rwaldhoff 01/08/14 11:00:37
Modified: httpclient/src/java/org/apache/commons/httpclient Tag:
rlwrefactoring Cookie.java
Log:
don't send secure cookies over insecure connections
misc cleanup and javadoc
Revision Changes Path
No revision
No revision
1.4.2.1 +91 -32
jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Cookie.java
Index: Cookie.java
===================================================================
RCS file:
/home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Cookie.java,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -r1.4 -r1.4.2.1
--- Cookie.java 2001/06/29 01:41:06 1.4
+++ Cookie.java 2001/08/14 18:00:37 1.4.2.1
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Cookie.java,v
1.4 2001/06/29 01:41:06 rwaldhoff Exp $
- * $Revision: 1.4 $
- * $Date: 2001/06/29 01:41:06 $
+ * $Header:
/home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Cookie.java,v
1.4.2.1 2001/08/14 18:00:37 rwaldhoff Exp $
+ * $Revision: 1.4.2.1 $
+ * $Date: 2001/08/14 18:00:37 $
*
* ====================================================================
*
@@ -73,9 +73,8 @@
import java.text.ParseException;
/**
- * This class represents an http cookie as specified in RFC 2109.
+ * An HTTP "magic-cookie", as specified in RFC 2109.
*
- *
* @author B.C. Holmes
* @author <a href="mailto:[EMAIL PROTECTED]";>Park, Sung-Gu</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Doug Sale</a>
@@ -101,21 +100,52 @@
* @param name the cookie name
* @param value the cookie value
* @param domain the host this cookie will be sent to
- * @param path the path prefix for which this cookie will be sent
- * @param maxAge the Date this cookie expires, null if the cookie
- * expires at the end of the session
- * @param secure if true this cookie will only be over secure connections
* @exception NullPointerException if <var>name</var>, <var>value</var> or
* <var>domain</var> is null
* @since V0.3-1
*/
public Cookie(String domain, String name, String value) {
+ this(domain,name,value,null,null,false);
+ }
+
+ /**
+ * Create a cookie.
+ *
+ * @param name the cookie name
+ * @param value the cookie value
+ * @param domain the host this cookie will be sent to
+ * @param path the path prefix for which this cookie will be sent
+ * @param expires the {@link Date} at which this cookie expires,
+ * or <tt>null</tt> if the cookie expires at the end
+ * of the session
+ * @param secure if true this cookie will only be sent over secure connections
+ * @exception NullPointerException if <var>name</var>, <var>value</var> or
+ * <var>domain</var> is <tt>null</tt>
+ */
+ public Cookie(String domain, String name, String value, String path, Date
expires, boolean secure) {
super(name, value);
if (name == null) throw new NullPointerException("missing name");
if (value == null) throw new NullPointerException("missing value");
if (domain == null) throw new NullPointerException("missing domain");
-
this.setDomain(domain);
+ this.setExpiryDate(expires);
+ this.setSecure(secure);
+ }
+
+ /**
+ * Create a cookie.
+ *
+ * @param name the cookie name
+ * @param value the cookie value
+ * @param domain the host this cookie will be sent to
+ * @param path the path prefix for which this cookie will be sent
+ * @param maxAge the number of seconds after which this cookie expires
+ * @param secure if true this cookie will only be sent over secure connections
+ * @exception NullPointerException if <var>name</var>, <var>value</var> or
+ * <var>domain</var> is <tt>null</tt>
+ */
+ public Cookie(String domain, String name, String value, String path, int
maxAge, boolean secure) {
+ this(domain,name,value,path,new Date(System.currentTimeMillis() +
maxAge*1000L),secure);
}
/**
@@ -139,7 +169,8 @@
}
/**
- * @return the expiry date of this cookie, or null if none set.
+ * Returns my expiration {@link Date}, or <tt>null</tt>.
+ * @return my expiration {@link Date}, or <tt>null</tt>.
*/
public Date getExpiryDate() {
return m_expiryDate;
@@ -150,9 +181,9 @@
*
* <p>Netscape's original proposal defined an Expires header that took
* a date value in a fixed-length variant format in place of Max-Age:
- *
- * Wdy, DD-Mon-YY HH:MM:SS GMT
- *
+ * <br>
+ * <tt>Wdy, DD-Mon-YY HH:MM:SS GMT</tt>
+ * <br>
* Note that the Expires date format contains embedded spaces, and that
* "old" cookies did not have quotes around values. Clients that
* implement to this specification should be aware of "old" cookies and
@@ -166,8 +197,11 @@
/**
- * @return true if the cookie should be discarded at the end of the
- * session; false otherwise
+ * Returns <tt>true</tt> if I should be discarded at the end
+ * of the "session"; false otherwise.
