root = tomcat.addContext("", TEMP_DIR);
             root.setCookieProcessor(cookieProcessor);
 
-            Tomcat.addServlet(root, "Simple", new SimpleServlet());
-            root.addServletMapping("/test", "Simple");
+            if (echoHeader) {
+                Tomcat.addServlet(root, "Cookies", new EchoCookieHeader());
+            } else {
+                Tomcat.addServlet(root, "Cookies", new EchoCookies());
+            }
+            root.addServletMapping("/test", "Cookies");
 
             tomcat.start();
             // Open connection
@@ -229,7 +280,7 @@ public class TestCookieParsing extends T
     }
 
 
-    private static class SimpleServlet extends HttpServlet {
+    private static class EchoCookies extends HttpServlet {
 
         private static final long serialVersionUID = 1L;
 
@@ -246,4 +297,21 @@ public class TestCookieParsing extends T
             resp.flushBuffer();
         }
     }
+
+
+
+
+    private static class EchoCookieHeader extends HttpServlet {
+
+        private static final long serialVersionUID = 1L;
+
+        @Override
+        protected void service(HttpServletRequest req, HttpServletResponse 
resp)
+        throws ServletException, IOException {
+            req.getCookies();
+            resp.getWriter().write(req.getHeader("Cookie"));
+            resp.flushBuffer();
+        }
+    }
+
 }

Modified: tomcat/trunk/webapps/docs/config/cookie-processor.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/cookie-processor.xml?rev=1628324&r1=1628323&r2=1628324&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/cookie-processor.xml (original)
+++ tomcat/trunk/webapps/docs/config/cookie-processor.xml Mon Sep 29 21:45:10 
2014
@@ -147,6 +147,18 @@
         <a href="systemprops.html">system property</a>.</p>
       </attribute>
 
+      <attribute name="preserveCookieHeader" required="false">
+        <p>If this is <code>true</code> Tomcat will ensure that cookie
+        processing does not modify cookie header returned by
+        <code>HttpServletRequest.getHeader()</code>. If
+        <code>org.apache.catalina.STRICT_SERVLET_COMPLIANCE</code> is set to
+        <code>true</code>, the default of this setting will be
+        <code>true</code>, else the default value will be <code>false</code>.
+        This default may be overridden by setting the
+        
<code>org.apache.tomcat.util.http.ServerCookie.PRESERVE_COOKIE_HEADER</code>
+        system property.</p>
+      </attribute>
+
     </attributes>
 
   </subsection>
@@ -169,6 +181,7 @@
     <ul>
       <li>The '<code>=</code>' is always permitted in a cookie value.</li>
       <li>Name only cookies are always permitted.</li>
+      <li>The cookie header is always preserved.</li>
     </ul>
 
     <p>No additional attributes are supported by the <strong>RFC 6265 Cookie



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to