Attachment 25961 Details for Bug 49811 – Version 2 disableURLRewrite

[patch] Version 2 disableURLRewrite

disableURLRewrite_PATCH_2.patch (text/plain), 8.17 KB, created by Wesley on 2010-08-30 15:35:12 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Wesley

Created: 2010-08-30 15:35:12 UTC

Size: 8.17 KB

patch

obsolete

>Index: java/org/apache/catalina/Context.java
>===================================================================
>--- java/org/apache/catalina/Context.java	(revision 990756)
>+++ java/org/apache/catalina/Context.java	(working copy)
>@@ -325,6 +325,33 @@
> * @param docBase The new document root
> */
> public void setDocBase(String docBase);
>+ 
>+ 
>+	/**
>+ * Is URL rewriting disabled?
>+	 * URL rewriting is an optional component of the servlet 2.5 specifications.
>+	 * However if set to true this will be non compliant with the specifications as
>+	 * the specifications specify there must be a way to retain sessions if
>+	 * the client doesn't allow session cookies.
>+	 * 
>+ * @return true If URL rewriting is disabled.
>+ * 
>+ * @see <a href="http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html">Servlet 2.5 Specification. Sections SRV.7.1.3 and SRV.7.1.4</a>
>+ * @see javax.servlet.http.HttpServletResponse#encodeURL(String) encodeURL
>+ * @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(String) encodeRedirectURL
>+ */
>+ public boolean isDisableURLRewriting();
>+ 
>+ /**
>+ * Is URL rewriting disabled?
>+	 * URL rewriting is an optional component of the servlet 2.5 specifications.
>+	 * However if set to true this will be non compliant with the specifications as
>+	 * the specifications specify there must be a way to retain sessions if
>+	 * the client doesn't allow session cookies.
>+	 *
>+ * @param allow True to disable URL Rewriting. Default false.
>+ */
>+ public void setDisableURLRewriting(boolean allow);
> 
> 
> /**
>Index: java/org/apache/catalina/connector/CoyoteAdapter.java
>===================================================================
>--- java/org/apache/catalina/connector/CoyoteAdapter.java	(revision 990756)
>+++ java/org/apache/catalina/connector/CoyoteAdapter.java	(working copy)
>@@ -461,7 +461,14 @@
> }
> connector.getMapper().map(serverName, decodedURI, 
> request.getMappingData());
>- request.setContext((Context) request.getMappingData().context);
>+ request.setContext(extractContextFromRequest(request));
>+ 
>+ // Had to do this after the context was set.
>+ // Unfortunately parseSessionId is still necessary as it 
>+ // affects the final URL. Safe as session cookies still 
>+ // haven't been parsed.
>+ if (isURLRewritingDisabled(request))
>+ 	clearRequestedSession(request);
> request.setWrapper((Wrapper) request.getMappingData().wrapper);
> 
> // Filter trace method
>@@ -516,6 +523,13 @@
> return true;
> }
> 
>+ private boolean isURLRewritingDisabled(Request request) {
>+ 	Context context = extractContextFromRequest(request);
>+ 	if (context != null)
>+ 		return (context.isDisableURLRewriting());
>+ 	else
>+ 		return (false);
>+ }
> 
> /**
> * Parse session id in URL.
>@@ -560,19 +574,27 @@
> }
> request.setRequestedSessionURL(true);
> } catch (UnsupportedEncodingException uee) {
>- // Make sure no session ID is returned
>- request.setRequestedSessionId(null);
>- request.setRequestedSessionURL(false);
>+ clearRequestedSession(request);
> log.warn(sm.getString("coyoteAdapter.parseSession", enc), uee);
> }
> } else {
>- request.setRequestedSessionId(null);
>- request.setRequestedSessionURL(false);
>+ clearRequestedSession(request);
> }
> 
> }
> 
> 
>+	private void clearRequestedSession(Request request) {
>+		request.setRequestedSessionId(null);
>+		request.setRequestedSessionURL(false);
>+	}
>+
>+
>+	private Context extractContextFromRequest(Request request) {
>+		return (Context) request.getMappingData().context;
>+	}
>+
>+
> /**
> * Parse session id in URL.
> */
>@@ -582,7 +604,7 @@
> // context, don't go looking for a session ID in a cookie as a cookie
