Attachment #23544 for bug #45255

View | Details | Raw Unified | Return to bug 45255
Collapse All | Expand All




            req.serverName().setString(proxyName);
        }

        // Parse session Id
        parseSessionId(req, request);

        // URI decoding
        MessageBytes decodedURI = req.decodedURI();
        decodedURI.duplicate(req.requestURI());

        // Request mapping.
        MessageBytes serverName;
        if (connector.getUseIPVHosts()) {
            serverName = req.localName();
            if (serverName.isNull()) {
                // well, they did ask for it
                res.action(ActionCode.ACTION_REQ_LOCAL_NAME_ATTRIBUTE, null);
            }
        } else {
            serverName = req.serverName();
        }
        connector.getMapper().map(serverName, decodedURI,
                                  request.getMappingData());
        request.setContext((Context) request.getMappingData().context);
        request.setWrapper((Wrapper) request.getMappingData().wrapper);

        // Parse session Id
        parseSessionId(req, request);

        if (decodedURI.getType() == MessageBytes.T_BYTES) {
            // Remove any path parameters
            ByteChunk uriBB = decodedURI.getByteChunk();

            request.setAuthType(authtype);
        }

        // Request mapping.
        MessageBytes serverName;
        if (connector.getUseIPVHosts()) {
            serverName = req.localName();
            if (serverName.isNull()) {
                // well, they did ask for it
                res.action(ActionCode.ACTION_REQ_LOCAL_NAME_ATTRIBUTE, null);
            }
        } else {
            serverName = req.serverName();
        }
        connector.getMapper().map(serverName, decodedURI, 
                                  request.getMappingData());
        request.setContext((Context) request.getMappingData().context);
        request.setWrapper((Wrapper) request.getMappingData().wrapper);

        // Filter trace method
        if (!connector.getAllowTrace() 
                && req.method().equalsIgnoreCase("TRACE")) {

     */
    protected void parseSessionId(org.apache.coyote.Request req, Request request) {

        // If session tracking via URL rewriting has been disabled for the current
        // context, don't go looking for a session ID in the URL
        Context context = (Context) request.getMappingData().context;
        if (context != null && !context.getUrlRewriting())
            return;

        ByteChunk uriBC = req.requestURI().getByteChunk();
        int semicolon = uriBC.indexOf(match, 0, match.length(), 0);


Lines 1404-1409 Link Here

(-)java/org/apache/catalina/connector/Response.java (+4 lines)
1404	* a session identifier. This will be true if all of the following	1404	* a session identifier. This will be true if all of the following
1405	* conditions are met:	1405	* conditions are met:
1406	* <ul>	1406	* <ul>
		1407	* <li>URL rewriting is enabled
1407	* <li>The request we are responding to asked for a valid session	1408	* <li>The request we are responding to asked for a valid session
1408	* <li>The requested session ID was not received via a cookie	1409	* <li>The requested session ID was not received via a cookie
1409	* <li>The specified URL points back to somewhere within the web	1410	* <li>The specified URL points back to somewhere within the web
Lines 1414-1419 Link Here
1414	*/	1415	*/
1415	protected boolean isEncodeable(final String location) {	1416	protected boolean isEncodeable(final String location) {
1416		1417
		1418	if (!getContext().getUrlRewriting())
		1419	return (false);
		1420
1417	if (location == null)	1421	if (location == null)
1418	return (false);	1422	return (false);
1419		1423




    public void setCookies(boolean cookies);

    /**
    * Return the "use URL rewriting for session ids" flag.
    */
    public boolean getUrlRewriting();

    /**
    * Set the "use URL rewriting for session ids" flag.
    *
    * @param urlRewriting The new flag
    */
    public void setUrlRewriting(boolean urlRewriting);


    /**
     * Gets the value of the use HttpOnly cookies for session cookies flag.
     * 
     * @return <code>true</code> if the HttpOnly flag should be set on session

