Attachment #25961 for bug #49811

View | Details | Raw Unified | Return to bug 49811
Collapse All | Expand All




     * @param docBase The new document root
     */
    public void setDocBase(String docBase);
    
    
	/**
     * Is URL rewriting disabled?
	 * URL rewriting is an optional component of the servlet 2.5 specifications.
	 * However if set to true this will be non compliant with the specifications as
	 * the specifications specify there <b>must</b> be a way to retain sessions if
	 * the client doesn't allow session cookies.
	 * 
     * @return true If URL rewriting is disabled.
     * 
     * @see <a href="http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html">Servlet 2.5 Specification. Sections SRV.7.1.3 and SRV.7.1.4</a>
     * @see javax.servlet.http.HttpServletResponse#encodeURL(String) encodeURL
     * @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(String) encodeRedirectURL
     */
    public boolean isDisableURLRewriting();
    
    /**
     * Is URL rewriting disabled?
	 * URL rewriting is an optional component of the servlet 2.5 specifications.
	 * However if set to true this will be non compliant with the specifications as
	 * the specifications specify there <b>must</b> be a way to retain sessions if
	 * the client doesn't allow session cookies.
	 *
     * @param allow True to disable URL Rewriting. Default <b>false</b>.
     */
    public void setDisableURLRewriting(boolean allow);


    /**

Lines 461-467 Link Here

(-)java/org/apache/catalina/connector/CoyoteAdapter.java (-7 / +29 lines)
461	}	461	}
462	connector.getMapper().map(serverName, decodedURI,	462	connector.getMapper().map(serverName, decodedURI,
463	request.getMappingData());	463	request.getMappingData());
464	request.setContext((Context) request.getMappingData().context);	464	request.setContext(extractContextFromRequest(request));
		465
		466	// Had to do this after the context was set.
		467	// Unfortunately parseSessionId is still necessary as it
		468	// affects the final URL. Safe as session cookies still
		469	// haven't been parsed.
		470	if (isURLRewritingDisabled(request))
		471	clearRequestedSession(request);
465	request.setWrapper((Wrapper) request.getMappingData().wrapper);	472	request.setWrapper((Wrapper) request.getMappingData().wrapper);
466		473
467	// Filter trace method	474	// Filter trace method
Lines 516-521 Link Here
516	return true;	523	return true;
517	}	524	}
518		525
		526	private boolean isURLRewritingDisabled(Request request) {
		527	Context context = extractContextFromRequest(request);
		528	if (context != null)
		529	return (context.isDisableURLRewriting());
		530	else
		531	return (false);
		532	}
519		533
520	/**	534	/**
521	* Parse session id in URL.	535	* Parse session id in URL.
Lines 560-578 Link Here
560	}	574	}
561	request.setRequestedSessionURL(true);	575	request.setRequestedSessionURL(true);
562	} catch (UnsupportedEncodingException uee) {	576	} catch (UnsupportedEncodingException uee) {
563	// Make sure no session ID is returned	577	clearRequestedSession(request);
564	request.setRequestedSessionId(null);
565	request.setRequestedSessionURL(false);
566	log.warn(sm.getString("coyoteAdapter.parseSession", enc), uee);	578	log.warn(sm.getString("coyoteAdapter.parseSession", enc), uee);
567	}	579	}
568	} else {	580	} else {
569	request.setRequestedSessionId(null);	581	clearRequestedSession(request);
570	request.setRequestedSessionURL(false);
571	}	582	}
572		583
573	}	584	}
574		585
575		586
		587	private void clearRequestedSession(Request request) {
		588	request.setRequestedSessionId(null);
		589	request.setRequestedSessionURL(false);
		590	}
		591
		592
		593	private Context extractContextFromRequest(Request request) {
		594	return (Context) request.getMappingData().context;
		595	}
		596
		597
576	/**	598	/**
577	* Parse session id in URL.	599	* Parse session id in URL.
578	*/	600	*/
Lines 582-588 Link Here
582	// context, don't go looking for a session ID in a cookie as a cookie	604	// context, don't go looking for a session ID in a cookie as a cookie
583	// from a parent context with a session ID may be present which would	605	// from a parent context with a session ID may be present which would
584	// overwrite the valid session ID encoded in the URL	606	// overwrite the valid session ID encoded in the URL
585	Context context = (Context) request.getMappingData().context;	607	Context context = extractContextFromRequest(request);
586	if (context != null && !context.getCookies())	608	if (context != null && !context.getCookies())
587	return;	609	return;
588		610




     * <li>The requested session ID was not received via a cookie
     * <li>The specified URL points back to somewhere within the web
     *     application that is responding to this request
     * <li>If URL rewriting hasn't been disabled for this context
     * </ul>
     *
     * @param location Absolute URL to be validated
     */
    protected boolean isEncodeable(final String location) {
    	if (isURLRewritingDisabled())
    		return (false);
        if (location == null)
            return (false);


        }
    }

	private boolean isURLRewritingDisabled() {
		Context context = getContext();

    	return (context.isDisableURLRewriting());
	}

    private boolean doIsEncodeable(Request hreq, Session session, 
                                   String location) {
        // Is this a valid absolute URL?

