From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Sat, 10 Jan 2009 13:37:33 +0000 (+0000)
Subject: Implement SessionCookieConfig
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=722fe182a9edc5bf1948de17493199292ace6590;p=tomcat7.0

Implement SessionCookieConfig

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@733271 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/java/javax/servlet/SessionCookieConfig.java b/java/javax/servlet/SessionCookieConfig.java
index 0b06deb44..2347f020f 100644
--- a/java/javax/servlet/SessionCookieConfig.java
+++ b/java/javax/servlet/SessionCookieConfig.java
@@ -20,7 +20,6 @@ package javax.servlet;
  * 
  * @since 3.0
  * $Id$
- * TODO SERVLET3
  */
 public class SessionCookieConfig {
     private String domain;
@@ -29,6 +28,25 @@ public class SessionCookieConfig {
     private boolean httpOnly;
     private boolean secure;
 
+    /**
+     * 
+     * @param domain      Domain to use for session cookies generated for a
+     *                    {@link ServletContext} in which this
+     *                    {@link SessionCookieConfig} has been set
+     * @param path        Path to use for session cookies generated for a
+     *                    {@link ServletContext} in which this
+     *                    {@link SessionCookieConfig} has been set. If null
+     *                    {@link ServletContext#getContextPath()} is used
+     * @param comment     Comment to use for session cookies generated for a
+     *                    {@link ServletContext} in which this
+     *                    {@link SessionCookieConfig} has been set
+     * @param isHttpOnly  HttpOnly flag to use for session cookies generated for
+     *                    a {@link ServletContext} in which this
+     *                    {@link SessionCookieConfig} has been set
+     * @param isSecure    If <code>true</code>, the cookie will always be marked
+     *                    as secure. If <code>false</code> the cookie will only
+     *                    be marked as secure if the request is secure.
+     */
     public SessionCookieConfig(String domain, String path, String comment,
             boolean isHttpOnly, boolean isSecure) {
         this.domain = domain;
diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java
index cf63f0c65..b92bb074b 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -45,6 +45,7 @@ import javax.servlet.ServletRequest;
 import javax.servlet.ServletRequestAttributeEvent;
 import javax.servlet.ServletRequestAttributeListener;
 import javax.servlet.ServletResponse;
+import javax.servlet.SessionCookieConfig;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
@@ -2381,7 +2382,7 @@ public class Request
             Cookie cookie = new Cookie(Globals.SESSION_COOKIE_NAME,
                                        session.getIdInternal());
             configureSessionCookie(cookie);
-            response.addCookieInternal(cookie, manager.getUseHttpOnly());
+            response.addCookieInternal(cookie);
         }
 
         if (session != null) {
@@ -2399,19 +2400,42 @@ public class Request
      * @param cookie The JSESSIONID cookie to be configured
      */
     protected void configureSessionCookie(Cookie cookie) {
+        SessionCookieConfig scc =
+            context.getServletContext().getSessionCookieConfig();
+
         cookie.setMaxAge(-1);
-        String contextPath = null;
-        if (!connector.getEmptySessionPath() && (getContext() != null)) {
-            contextPath = getContext().getEncodedPath();
+
+        if (scc != null) {
+            cookie.setComment(scc.getComment());
         }
-        if ((contextPath != null) && (contextPath.length() > 0)) {
-            cookie.setPath(contextPath);
-        } else {
-            cookie.setPath("/");
+
+        if (scc != null) {
+            cookie.setDomain(scc.getDomain());
         }
-        if (isSecure()) {
+
+        if ((scc != null && scc.isSecure()) || isSecure()) {
             cookie.setSecure(true);
         }
+
+        if ((scc != null && scc.isHttpOnly()) ||
+                context.getManager().getUseHttpOnly()) {
+            cookie.setHttpOnly(true);
+        }
+        
+        if (!connector.getEmptySessionPath() &&
+                scc != null && scc.getPath() != null) {
+            cookie.setPath(scc.getPath());
+        } else {
+            String contextPath = null;
+            if (!connector.getEmptySessionPath() && (getContext() != null)) {
+                contextPath = getContext().getEncodedPath();
+            }
+            if ((contextPath != null) && (contextPath.length() > 0)) {
+                cookie.setPath(contextPath);
+            } else {
+                cookie.setPath("/");
+            }
+        }
     }
     
     protected String unescape(String s) {
diff --git a/java/org/apache/catalina/connector/Response.java b/java/org/apache/catalina/connector/Response.java
index 8eccf7a36..4b0e55c5d 100644
--- a/java/org/apache/catalina/connector/Response.java
+++ b/java/org/apache/catalina/connector/Response.java
@@ -974,20 +974,9 @@ public class Response
      * Add the specified Cookie to those that will be included with
      * this Response.
      *
-     * @param cookie Cookie to be added
-     */
-    public void addCookieInternal(final Cookie cookie) {
-        addCookieInternal(cookie, false);
-    }
-
-    /**
-     * Add the specified Cookie to those that will be included with
-     * this Response.
-     *
      * @param cookie    Cookie to be added
-     * @param httpOnly  Should the httpOnly falg be set on this cookie
      */
-    public void addCookieInternal(final Cookie cookie, final boolean httpOnly) {
+    public void addCookieInternal(final Cookie cookie) {
 
         if (isCommitted())
             return;
@@ -1003,7 +992,7 @@ public class Response
                          cookie.getValue(), cookie.getPath(), 
                          cookie.getDomain(), cookie.getComment(), 
                          cookie.getMaxAge(), cookie.getSecure(),
-                         httpOnly);
+                         cookie.isHttpOnly());
                     return null;
                 }
             });
@@ -1011,7 +1000,8 @@ public class Response
             ServerCookie.appendCookieValue
                 (sb, cookie.getVersion(), cookie.getName(), cookie.getValue(),
                      cookie.getPath(), cookie.getDomain(), cookie.getComment(), 
-                     cookie.getMaxAge(), cookie.getSecure(), httpOnly);
+                     cookie.getMaxAge(), cookie.getSecure(),
+                     cookie.isHttpOnly());
         }
         //if we reached here, no exception, cookie is valid
         // the header name is Set-Cookie for both "old" and v.1 ( RFC2109 )
diff --git a/java/org/apache/catalina/core/ApplicationContext.java b/java/org/apache/catalina/core/ApplicationContext.java
index fdb42bf54..e2cd2e120 100644
--- a/java/org/apache/catalina/core/ApplicationContext.java
+++ b/java/org/apache/catalina/core/ApplicationContext.java
@@ -150,6 +150,11 @@ public class ApplicationContext
         new ThreadLocal<DispatchData>();
 
 
+    /**
+     * Session Cookie config
+     */
+    private SessionCookieConfig sessionCookieConfig;
+
     // --------------------------------------------------------- Public Methods
 
 
@@ -848,13 +853,12 @@ public class ApplicationContext
 
 
     public SessionCookieConfig getSessionCookieConfig() {
-        // TODO SERVLET3
-        return null;
+        return sessionCookieConfig;
     }
 
 
     public void setSessionCookieConfig(SessionCookieConfig sessionCookieConfig) {
-        // TODO SERVLET3
+        this.sessionCookieConfig = sessionCookieConfig;
     }