Attachment #26135 for bug #49811

View | Details | Raw Unified | Return to bug 49811
Collapse All | Expand All




     * @param docBase The new document root
     */
    public void setDocBase(String docBase);
    
    
    /**
     * Is URL rewriting disabled?
     * URL rewriting is an optional component of the servlet 2.5 specification.
     * However if set to true this will be non-compliant with the specification
     * as the specification requires that there <b>must</b> be a way to retain
     * sessions if the client doesn't allow session cookies.
     * 
     * @return true If URL rewriting is disabled.
     * 
     * @see <a href="http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html">Servlet
     *      2.5 Specification. Sections SRV.7.1.3 and SRV.7.1.4</a>
     * @see javax.servlet.http.HttpServletResponse#encodeURL(String) encodeURL
     * @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(String)
     *      encodeRedirectURL
     */
    public boolean isDisableURLRewriting();
    
    /**
     * Is URL rewriting disabled?
     * URL rewriting is an optional component of the servlet 2.5 specification.
     * However if set to true this will be non-compliant with the specification
     * as the specification requires that there <b>must</b> be a way to retain
     * sessions if the client doesn't allow session cookies.
     *
     * @param disable True to disable URL Rewriting. Default <b>false</b>.
     */
    public void setDisableURLRewriting(boolean disable);


    /**

Lines 462-467 Link Here

(-)java/org/apache/catalina/connector/CoyoteAdapter.java (-5 / +22 lines)
462	connector.getMapper().map(serverName, decodedURI,	462	connector.getMapper().map(serverName, decodedURI,
463	request.getMappingData());	463	request.getMappingData());
464	request.setContext((Context) request.getMappingData().context);	464	request.setContext((Context) request.getMappingData().context);
		465
		466	// Had to do this after the context was set.
		467	// Unfortunately parseSessionId is still necessary as it
		468	// affects the final URL. Safe as session cookies still
		469	// haven't been parsed.
		470	if (isURLRewritingDisabled(request))
		471	clearRequestedSessionURL(request);
465	request.setWrapper((Wrapper) request.getMappingData().wrapper);	472	request.setWrapper((Wrapper) request.getMappingData().wrapper);
466		473
467	// Filter trace method	474	// Filter trace method
Lines 516-521 Link Here
516	return true;	523	return true;
517	}	524	}
518		525
		526	private boolean isURLRewritingDisabled(Request request) {
		527	Context context = (Context) request.getMappingData().context;
		528	if (context != null)
		529	return (context.isDisableURLRewriting());
		530	else
		531	return (false);
		532	}
519		533
520	/**	534	/**
521	* Parse session id in URL.	535	* Parse session id in URL.
Lines 560-578 Link Here
560	}	574	}
561	request.setRequestedSessionURL(true);	575	request.setRequestedSessionURL(true);
562	} catch (UnsupportedEncodingException uee) {	576	} catch (UnsupportedEncodingException uee) {
563	// Make sure no session ID is returned	577	clearRequestedSessionURL(request);
564	request.setRequestedSessionId(null);
565	request.setRequestedSessionURL(false);
566	log.warn(sm.getString("coyoteAdapter.parseSession", enc), uee);	578	log.warn(sm.getString("coyoteAdapter.parseSession", enc), uee);
567	}	579	}
568	} else {	580	} else {
569	request.setRequestedSessionId(null);	581	clearRequestedSessionURL(request);
570	request.setRequestedSessionURL(false);
571	}	582	}
572		583
573	}	584	}
574		585
575		586
		587	private void clearRequestedSessionURL(Request request) {
		588	request.setRequestedSessionId(null);
		589	request.setRequestedSessionURL(false);
		590	}
		591
		592
576	/**	593	/**
577	* Parse session id in URL.	594	* Parse session id in URL.
578	*/	595	*/




     * <li>The requested session ID was not received via a cookie
     * <li>The specified URL points back to somewhere within the web
     *     application that is responding to this request
     * <li>If URL rewriting hasn't been disabled for this context
     * </ul>
     *
     * @param location Absolute URL to be validated
     */
    protected boolean isEncodeable(final String location) {
        if (getContext().isDisableURLRewriting())
            return (false);
        if (location == null)
            return (false);