Lines 338-345 Link Here

(-)java/org/apache/catalina/core/StandardContext.java (-1 / +34 lines)
338	* The document root for this web application.	338	* The document root for this web application.
339	*/	339	*/
340	private String docBase = null;	340	private String docBase = null;
		341
		342	/**
		343	* Has URL rewriting been disabled.
		344	*/
		345	private boolean disableURLRewriting = false;
341		346
342
343	/**	347	/**
344	* The exception pages for this web application, keyed by fully qualified	348	* The exception pages for this web application, keyed by fully qualified
345	* class name of the Java exception.	349	* class name of the Java exception.
Lines 1461-1466 Link Here
1461	this.docBase = docBase;	1465	this.docBase = docBase;
1462		1466
1463	}	1467	}
		1468
		1469	/**
		1470	* Is URL rewriting disabled?
		1471	* URL rewriting is an optional component of the servlet 2.5 specifications.
		1472	* However if set to true this will be non compliant with the specifications as
		1473	* the specifications specify there <b>must</b> be a way to retain sessions if
		1474	* the client doesn't allow session cookies.
		1475	*
		1476	* @return true If URL rewriting is disabled.
		1477	*
		1478	* @see <a href="http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html">Servlet 2.5 Specification. Sections SRV.7.1.3 and SRV.7.1.4</a>
		1479	* @see javax.servlet.http.HttpServletResponse#encodeURL(String) encodeURL
		1480	* @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(String) encodeRedirectURL
		1481	*/
		1482	public boolean isDisableURLRewriting() {
		1483	return (this.disableURLRewriting);
		1484	}
		1485
		1486	/**
		1487	* Sets the disabling of URL Rewriting.
		1488	* @param disabled True to disable URL Rewriting. Default <b>false</b>.
		1489	*/
		1490	public void setDisableURLRewriting(boolean disabled){
		1491	boolean oldDisableURLRewriting = this.isDisableURLRewriting();
		1492	this.disableURLRewriting = disabled;
		1493	support.firePropertyChange("disableURLRewriting",
		1494	oldDisableURLRewriting, disableURLRewriting);
		1495
		1496	}
1464		1497
1465	// experimental	1498	// experimental
1466	public boolean isLazy() {	1499	public boolean isLazy() {

Lines 59-64 Link Here

(-)java/org/apache/catalina/core/mbeans-descriptors.xml (+5 lines)
59	group="Context"	59	group="Context"
60	type="org.apache.catalina.core.StandardContext">	60	type="org.apache.catalina.core.StandardContext">
61		61
		62	<attribute name="disableURLRewriting"
		63	description="Is URL Rewriting disabled?"
		64	is="false"
		65	type="boolean"/>
		66
62	<attribute name="allowLinking"	67	<attribute name="allowLinking"
63	description="Allow symlinking to outside the webapp root directory, if the webapp is an exploded directory"	68	description="Allow symlinking to outside the webapp root directory, if the webapp is an exploded directory"
64	is="true"	69	is="true"

Return to bug 49811

Lines 325-330 Link Here

(-)java/org/apache/catalina/Context.java (+27 lines)
325	* @param docBase The new document root	325	* @param docBase The new document root
326	*/	326	*/
327	public void setDocBase(String docBase);	327	public void setDocBase(String docBase);
		328
		329
		330	/**
		331	* Is URL rewriting disabled?
		332	* URL rewriting is an optional component of the servlet 2.5 specifications.
		333	* However if set to true this will be non compliant with the specifications as
		334	* the specifications specify there <b>must</b> be a way to retain sessions if
		335	* the client doesn't allow session cookies.
		336	*
		337	* @return true If URL rewriting is disabled.
		338	*
		339	* @see <a href="http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html">Servlet 2.5 Specification. Sections SRV.7.1.3 and SRV.7.1.4</a>
		340	* @see javax.servlet.http.HttpServletResponse#encodeURL(String) encodeURL
		341	* @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(String) encodeRedirectURL
		342	*/
		343	public boolean isDisableURLRewriting();
		344
		345	/**
		346	* Is URL rewriting disabled?
		347	* URL rewriting is an optional component of the servlet 2.5 specifications.
		348	* However if set to true this will be non compliant with the specifications as
		349	* the specifications specify there <b>must</b> be a way to retain sessions if
		350	* the client doesn't allow session cookies.
		351	*
		352	* @param allow True to disable URL Rewriting. Default <b>false</b>.
		353	*/
		354	public void setDisableURLRewriting(boolean allow);
328		355
329		356
330	/**	357	/**

Lines 1479-1490 Link Here

(-)java/org/apache/catalina/connector/Response.java (-1 / +9 lines)
1479	* <li>The requested session ID was not received via a cookie	1479	* <li>The requested session ID was not received via a cookie
1480	* <li>The specified URL points back to somewhere within the web	1480	* <li>The specified URL points back to somewhere within the web
1481	* application that is responding to this request	1481	* application that is responding to this request
		1482	* <li>If URL rewriting hasn't been disabled for this context
1482	* </ul>	1483	* </ul>
1483	*	1484	*
1484	* @param location Absolute URL to be validated	1485	* @param location Absolute URL to be validated
1485	*/	1486	*/
1486	protected boolean isEncodeable(final String location) {	1487	protected boolean isEncodeable(final String location) {
1487		1488	if (isURLRewritingDisabled())
		1489	return (false);
1488	if (location == null)	1490	if (location == null)
1489	return (false);	1491	return (false);
1490		1492
Lines 1513-1518 Link Here
1513	}	1515	}
1514	}	1516	}
1515		1517
		1518	private boolean isURLRewritingDisabled() {
		1519	Context context = getContext();
		1520
		1521	return (context.isDisableURLRewriting());
		1522	}
		1523
1516	private boolean doIsEncodeable(Request hreq, Session session,	1524	private boolean doIsEncodeable(Request hreq, Session session,
1517	String location) {	1525	String location) {
1518	// Is this a valid absolute URL?	1526	// Is this a valid absolute URL?