-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixes #10891 - Support the "Partitioned" cookie attribute.
Added support in oej.http.HttpCookie. Bridged support for Servlet cookies via the cookie Comment attribute. Signed-off-by: Simone Bordet <[email protected]>
- Loading branch information
Showing
4 changed files
with
97 additions
and
52 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -24,7 +24,6 @@ | |
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
|
||
// TODO consider replacing this with java.net.HttpCookie (once it supports RFC6265) | ||
public class HttpCookie | ||
{ | ||
private static final Logger LOG = LoggerFactory.getLogger(HttpCookie.class); | ||
|
@@ -33,11 +32,18 @@ public class HttpCookie | |
private static final String __01Jan1970_COOKIE = DateGenerator.formatCookieDate(0).trim(); | ||
|
||
/** | ||
* If this string is found within the comment parsed with {@link #isHttpOnlyInComment(String)} the check will return true | ||
* String used in the {@code Comment} attribute of {@link java.net.HttpCookie}, | ||
* parsed with {@link #isHttpOnlyInComment(String)}, to support the {@code HttpOnly} attribute. | ||
**/ | ||
public static final String HTTP_ONLY_COMMENT = "__HTTP_ONLY__"; | ||
/** | ||
* These strings are used by {@link #getSameSiteFromComment(String)} to check for a SameSite specifier in the comment | ||
* String used in the {@code Comment} attribute of {@link java.net.HttpCookie}, | ||
* parsed with {@link #isPartitionedInComment(String)}, to support the {@code Partitioned} attribute. | ||
**/ | ||
public static final String PARTITIONED_COMMENT = "__PARTITIONED__"; | ||
/** | ||
* The strings used in the {@code Comment} attribute of {@link java.net.HttpCookie}, | ||
* parsed with {@link #getSameSiteFromComment(String)}, to support the {@code SameSite} attribute. | ||
**/ | ||
private static final String SAME_SITE_COMMENT = "__SAME_SITE_"; | ||
public static final String SAME_SITE_NONE_COMMENT = SAME_SITE_COMMENT + "NONE__"; | ||
|
@@ -53,7 +59,7 @@ public enum SameSite | |
{ | ||
NONE("None"), STRICT("Strict"), LAX("Lax"); | ||
|
||
private String attributeValue; | ||
private final String attributeValue; | ||
|
||
SameSite(String attributeValue) | ||
{ | ||
|
@@ -77,6 +83,7 @@ public String getAttributeValue() | |
private final boolean _httpOnly; | ||
private final long _expiration; | ||
private final SameSite _sameSite; | ||
private final boolean _partitioned; | ||
|
||
public HttpCookie(String name, String value) | ||
{ | ||
|
@@ -104,6 +111,11 @@ public HttpCookie(String name, String value, String domain, String path, long ma | |
} | ||
|
||
public HttpCookie(String name, String value, String domain, String path, long maxAge, boolean httpOnly, boolean secure, String comment, int version, SameSite sameSite) | ||
{ | ||
this(name, value, domain, path, maxAge, httpOnly, secure, comment, version, sameSite, false); | ||
} | ||
|
||
public HttpCookie(String name, String value, String domain, String path, long maxAge, boolean httpOnly, boolean secure, String comment, int version, SameSite sameSite, boolean partitioned) | ||
{ | ||
_name = name; | ||
_value = value; | ||
|
@@ -116,6 +128,7 @@ public HttpCookie(String name, String value, String domain, String path, long ma | |
_version = version; | ||
_expiration = maxAge < 0 ? -1 : NanoTime.now() + TimeUnit.SECONDS.toNanos(maxAge); | ||
_sameSite = sameSite; | ||
_partitioned = partitioned; | ||
} | ||
|
||
public HttpCookie(String setCookie) | ||
|
@@ -136,8 +149,10 @@ public HttpCookie(String setCookie) | |
_comment = cookie.getComment(); | ||
_version = cookie.getVersion(); | ||
_expiration = _maxAge < 0 ? -1 : NanoTime.now() + TimeUnit.SECONDS.toNanos(_maxAge); | ||
