View | Details | Raw Unified | Return to bug 49811
Collapse All | Expand All

(-)java/org/apache/catalina/Context.java (+27 lines)
Lines 325-330 Link Here
325
     * @param docBase The new document root
325
     * @param docBase The new document root
326
     */
326
     */
327
    public void setDocBase(String docBase);
327
    public void setDocBase(String docBase);
328
    
329
    
330
    /**
331
     * Is URL rewriting disabled?
332
     * URL rewriting is an optional component of the servlet 2.5 specifications.
333
     * However if set to true this will be non compliant with the specifications as
334
     * the specifications specify there <b>must</b> be a way to retain sessions if
335
     * the client doesn't allow session cookies.
336
     * 
337
     * @return true If URL rewriting is disabled.
338
     * 
339
     * @see <a href="http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html">Servlet 2.5 Specification. Sections SRV.7.1.3 and SRV.7.1.4</a>
340
     * @see javax.servlet.http.HttpServletResponse#encodeURL(String) encodeURL
341
     * @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(String) encodeRedirectURL
342
     */
343
    public boolean isDisableURLRewriting();
344
    
345
    /**
346
     * Is URL rewriting disabled?
347
	 * URL rewriting is an optional component of the servlet 2.5 specifications.
348
	 * However if set to true this will be non compliant with the specifications as
349
	 * the specifications specify there <b>must</b> be a way to retain sessions if
350
	 * the client doesn't allow session cookies.
351
	 *
352
     * @param disable True to disable URL Rewriting. Default <b>false</b>.
353
     */
354
    public void setDisableURLRewriting(boolean disable);
328
355
329
356
330
    /**
357
    /**
(-)java/org/apache/catalina/connector/CoyoteAdapter.java (-7 / +29 lines)
Lines 461-467 Link Here
461
        }
461
        }
462
        connector.getMapper().map(serverName, decodedURI, 
462
        connector.getMapper().map(serverName, decodedURI, 
463
                                  request.getMappingData());
463
                                  request.getMappingData());
464
        request.setContext((Context) request.getMappingData().context);
464
        request.setContext(extractContextFromRequest(request));
465
        
466
        // Had to do this after the context was set.
467
        // Unfortunately parseSessionId is still necessary as it 
468
        // affects the final URL. Safe as session cookies still 
469
        // haven't been parsed.
470
        if (isURLRewritingDisabled(request))
471
        	clearRequestedSession(request);
465
        request.setWrapper((Wrapper) request.getMappingData().wrapper);
472
        request.setWrapper((Wrapper) request.getMappingData().wrapper);
466
473
467
        // Filter trace method
474
        // Filter trace method
Lines 516-521 Link Here
516
        return true;
523
        return true;
517
    }
524
    }
518
525
526
    private boolean isURLRewritingDisabled(Request request) {
527
    	Context context = extractContextFromRequest(request);
528
    	if (context != null)
529
    		return (context.isDisableURLRewriting());
530
    	else
531
    		return (false);
532
    }
519
533
520
    /**
534
    /**
521
     * Parse session id in URL.
535
     * Parse session id in URL.
Lines 560-578 Link Here
560
                }
574
                }
561
                request.setRequestedSessionURL(true);
575
                request.setRequestedSessionURL(true);
562
            } catch (UnsupportedEncodingException uee) {
576
            } catch (UnsupportedEncodingException uee) {
563
                // Make sure no session ID is returned
577
                clearRequestedSession(request);
564
                request.setRequestedSessionId(null);
565
                request.setRequestedSessionURL(false);
566
                log.warn(sm.getString("coyoteAdapter.parseSession", enc), uee);
578
                log.warn(sm.getString("coyoteAdapter.parseSession", enc), uee);
567
            }
579
            }
568
        } else {
580
        } else {
569
            request.setRequestedSessionId(null);
581
            clearRequestedSession(request);
570
            request.setRequestedSessionURL(false);
571
        }
582
        }
572
583
573
    }
584
    }
574
585
575
586
587
    private void clearRequestedSession(Request request) {
588
        request.setRequestedSessionId(null);
589
        request.setRequestedSessionURL(false);
590
    }
591
592
593
    private Context extractContextFromRequest(Request request) {
594
        return (Context) request.getMappingData().context;
595
    }
596
597
576
    /**
598
    /**
577
     * Parse session id in URL.
599
     * Parse session id in URL.
578
     */
600
     */
Lines 582-588 Link Here
582
        // context, don't go looking for a session ID in a cookie as a cookie
604
        // context, don't go looking for a session ID in a cookie as a cookie
583
        // from a parent context with a session ID may be present which would
605
        // from a parent context with a session ID may be present which would
584
        // overwrite the valid session ID encoded in the URL
606
        // overwrite the valid session ID encoded in the URL
585
        Context context = (Context) request.getMappingData().context;
607
        Context context = extractContextFromRequest(request);
586
        if (context != null && !context.getCookies())
608
        if (context != null && !context.getCookies())
587
            return;
609
            return;
588
610
(-)java/org/apache/catalina/connector/Response.java (-1 / +9 lines)
Lines 1479-1490 Link Here
1479
     * <li>The requested session ID was not received via a cookie
1479
     * <li>The requested session ID was not received via a cookie
1480
     * <li>The specified URL points back to somewhere within the web
1480
     * <li>The specified URL points back to somewhere within the web
1481
     *     application that is responding to this request
1481
     *     application that is responding to this request
1482
     * <li>If URL rewriting hasn't been disabled for this context
1482
     * </ul>
1483
     * </ul>
1483
     *
1484
     *
1484
     * @param location Absolute URL to be validated
1485
     * @param location Absolute URL to be validated
1485
     */
1486
     */
1486
    protected boolean isEncodeable(final String location) {
1487
    protected boolean isEncodeable(final String location) {
1487
1488
    	if (isURLRewritingDisabled())
1489
    		return (false);
1488
        if (location == null)
1490
        if (location == null)
1489
            return (false);
1491
            return (false);
1490
1492
Lines 1513-1518 Link Here
1513
        }
1515
        }
1514
    }
1516
    }
1515
1517
1518
    private boolean isURLRewritingDisabled() {
1519
        Context context = getContext();
1520
1521
        return (context.isDisableURLRewriting());
1522
    }
1523
1516
    private boolean doIsEncodeable(Request hreq, Session session, 
1524
    private boolean doIsEncodeable(Request hreq, Session session, 
1517
                                   String location) {
1525
                                   String location) {
1518
        // Is this a valid absolute URL?
1526
        // Is this a valid absolute URL?
(-)java/org/apache/catalina/core/StandardContext.java (-1 / +34 lines)
Lines 338-345 Link Here
338
     * The document root for this web application.
338
     * The document root for this web application.
339
     */
339
     */
340
    private String docBase = null;
340
    private String docBase = null;
341
    