Lines 341-346 Link Here

(-)java/org/apache/catalina/core/StandardContext.java (+37 lines)
341		341
342		342
343	/**	343	/**
		344	* Has URL rewriting been disabled.
		345	*/
		346	private boolean disableURLRewriting = false;
		347
		348
		349	/**
344	* The exception pages for this web application, keyed by fully qualified	350	* The exception pages for this web application, keyed by fully qualified
345	* class name of the Java exception.	351	* class name of the Java exception.
346	*/	352	*/
Lines 1461-1466 Link Here
1461	this.docBase = docBase;	1467	this.docBase = docBase;
1462		1468
1463	}	1469	}
		1470
		1471	/**
		1472	* Is URL rewriting disabled?
		1473	* URL rewriting is an optional component of the servlet 2.5 specification.
		1474	* However if set to true this will be non-compliant with the specification
		1475	* as the specification requires that there <b>must</b> be a way to retain
		1476	* sessions if the client doesn't allow session cookies.
		1477	*
		1478	* @return true If URL rewriting is disabled.
		1479	*
		1480	* @see <a href="http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html">Servlet
		1481	* 2.5 Specification. Sections SRV.7.1.3 and SRV.7.1.4</a>
		1482	* @see javax.servlet.http.HttpServletResponse#encodeURL(String) encodeURL
		1483	* @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(String)
		1484	* encodeRedirectURL
		1485	*/
		1486	public boolean isDisableURLRewriting() {
		1487	return (this.disableURLRewriting);
		1488	}
		1489
		1490	/**
		1491	* Sets the disabling of URL Rewriting.
		1492	* @param disable True to disable URL Rewriting. Default <b>false</b>.
		1493	*/
		1494	public void setDisableURLRewriting(boolean disable){
		1495	boolean oldDisableURLRewriting = this.isDisableURLRewriting();
		1496	this.disableURLRewriting = disable;
		1497	support.firePropertyChange("disableURLRewriting",
		1498	oldDisableURLRewriting, disableURLRewriting);
		1499
		1500	}
1464		1501
1465	// experimental	1502	// experimental
1466	public boolean isLazy() {	1503	public boolean isLazy() {

Lines 135-140 Link Here

(-)java/org/apache/catalina/core/mbeans-descriptors.xml (+5 lines)
135	description="String deployment descriptor "	135	description="String deployment descriptor "
136	type="java.lang.String"/>	136	type="java.lang.String"/>
137		137
		138	<attribute name="disableURLRewriting"
		139	description="Is URL Rewriting disabled?"
		140	is="true"
		141	type="boolean"/>
		142
138	<attribute name="docBase"	143	<attribute name="docBase"
139	description="The document root for this web application"	144	description="The document root for this web application"
140	type="java.lang.String"/>	145	type="java.lang.String"/>

Return to bug 49811

Lines 325-330 Link Here

(-)java/org/apache/catalina/Context.java (+29 lines)
325	* @param docBase The new document root	325	* @param docBase The new document root
326	*/	326	*/
327	public void setDocBase(String docBase);	327	public void setDocBase(String docBase);
		328
		329
		330	/**
		331	* Is URL rewriting disabled?
		332	* URL rewriting is an optional component of the servlet 2.5 specification.
		333	* However if set to true this will be non-compliant with the specification
		334	* as the specification requires that there <b>must</b> be a way to retain
		335	* sessions if the client doesn't allow session cookies.
		336	*
		337	* @return true If URL rewriting is disabled.
		338	*
		339	* @see <a href="http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html">Servlet
		340	* 2.5 Specification. Sections SRV.7.1.3 and SRV.7.1.4</a>
		341	* @see javax.servlet.http.HttpServletResponse#encodeURL(String) encodeURL
		342	* @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(String)
		343	* encodeRedirectURL
		344	*/
		345	public boolean isDisableURLRewriting();
		346
		347	/**
		348	* Is URL rewriting disabled?
		349	* URL rewriting is an optional component of the servlet 2.5 specification.
		350	* However if set to true this will be non-compliant with the specification
		351	* as the specification requires that there <b>must</b> be a way to retain
		352	* sessions if the client doesn't allow session cookies.
		353	*
		354	* @param disable True to disable URL Rewriting. Default <b>false</b>.
		355	*/
		356	public void setDisableURLRewriting(boolean disable);
328		357
329		358
330	/**	359	/**

Lines 1479-1490 Link Here

(-)java/org/apache/catalina/connector/Response.java (-1 / +3 lines)
1479	* <li>The requested session ID was not received via a cookie	1479	* <li>The requested session ID was not received via a cookie
1480	* <li>The specified URL points back to somewhere within the web	1480	* <li>The specified URL points back to somewhere within the web
1481	* application that is responding to this request	1481	* application that is responding to this request
		1482	* <li>If URL rewriting hasn't been disabled for this context
1482	* </ul>	1483	* </ul>
1483	*	1484	*
1484	* @param location Absolute URL to be validated	1485	* @param location Absolute URL to be validated
1485	*/	1486	*/
1486	protected boolean isEncodeable(final String location) {	1487	protected boolean isEncodeable(final String location) {
1487		1488	if (getContext().isDisableURLRewriting())
		1489	return (false);
1488	if (location == null)	1490	if (location == null)
1489	return (false);	1491	return (false);
1490		1492