+ *
+ * @return true if I should be discarded at the end of the
+ * "session"; false otherwise
*/
public boolean isToBeDiscarded() {
return (m_expiryDate != null);
@@ -184,7 +218,7 @@
}
/**
- * This cookie should be presented only to hosts satisfying this domain
+ * I should be presented only to hosts satisfying this domain
* name pattern. Read RFC 2109 for specific details of the syntax.
* Briefly, a domain name name begins with a dot (".foo.com") and means
* that hosts in that DNS zone ("www.foo.com", but not "a.b.foo.com")
@@ -210,7 +244,7 @@
}
/**
- * This cookie should be presented only with requests beginning with this URL.
+ * I should be presented only with requests beginning with this URL.
* Read RFC 2109 for a specification of the default behaviour. Basically, URLs
* in the same "directory" as the one which set the cookie, and in
subdirectories,
* can all see the cookie unless a different path is set.
@@ -237,18 +271,25 @@
public void setSecure (boolean secure) {
m_secure = secure;
}
-
+ /**
+ * Return the version of the HTTP cookie specification I use.
+ */
public int getVersion() {
return m_version;
}
+ /**
+ * Return the version of the HTTP cookie specification I use.
+ * (See RFC 2109 for details.)
+ */
public void setVersion(int version) {
m_version = version;
}
/**
- * @return true if this cookie has expired
+ * Return <tt>true</tt> if I have expired
+ * @return <tt>true</tt> if I have expired
*/
public boolean isExpired() {
return (m_expiryDate != null &&
@@ -265,7 +306,7 @@
/**
- * Two cookies match if the name, path and domain match.
+ * Two cookies are equal if the name, path and domain match.
*/
public boolean equals(Object obj) {
if ((obj != null) && (obj instanceof Cookie)) {
@@ -279,6 +320,7 @@
/**
+ * Return a string suitable for sending in a Cookie header.
* @return a string suitable for sending in a Cookie header.
*/
public String toExternalForm() {
@@ -287,13 +329,32 @@
string += "; $Path=" + m_path;
}
string += "; $Domain=" + m_domain;
-
+ /*
+ if (m_secure) {
+ string += "; secure";
+ }
+ */
return string;
}
- public static Header createCookieHeader(String domain,
- String path, Vector cookies) {
+ /**
+ * Create a <tt>Cookie</tt> header containing
+ * all non-expired cookies in <i>cookies</i>,
+ * associated with the given <i>domain</i> and
+ * <i>path</i>, assuming the connection is not
+ * secure.
+ */
+ public static Header createCookieHeader(String domain, String path, Vector
cookies) {
+ return Cookie.createCookieHeader(domain,path,false,cookies);
+ }
+ /**
+ * Create a <tt>Cookie</tt> header containing
+ * all non-expired cookies in <i>cookies</i>,
+ * associated with the given <i>domain</i>, <i>path</i> and
+ * <i>https</i> setting.
+ */
+ public static Header createCookieHeader(String domain, String path, boolean
secure, Vector cookies) {
// This code was allowing port values in the domain. This is not part
// of RFC2109.
//
@@ -324,10 +385,12 @@
Date now = new Date();
for (Enumeration e = cookies.elements(); e.hasMoreElements(); ) {
Cookie cookie = (Cookie) e.nextElement();
- if ((cookie.getExpiryDate() == null ||
cookie.getExpiryDate().after(now)) && // only add the cookie if it hasn't yet expired
+ if (
+ (cookie.getExpiryDate() == null ||
cookie.getExpiryDate().after(now)) && // only add the cookie if it hasn't yet expired
domain.endsWith(cookie.getDomain()) &&
// and the domain pattern matches
- ((cookie.getPath() == null) ||
// and the path is null or matching
- (path.startsWith(cookie.getPath())))) {
+ ((cookie.getPath() == null) || (path.startsWith(cookie.getPath())))
&& // and the path is null or matching
+ (cookie.getSecure() ? secure : true)
// and if the secure flag is set, only if the request is actually secure
+ ) {
value.append(";");
value.append(cookie.toExternalForm());
}
@@ -336,11 +399,7 @@
}
public String toString() {
- String string = toExternalForm();
- if (m_secure) {
- string += "; secure";
- }
- return string;
+ return toExternalForm();
}
/**
