svn commit: r902970 - /portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/RewritableHttpReverseProxyServiceImpl.java

[woonsan]

Author: woonsan
Date: Mon Jan 25 20:53:32 2010
New Revision: 902970

URL: http://svn.apache.org/viewvc?rev=902970&view=rev
Log:
APA-30: Written cookie's secured property should comply with the secure mode of 
the current request channel. Also, keeps the version.

Modified:
    
portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/RewritableHttpReverseProxyServiceImpl.java

Modified: 
portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/RewritableHttpReverseProxyServiceImpl.java
URL: 
http://svn.apache.org/viewvc/portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/RewritableHttpReverseProxyServiceImpl.java?rev=902970&r1=902969&r2=902970&view=diff
==============================================================================
--- 
portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/RewritableHttpReverseProxyServiceImpl.java
 (original)
+++ 
portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/RewritableHttpReverseProxyServiceImpl.java
 Mon Jan 25 20:53:32 2010
@@ -467,7 +467,7 @@
                 
                 if (!responseSetCookies.isEmpty())
                 {
-                    addResponseCookies(response, responseSetCookies, 
proxyPathMapper, rewriterContextPath);
+                    addResponseCookies(request, response, responseSetCookies, 
proxyPathMapper, rewriterContextPath);
                 }
                 
                 response.sendRedirect(redirectLocation);
@@ -487,7 +487,7 @@
                 
                 if (!responseSetCookies.isEmpty())
                 {
-                    addResponseCookies(response, responseSetCookies, 
proxyPathMapper, rewriterContextPath);
+                    addResponseCookies(request, response, responseSetCookies, 
proxyPathMapper, rewriterContextPath);
                 }
                 
                 return;
@@ -543,7 +543,7 @@
                     
                     if (!responseSetCookies.isEmpty())
                     {
-                        addResponseCookies(response, responseSetCookies, 
proxyPathMapper, rewriterContextPath);
+                        addResponseCookies(request, response, 
responseSetCookies, proxyPathMapper, rewriterContextPath);
                     }
                     
                     // Send the content to the client
@@ -592,8 +592,9 @@
         }
     }
     
-    private void addResponseCookies(HttpServletResponse response, 
List<org.apache.http.cookie.Cookie> responseSetCookies, 
HttpReverseProxyPathMapper proxyPathMapper, String rewriterContextPath)
+    private void addResponseCookies(HttpServletRequest request, 
HttpServletResponse response, List<org.apache.http.cookie.Cookie> 
responseSetCookies, HttpReverseProxyPathMapper proxyPathMapper, String 
rewriterContextPath)
     {
+        boolean isSecureRequest = request.isSecure();
         Set<String> includes = proxyPathMapper.getRewriteCookiePathIncludes();
         Set<String> excludes = proxyPathMapper.getRewriteCookiePathExcludes();
         boolean includesEmpty = (includes == null || includes.isEmpty());
@@ -606,6 +607,7 @@
         {
             String cookieName = cookie.getName();
             Cookie responseCookie = new Cookie(cookieName, cookie.getValue());
+            responseCookie.setVersion(cookie.getVersion());
             responseCookie.setComment(cookie.getComment());
             Date expireDate = cookie.getExpiryDate();
             
@@ -615,7 +617,7 @@
                 responseCookie.setMaxAge(maxAgeSeconds);
             }
             
-            responseCookie.setSecure(cookie.isSecure());
+            responseCookie.setSecure(isSecureRequest && cookie.isSecure());
             responseCookie.setVersion(cookie.getVersion());
             
             if ((allEmpty) || (!includesEmpty && 
includes.contains(cookieName)) || (!excludesEmpty && 
!excludes.contains(cookieName)))