antville/helma
antville/helma
1
1
Fork 0
Code Issues 5 Pull requests 5 Projects Releases 5 Activity Actions

res.setCookie() now accepts boolean httponly and secure flags

Browse source 
httponly defaults to true, secure to false
This commit is contained in:
Robert Gaggl 2017-03-27 15:50:01 +02:00
parent 75f0245817
commit 81f5e3cd8e
3 changed files with 77 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
src/helma/framework/CookieTrans.java
View file

@ -24,11 +24,13 @@ import javax.servlet.http.Cookie;
* of an HTTP cookie.
*/
public final class CookieTrans implements Serializable {
String name;
String value;
String path;
String domain;
int days = -1;
private String name;
private String value;
private String path;
private String domain;
private boolean isHttpOnly = true;
private boolean isSecure = false;
private int days = -1;
CookieTrans(String name, String value) {
this.name = name;
@ -51,9 +53,15 @@ public final class CookieTrans implements Serializable {
this.domain = domain;
}
void setHttpOnly(boolean isHttpOnly) {
this.isHttpOnly = isHttpOnly;
}
void setSecure(boolean isSecure) {
this.isSecure = isSecure;
}
/**
*
*
* @return ...
*/
public String getName() {
@ -61,8 +69,6 @@ public final class CookieTrans implements Serializable {
}
/**
*
*
* @return ...
*/
public String getValue() {
@ -70,8 +76,6 @@ public final class CookieTrans implements Serializable {
}
/**
*
*
* @return ...
*/
public int getDays() {
@ -79,8 +83,6 @@ public final class CookieTrans implements Serializable {
}
/**
*
*
* @return ...
*/
public String getPath() {
@ -88,14 +90,26 @@ public final class CookieTrans implements Serializable {
}
/**
*
*
* @return ...
*/
public String getDomain() {
return domain;
}
/**
* @return ...
*/
public boolean getHttpOnly() {
return isHttpOnly;
}
/**
* @return ...
*/
public boolean getSecure() {
return isSecure;
}
/**
*
*
@ -126,6 +140,8 @@ public final class CookieTrans implements Serializable {
} else if (defaultDomain != null) {
c.setDomain(defaultDomain);
}
c.setHttpOnly(isHttpOnly);
c.setSecure(isSecure);
return c;
}

47
src/helma/framework/ResponseBean.java
View file

@ -141,7 +141,7 @@ public class ResponseBean implements Serializable {
* @param value the cookie value
*/
public void setCookie(String key, String value) {
res.setCookie(key, value, -1, null, null);
res.setCookie(key, value, -1, null, null, true, false);
}
/**
@ -154,7 +154,7 @@ public class ResponseBean implements Serializable {
* @param days number of days the cookie should be stored
*/
public void setCookie(String key, String value, int days) {
res.setCookie(key, value, days, null, null);
res.setCookie(key, value, days, null, null, true, false);
}
/**
@ -169,7 +169,7 @@ public class ResponseBean implements Serializable {
* @param path the URL path to apply the cookie to
*/
public void setCookie(String key, String value, int days, String path) {
res.setCookie(key, value, days, path, null);
res.setCookie(key, value, days, path, null, true, false);
}
/**
@ -183,11 +183,46 @@ public class ResponseBean implements Serializable {
* @param days number of days the cookie should be stored
* @param path the URL path to apply the cookie to
* @param domain domain
* @param isHttpOnly marks the cookie as HttpOnly
*/
public void setCookie(String key, String value, int days, String path, String domain) {
res.setCookie(key, value, days, path, domain);
public void setCookie(String key, String value, int days, String path, String domain, boolean isHttpOnly) {
res.setCookie(key, value, days, path, domain, isHttpOnly, false);
}
/**
* Set a HTTP cookie with the name and value that is only applied to
* the URLs matching the given path and is stored by the
* HTTP client for the given number of days. A days value of 0 means the
* cookie should be immediately discarded.
*
* @param key the cookie name
* @param value the cookie value
* @param days number of days the cookie should be stored
* @param path the URL path to apply the cookie to
* @param domain domain
* @param isHttpOnly marks the cookie as HttpOnly
* @param isSecure limits the cookie to secure protocols
*/
public void setCookie(String key, String value, int days, String path, String domain, boolean isHttpOnly, boolean isSecure) {
res.setCookie(key, value, days, path, domain, isHttpOnly, isSecure);
}
/**
* Set a HTTP cookie with the name and value that is only applied to
* the URLs matching the given path and is stored by the
* HTTP client for the given number of days. A days value of 0 means the
* cookie should be immediately discarded.
*
* @param key the cookie name
* @param value the cookie value
* @param days number of days the cookie should be stored
* @param path the URL path to apply the cookie to
* @param domain domain
*/
public void setCookie(String key, String value, int days, String path, String domain) {
res.setCookie(key, value, days, path, domain, true, false);
}
/**
* Unset a previously set HTTP cookie, causing it to be discarded immedialtely by the
* HTTP client.
@ -195,7 +230,7 @@ public class ResponseBean implements Serializable {
* @param key the name of the cookie to be discarded
*/
public void unsetCookie(String key) {
res.setCookie(key, "", 0, null, null);
res.setCookie(key, "", 0, null, null, true, false);
}
/**

6
src/helma/framework/ResponseTrans.java
View file

@ -975,8 +975,10 @@ public final class ResponseTrans extends Writer implements Serializable {
* @param days the cookie's lifespan in days
* @param path the URL path to apply the cookie to
* @param domain the domain to apply the cookie to
* @param isHttpOnly marks the cookie as HttpOnly
* @param isSecure limits the cookie for use with secure protocols
*/
public void setCookie(String key, String value, int days, String path, String domain) {
public void setCookie(String key, String value, int days, String path, String domain, boolean isHttpOnly, boolean isSecure) {
CookieTrans c = null;
if (cookies == null) {
@ -1000,6 +1002,8 @@ public final class ResponseTrans extends Writer implements Serializable {
c.setDays(days);
c.setPath(path);
c.setDomain(domain);
c.setHttpOnly(isHttpOnly);
c.setSecure(isSecure);
}
/**