> // from a parent context with a session ID may be present which would
> // overwrite the valid session ID encoded in the URL
>- Context context = (Context) request.getMappingData().context;
>+ Context context = extractContextFromRequest(request);
> if (context != null && !context.getCookies())
> return;
> 
>Index: java/org/apache/catalina/connector/Response.java
>===================================================================
>--- java/org/apache/catalina/connector/Response.java	(revision 990756)
>+++ java/org/apache/catalina/connector/Response.java	(working copy)
>@@ -1479,12 +1479,14 @@
> * <li>The requested session ID was not received via a cookie
> * <li>The specified URL points back to somewhere within the web
> * application that is responding to this request
>+ * <li>If URL rewriting hasn't been disabled for this context
> * </ul>
> *
> * @param location Absolute URL to be validated
> */
> protected boolean isEncodeable(final String location) {
>-
>+ 	if (isURLRewritingDisabled())
>+ 		return (false);
> if (location == null)
> return (false);
> 
>@@ -1513,6 +1515,12 @@
> }
> }
> 
>+	private boolean isURLRewritingDisabled() {
>+		Context context = getContext();
>+
>+ 	return (context.isDisableURLRewriting());
>+	}
>+
> private boolean doIsEncodeable(Request hreq, Session session, 
> String location) {
> // Is this a valid absolute URL?
>Index: java/org/apache/catalina/core/StandardContext.java
>===================================================================
>--- java/org/apache/catalina/core/StandardContext.java	(revision 990756)
>+++ java/org/apache/catalina/core/StandardContext.java	(working copy)
>@@ -338,8 +338,12 @@
> * The document root for this web application.
> */
> private String docBase = null;
>+ 
>+ /**
>+ * Has URL rewriting been disabled. 
>+ */
>+ private boolean disableURLRewriting = false;
> 
>-
> /**
> * The exception pages for this web application, keyed by fully qualified
> * class name of the Java exception.
>@@ -1461,6 +1465,35 @@
> this.docBase = docBase;
> 
> }
>+ 
>+ /**
>+ * Is URL rewriting disabled?
>+	 * URL rewriting is an optional component of the servlet 2.5 specifications.
>+	 * However if set to true this will be non compliant with the specifications as
>+	 * the specifications specify there must be a way to retain sessions if
>+	 * the client doesn't allow session cookies.
>+	 * 
>+ * @return true If URL rewriting is disabled.
>+ * 
>+ * @see <a href="http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html">Servlet 2.5 Specification. Sections SRV.7.1.3 and SRV.7.1.4</a>
>+ * @see javax.servlet.http.HttpServletResponse#encodeURL(String) encodeURL
>+ * @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(String) encodeRedirectURL
>+ */
>+ public boolean isDisableURLRewriting() {
>+ 	return (this.disableURLRewriting);
>+ }
>+ 
>+ /**
>+ * Sets the disabling of URL Rewriting.
>+ * @param disabled True to disable URL Rewriting. Default false.
>+ */
>+ public void setDisableURLRewriting(boolean disabled){
>+ 	boolean oldDisableURLRewriting = this.isDisableURLRewriting();
>+ this.disableURLRewriting = disabled;
>+ support.firePropertyChange("disableURLRewriting",
>+ 		oldDisableURLRewriting, disableURLRewriting);
>+ 
>+ }
> 
> // experimental
> public boolean isLazy() {
>Index: java/org/apache/catalina/core/mbeans-descriptors.xml
>===================================================================
>--- java/org/apache/catalina/core/mbeans-descriptors.xml	(revision 990756)
>+++ java/org/apache/catalina/core/mbeans-descriptors.xml	(working copy)
>@@ -59,6 +59,11 @@
> group="Context"
> type="org.apache.catalina.core.StandardContext">
> 
>+ <attribute name="disableURLRewriting"
>+ description="Is URL Rewriting disabled?"
>+ is="false"
>+ type="boolean"/>
>+ 
> <attribute name="allowLinking"
> description="Allow symlinking to outside the webapp root directory, if the webapp is an exploded directory"
> is="true"

Actions: View | Diff

Attachments on bug 49811: 25930 | 25961 | 26018 | 26135