antville/helma
antville/helma
1
1
Fork 0
Code Issues 5 Pull requests 5 Projects Releases 5 Activity Actions

res.setCookie() now accepts boolean httponly and secure flags

Browse source 
httponly defaults to true, secure to false
This commit is contained in:
Robert Gaggl 2017-03-27 15:50:01 +02:00
parent 75f0245817
commit 81f5e3cd8e
3 changed files with 77 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
src/helma/framework/CookieTrans.java
View file

@ -24,11 +24,13 @@ import javax.servlet.http.Cookie;
* of an HTTP cookie. * of an HTTP cookie.
*/ */
public final class CookieTrans implements Serializable { public final class CookieTrans implements Serializable {
String name; private String name;
String value; private String value;
String path; private String path;
String domain; private String domain;
int days = -1; private boolean isHttpOnly = true;
private boolean isSecure = false;
private int days = -1;
CookieTrans(String name, String value) { CookieTrans(String name, String value) {
this.name = name; this.name = name;
@ -51,9 +53,15 @@ public final class CookieTrans implements Serializable {
this.domain = domain; this.domain = domain;
} }
void setHttpOnly(boolean isHttpOnly) {
this.isHttpOnly = isHttpOnly;
}
void setSecure(boolean isSecure) {
this.isSecure = isSecure;
}
/** /**
*
*
* @return ... * @return ...
*/ */
public String getName() { public String getName() {
@ -61,8 +69,6 @@ public final class CookieTrans implements Serializable {
} }
/** /**
*
*
* @return ... * @return ...
*/ */
public String getValue() { public String getValue() {
@ -70,8 +76,6 @@ public final class CookieTrans implements Serializable {
} }
/** /**
*
*
* @return ... * @return ...
*/ */
public int getDays() { public int getDays() {
@ -79,8 +83,6 @@ public final class CookieTrans implements Serializable {
} }
/** /**
*
*
* @return ... * @return ...
*/ */
public String getPath() { public String getPath() {
@ -88,14 +90,26 @@ public final class CookieTrans implements Serializable {
} }
/** /**
*
*
* @return ... * @return ...
*/ */
public String getDomain() { public String getDomain() {
return domain; return domain;
} }
/**
* @return ...
*/
public boolean getHttpOnly() {
return isHttpOnly;
}
/**
* @return ...
*/
public boolean getSecure() {
return isSecure;
}
/** /**
* *
* *
@ -126,6 +140,8 @@ public final class CookieTrans implements Serializable {
} else if (defaultDomain != null) { } else if (defaultDomain != null) {
c.setDomain(defaultDomain); c.setDomain(defaultDomain);
} }
c.setHttpOnly(isHttpOnly);
c.setSecure(isSecure);
return c; return c;
} }

47
src/helma/framework/ResponseBean.java
View file

@ -141,7 +141,7 @@ public class ResponseBean implements Serializable {
* @param value the cookie value * @param value the cookie value
*/ */
public void setCookie(String key, String value) { public void setCookie(String key, String value) {
res.setCookie(key, value, -1, null, null); res.setCookie(key, value, -1, null, null, true, false);
} }
/** /**
@ -154,7 +154,7 @@ public class ResponseBean implements Serializable {
* @param days number of days the cookie should be stored * @param days number of days the cookie should be stored
*/ */
public void setCookie(String key, String value, int days) { public void setCookie(String key, String value, int days) {
res.setCookie(key, value, days, null, null); res.setCookie(key, value, days, null, null, true, false);
} }
/** /**
@ -169,7 +169,7 @@ public class ResponseBean implements Serializable {
* @param path the URL path to apply the cookie to * @param path the URL path to apply the cookie to
*/ */
public void setCookie(String key, String value, int days, String path) { public void setCookie(String key, String value, int days, String path) {
res.setCookie(key, value, days, path, null); res.setCookie(key, value, days, path, null, true, false);
} }
/** /**
@ -183,11 +183,46 @@ public class ResponseBean implements Serializable {
* @param days number of days the cookie should be stored * @param days number of days the cookie should be stored
* @param path the URL path to apply the cookie to * @param path the URL path to apply the cookie to
* @param domain domain * @param domain domain
* @param isHttpOnly marks the cookie as HttpOnly
*/ */
public void setCookie(String key, String value, int days, String path, String domain) { public void setCookie(String key, String value, int days, String path, String domain, boolean isHttpOnly) {
res.setCookie(key, value, days, path, domain); res.setCookie(key, value, days, path, domain, isHttpOnly, false);
} }
/**
* Set a HTTP cookie with the name and value that is only applied to
* the URLs matching the given path and is stored by the
* HTTP client for the given number of days. A days value of 0 means the
* cookie should be immediately discarded.
*
* @param key the cookie name
* @param value the cookie value
* @param days number of days the cookie should be stored
* @param path the URL path to apply the cookie to
* @param domain domain
* @param isHttpOnly marks the cookie as HttpOnly
* @param isSecure limits the cookie to secure protocols
*/
public void setCookie(String key, String value, int days, String path, String domain, boolean isHttpOnly, boolean isSecure) {
res.setCookie(key, value, days, path, domain, isHttpOnly, isSecure);
}
/**
* Set a HTTP cookie with the name and value that is only applied to
* the URLs matching the given path and is stored by the
* HTTP client for the given number of days. A days value of 0 means the
* cookie should be immediately discarded.
*
* @param key the cookie name
* @param value the cookie value
* @param days number of days the cookie should be stored
* @param path the URL path to apply the cookie to
* @param domain domain
*/
public void setCookie(String key, String value, int days, String path, String domain) {
res.setCookie(key, value, days, path, domain, true, false);
}
/** /**
* Unset a previously set HTTP cookie, causing it to be discarded immedialtely by the * Unset a previously set HTTP cookie, causing it to be discarded immedialtely by the
* HTTP client. * HTTP client.
@ -195,7 +230,7 @@ public class ResponseBean implements Serializable {
* @param key the name of the cookie to be discarded * @param key the name of the cookie to be discarded
*/ */
public void unsetCookie(String key) { public void unsetCookie(String key) {
res.setCookie(key, "", 0, null, null); res.setCookie(key, "", 0, null, null, true, false);
} }
/** /**

6
src/helma/framework/ResponseTrans.java
View file

@ -975,8 +975,10 @@ public final class ResponseTrans extends Writer implements Serializable {
* @param days the cookie's lifespan in days * @param days the cookie's lifespan in days
* @param path the URL path to apply the cookie to * @param path the URL path to apply the cookie to
* @param domain the domain to apply the cookie to * @param domain the domain to apply the cookie to
* @param isHttpOnly marks the cookie as HttpOnly
* @param isSecure limits the cookie for use with secure protocols
*/ */
public void setCookie(String key, String value, int days, String path, String domain) { public void setCookie(String key, String value, int days, String path, String domain, boolean isHttpOnly, boolean isSecure) {
CookieTrans c = null; CookieTrans c = null;
if (cookies == null) { if (cookies == null) {
@ -1000,6 +1002,8 @@ public final class ResponseTrans extends Writer implements Serializable {
c.setDays(days); c.setDays(days);
c.setPath(path); c.setPath(path);
c.setDomain(domain); c.setDomain(domain);
c.setHttpOnly(isHttpOnly);
c.setSecure(isSecure);
} }
/** /**