342
    /**
343
     * Has URL rewriting been disabled. 
344
     */
345
    private boolean disableURLRewriting = false;
341
346
342
343
    /**
347
    /**
344
     * The exception pages for this web application, keyed by fully qualified
348
     * The exception pages for this web application, keyed by fully qualified
345
     * class name of the Java exception.
349
     * class name of the Java exception.
Lines 1461-1466 Link Here
1461
        this.docBase = docBase;
1465
        this.docBase = docBase;
1462
1466
1463
    }
1467
    }
1468
    
1469
    /**
1470
     * Is URL rewriting disabled?
1471
     * URL rewriting is an optional component of the servlet 2.5 specifications.
1472
     * However if set to true this will be non compliant with the specifications as
1473
     * the specifications specify there <b>must</b> be a way to retain sessions if
1474
     * the client doesn't allow session cookies.
1475
     * 
1476
     * @return true If URL rewriting is disabled.
1477
     * 
1478
     * @see <a href="http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html">Servlet 2.5 Specification. Sections SRV.7.1.3 and SRV.7.1.4</a>
1479
     * @see javax.servlet.http.HttpServletResponse#encodeURL(String) encodeURL
1480
     * @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(String) encodeRedirectURL
1481
     */
1482
    public boolean isDisableURLRewriting() {
1483
    	return (this.disableURLRewriting);
1484
    }
1485
    
1486
    /**
1487
     * Sets the disabling of URL Rewriting.
1488
     * @param disable True to disable URL Rewriting. Default <b>false</b>.
1489
     */
1490
    public void setDisableURLRewriting(boolean disable){
1491
    	boolean oldDisableURLRewriting = this.isDisableURLRewriting();
1492
        this.disableURLRewriting = disable;
1493
        support.firePropertyChange("disableURLRewriting",
1494
        		oldDisableURLRewriting, disableURLRewriting);
1495
        
1496
    }
1464
1497
1465
    // experimental
1498
    // experimental
1466
    public boolean isLazy() {
1499
    public boolean isLazy() {
(-)java/org/apache/catalina/core/mbeans-descriptors.xml (+5 lines)
Lines 59-64 Link Here
59
         group="Context"
59
         group="Context"
60
         type="org.apache.catalina.core.StandardContext">
60
         type="org.apache.catalina.core.StandardContext">
61
    
61
    
62
    <attribute name="disableURLRewriting"
63
               description="Is URL Rewriting disabled?"
64
               is="false"
65
               type="boolean"/>
66
    
62
    <attribute name="allowLinking"
67
    <attribute name="allowLinking"
63
               description="Allow symlinking to outside the webapp root directory, if the webapp is an exploded directory"
68
               description="Allow symlinking to outside the webapp root directory, if the webapp is an exploded directory"
64
               is="true"
69
               is="true"

Return to bug 49811