Lines 285-290 Link Here

(-)java/org/apache/catalina/core/StandardContext.java (+33 lines)
285		285
286		286
287	/**	287	/**
		288	* Should we attempt to use URL rewriting for session id communication?
		289	*/
		290	private boolean urlRewriting = true;
		291
		292
		293	/**
288	* Should we allow the <code>ServletContext.getContext()</code> method	294	* Should we allow the <code>ServletContext.getContext()</code> method
289	* to access the context of other web applications in this server?	295	* to access the context of other web applications in this server?
290	*/	296	*/
Lines 1100-1107 Link Here
1100	new Boolean(this.cookies));	1106	new Boolean(this.cookies));
1101		1107
1102	}	1108	}
		1109
		1110
		1111	/**
		1112	* Return the "use URL rewriting for session ids" flag.
		1113	*/
		1114	public boolean getUrlRewriting() {
		1115
		1116	return (this.urlRewriting);
		1117
		1118	}
		1119
1103		1120
1104	/**	1121	/**
		1122	* Set the "use URL rewriting for session ids" flag.
		1123	*
		1124	* @param urlRewriting The new flag
		1125	*/
		1126	public void setUrlRewriting(boolean urlRewriting) {
		1127
		1128	boolean oldURLRewriting = this.urlRewriting;
		1129	this.urlRewriting = urlRewriting;
		1130	support.firePropertyChange("urlRewriting",
		1131	new Boolean(oldURLRewriting),
		1132	new Boolean(this.urlRewriting));
		1133
		1134	}
		1135
		1136
		1137	/**
1105	* Gets the value of the use HttpOnly cookies for session cookies flag.	1138	* Gets the value of the use HttpOnly cookies for session cookies flag.
1106	*	1139	*
1107	* @return <code>true</code> if the HttpOnly flag should be set on session	1140	* @return <code>true</code> if the HttpOnly flag should be set on session




        application, however, to trigger reloads of deployed applications
        on demand.</p>
      </attribute>
      
      <attribute name="urlRewriting" required="false">
        <p>Set to <code>true</code> if you want URL rewriting to be available for
        session identifier communication (the default is <code>true</code>).  
        Set to <code>false</code> if you want to disable the use of URL rewriting 
        for session identifier communication, and rely only on cookies. Note that 
        either <code>cookies</code> or <code>urlRewriting</code> must be enabled 
        for sessions to work.</p>
      </attribute>
      

      <attribute name="wrapperClass" required="false">
        <p>Java class name of the <code>org.apache.catalina.Wrapper</code>