// support for SameSite values has not yet been added to java.net.HttpCookie | ||
// Support for SameSite values has not yet been added to java.net.HttpCookie. | ||
_sameSite = getSameSiteFromComment(cookie.getComment()); | ||
// Support for Partitioned has not yet been added to java.net.HttpCookie. | ||
_partitioned = isPartitionedInComment(cookie.getComment()); | ||
} | ||
|
||
/** | ||
|
@@ -229,6 +244,14 @@ public boolean isExpired(long timeNanos) | |
return _expiration != -1 && NanoTime.isBefore(_expiration, timeNanos); | ||
} | ||
|
||
/** | ||
* @return whether this cookie is partitioned | ||
*/ | ||
public boolean isPartitioned() | ||
{ | ||
return _partitioned; | ||
} | ||
|
||
/** | ||
* @return a string representation of this cookie | ||
*/ | ||
|
@@ -419,6 +442,8 @@ public String getRFC6265SetCookie() | |
buf.append("; SameSite="); | ||
buf.append(_sameSite.getAttributeValue()); | ||
} | ||
if (isPartitioned()) | ||
buf.append("; Partitioned"); | ||
|
||
return buf.toString(); | ||
} | ||
|
@@ -428,23 +453,22 @@ public static boolean isHttpOnlyInComment(String comment) | |
return comment != null && comment.contains(HTTP_ONLY_COMMENT); | ||
} | ||
|
||
public static boolean isPartitionedInComment(String comment) | ||
{ | ||
return comment != null && comment.contains(PARTITIONED_COMMENT); | ||
} | ||
|
||
public static SameSite getSameSiteFromComment(String comment) | ||
{ | ||
if (comment != null) | ||
{ | ||
if (comment.contains(SAME_SITE_STRICT_COMMENT)) | ||
{ | ||
return SameSite.STRICT; | ||
} | ||
if (comment.contains(SAME_SITE_LAX_COMMENT)) | ||
{ | ||
return SameSite.LAX; | ||
} | ||
if (comment.contains(SAME_SITE_NONE_COMMENT)) | ||
{ | ||
return SameSite.NONE; | ||
} | ||
} | ||
if (comment == null) | ||
return null; | ||
|
||
if (comment.contains(SAME_SITE_STRICT_COMMENT)) | ||
return SameSite.STRICT; | ||
if (comment.contains(SAME_SITE_LAX_COMMENT)) | ||
return SameSite.LAX; | ||
if (comment.contains(SAME_SITE_NONE_COMMENT)) | ||
return SameSite.NONE; | ||
|
||
return null; | ||
} | ||
|
@@ -488,21 +512,25 @@ public static SameSite getSameSiteDefault(Attributes contextAttributes) | |
public static String getCommentWithoutAttributes(String comment) | ||
{ | ||
if (comment == null) | ||
{ | ||
return null; | ||
} | ||
|
||
String strippedComment = comment.trim(); | ||
|
||
strippedComment = StringUtil.strip(strippedComment, HTTP_ONLY_COMMENT); | ||
strippedComment = StringUtil.strip(strippedComment, PARTITIONED_COMMENT); | ||
strippedComment = StringUtil.strip(strippedComment, SAME_SITE_NONE_COMMENT); | ||
strippedComment = StringUtil.strip(strippedComment, SAME_SITE_LAX_COMMENT); | ||
strippedComment = StringUtil.strip(strippedComment, SAME_SITE_STRICT_COMMENT); | ||
|
||
return strippedComment.length() == 0 ? null : strippedComment; | ||
return strippedComment.isEmpty() ? null : strippedComment; | ||
} | ||
|
||
public static String getCommentWithAttributes(String comment, boolean httpOnly, SameSite sameSite) | ||
{ | ||
return getCommentWithAttributes(comment, httpOnly, sameSite, false); | ||
} | ||
|
||
public static String getCommentWithAttributes(String comment, boolean httpOnly, SameSite sameSite, boolean partitioned) | ||
{ | ||
if (comment == null && sameSite == null) | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
janbartel
Contributor
|
||
return null; | ||
|
@@ -535,6 +563,9 @@ public static String getCommentWithAttributes(String comment, boolean httpOnly, | |
} | ||
} | ||
|
||
if (partitioned) | ||
builder.append(PARTITIONED_COMMENT); | ||
|
||
if (builder.length() == 0) | ||
return null; | ||
return builder.toString(); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Please open an issue about this.