Return to bug 45255

Lines 380-392 Link Here

(-)java/org/apache/catalina/connector/CoyoteAdapter.java (-19 / +25 lines)
380	req.serverName().setString(proxyName);	380	req.serverName().setString(proxyName);
381	}	381	}
382		382
383	// Parse session Id
384	parseSessionId(req, request);
385
386	// URI decoding	383	// URI decoding
387	MessageBytes decodedURI = req.decodedURI();	384	MessageBytes decodedURI = req.decodedURI();
388	decodedURI.duplicate(req.requestURI());	385	decodedURI.duplicate(req.requestURI());
389		386
		387	// Request mapping.
		388	MessageBytes serverName;
		389	if (connector.getUseIPVHosts()) {
		390	serverName = req.localName();
		391	if (serverName.isNull()) {
		392	// well, they did ask for it
		393	res.action(ActionCode.ACTION_REQ_LOCAL_NAME_ATTRIBUTE, null);
		394	}
		395	} else {
		396	serverName = req.serverName();
		397	}
		398	connector.getMapper().map(serverName, decodedURI,
		399	request.getMappingData());
		400	request.setContext((Context) request.getMappingData().context);
		401	request.setWrapper((Wrapper) request.getMappingData().wrapper);
		402
		403	// Parse session Id
		404	parseSessionId(req, request);
		405
390	if (decodedURI.getType() == MessageBytes.T_BYTES) {	406	if (decodedURI.getType() == MessageBytes.T_BYTES) {
391	// Remove any path parameters	407	// Remove any path parameters
392	ByteChunk uriBB = decodedURI.getByteChunk();	408	ByteChunk uriBB = decodedURI.getByteChunk();
Lines 443-464 Link Here
443	request.setAuthType(authtype);	459	request.setAuthType(authtype);
444	}	460	}
445		461
446	// Request mapping.
447	MessageBytes serverName;
448	if (connector.getUseIPVHosts()) {
449	serverName = req.localName();
450	if (serverName.isNull()) {
451	// well, they did ask for it
452	res.action(ActionCode.ACTION_REQ_LOCAL_NAME_ATTRIBUTE, null);
453	}
454	} else {
455	serverName = req.serverName();
456	}
457	connector.getMapper().map(serverName, decodedURI,
458	request.getMappingData());
459	request.setContext((Context) request.getMappingData().context);
460	request.setWrapper((Wrapper) request.getMappingData().wrapper);
461
462	// Filter trace method	462	// Filter trace method
463	if (!connector.getAllowTrace()	463	if (!connector.getAllowTrace()
464	&& req.method().equalsIgnoreCase("TRACE")) {	464	&& req.method().equalsIgnoreCase("TRACE")) {
Lines 517-522 Link Here
517	*/	517	*/
518	protected void parseSessionId(org.apache.coyote.Request req, Request request) {	518	protected void parseSessionId(org.apache.coyote.Request req, Request request) {
519		519
		520	// If session tracking via URL rewriting has been disabled for the current
		521	// context, don't go looking for a session ID in the URL
		522	Context context = (Context) request.getMappingData().context;
		523	if (context != null && !context.getUrlRewriting())
		524	return;
		525
520	ByteChunk uriBC = req.requestURI().getByteChunk();	526	ByteChunk uriBC = req.requestURI().getByteChunk();
521	int semicolon = uriBC.indexOf(match, 0, match.length(), 0);	527	int semicolon = uriBC.indexOf(match, 0, match.length(), 0);
522		528

Lines 182-187 Link Here

(-)java/org/apache/catalina/Context.java (+13 lines)
182	public void setCookies(boolean cookies);	182	public void setCookies(boolean cookies);
183		183
184	/**	184	/**
		185	* Return the "use URL rewriting for session ids" flag.
		186	*/
		187	public boolean getUrlRewriting();
		188
		189	/**
		190	* Set the "use URL rewriting for session ids" flag.
		191	*
		192	* @param urlRewriting The new flag
		193	*/
		194	public void setUrlRewriting(boolean urlRewriting);
		195
		196
		197	/**
185	* Gets the value of the use HttpOnly cookies for session cookies flag.	198	* Gets the value of the use HttpOnly cookies for session cookies flag.
186	*	199	*
187	* @return <code>true</code> if the HttpOnly flag should be set on session	200	* @return <code>true</code> if the HttpOnly flag should be set on session

Lines 223-228 Link Here

(-)webapps/docs/config/context.xml (+10 lines)
223	application, however, to trigger reloads of deployed applications	223	application, however, to trigger reloads of deployed applications
224	on demand.</p>	224	on demand.</p>
225	</attribute>	225	</attribute>
		226
		227	<attribute name="urlRewriting" required="false">
		228	<p>Set to <code>true</code> if you want URL rewriting to be available for
		229	session identifier communication (the default is <code>true</code>).
		230	Set to <code>false</code> if you want to disable the use of URL rewriting
		231	for session identifier communication, and rely only on cookies. Note that
		232	either <code>cookies</code> or <code>urlRewriting</code> must be enabled
		233	for sessions to work.</p>
		234	</attribute>
		235
226		236
227	<attribute name="wrapperClass" required="false">	237	<attribute name="wrapperClass" required="false">
228	<p>Java class name of the <code>org.apache.catalina.Wrapper</code>	238	<p>Java class name of the <code>org.apache.catalina.Wrapper</code>