diff options
6 files changed, 70 insertions, 34 deletions
diff --git a/VERSION.txt b/VERSION.txt index e11600c720..dc61713b9c 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1,6 +1,6 @@ jetty-7.1.0.RC1-SNAPSHOT - + 291448 encodeRedirectURL only encodes absolute URLs to same host/port/context + + 291448 SessionManager has isCheckingRemoteSessionIdEncoding + 297104 HTTP CONNECT does not work correct with SSL destinations + 308848 Update test suite to JUnit4 - Module jetty-ajp + 308861 Update test suite to JUnit4 - Module jetty-security diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java b/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java index 964a53f7c8..9fe3d70a88 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java @@ -154,16 +154,30 @@ public class Response implements HttpServletResponse */ public String encodeURL(String url) { - Request request=_connection.getRequest(); + final Request request=_connection.getRequest(); SessionManager sessionManager = request.getSessionManager(); if (sessionManager==null) return url; + + if (sessionManager.isCheckingRemoteSessionIdEncoding() && URIUtil.hasScheme(url)) + { + HttpURI uri = new HttpURI(url); + int port=uri.getPort(); + if (port<0) + port = HttpSchemes.HTTPS.equalsIgnoreCase(uri.getScheme())?443:80; + if (!request.getServerName().equalsIgnoreCase(uri.getHost()) || + request.getServerPort()!=port || + !uri.getPath().startsWith(request.getContextPath())) + return url; + } + String sessionURLPrefix = sessionManager.getSessionIdPathParameterNamePrefix(); if (sessionURLPrefix==null) return url; if (url==null) return null; + // should not encode if cookies in evidence if (request.isRequestedSessionIdFromCookie()) { @@ -188,15 +202,12 @@ public class Response implements HttpServletResponse if (session == null) return url; - // invalid session if (!sessionManager.isValid(session)) return url; String id=sessionManager.getNodeId(session); - - // TODO Check host and port are for this server // Already encoded int prefix=url.indexOf(sessionURLPrefix); if (prefix!=-1) @@ -223,28 +234,10 @@ public class Response implements HttpServletResponse /* ------------------------------------------------------------ */ /** - * Encode Redirect URL. - * <p>This method differs from {@link #encodeURL(String)}, in that it only encodes - * relative URLs or absolute URLs to the same host/port/contextPath as the request. + * @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(java.lang.String) */ public String encodeRedirectURL(String url) { - if (URIUtil.hasScheme(url)) - { - HttpURI uri = new HttpURI(url); - Request request=_connection.getRequest(); - int port=uri.getPort(); - if (port<0) - port = HttpSchemes.HTTPS.equalsIgnoreCase(uri.getScheme())?443:80; - if (request.getServerName().equalsIgnoreCase(uri.getHost()) && - request.getServerPort()==port && - uri.getPath().startsWith(request.getContextPath())) - - return encodeURL(url); - return url; - } - - return encodeURL(url); } diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/SessionManager.java b/jetty-server/src/main/java/org/eclipse/jetty/server/SessionManager.java index 95a005a39d..bdd9fe5d60 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/SessionManager.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/SessionManager.java @@ -28,7 +28,6 @@ import org.eclipse.jetty.util.component.LifeCycle; * Session Manager. * The API required to manage sessions for a servlet context. * - * */ public interface SessionManager extends LifeCycle { @@ -51,6 +50,7 @@ public interface SessionManager extends LifeCycle */ public final static String __SessionIdPathParameterNameProperty = "org.eclipse.jetty.servlet.SessionIdPathParameterName"; public final static String __DefaultSessionIdPathParameterName = "jsessionid"; + public final static String __CheckRemoteSessionEncoding = "org.eclipse.jetty.servlet.CheckingRemoteSessionIdEncoding"; /* ------------------------------------------------------------ */ @@ -326,4 +326,14 @@ public interface SessionManager extends LifeCycle * @return whether the session management is handled via cookies. */ public boolean isUsingCookies(); + + /** + * @return True if absolute URLs are check for remoteness before being session encoded. + */ + public boolean isCheckingRemoteSessionIdEncoding(); + + /** + * @param remote True if absolute URLs are check for remoteness before being session encoded. + */ + public void setCheckingRemoteSessionIdEncoding(boolean remote); } diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionManager.java b/jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionManager.java index fc835697e5..1e37a7d7bf 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionManager.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionManager.java @@ -51,7 +51,7 @@ import org.eclipse.jetty.util.statistic.SampleStatistic; * SessionManager interface provides the majority of the handling required to * implement a SessionManager. Concrete implementations of SessionManager based * on AbstractSessionManager need only implement the newSession method to return - * a specialized version of the Session inner class that provides an attribute + * a specialised version of the Session inner class that provides an attribute * Map. * <p> * @@ -87,6 +87,7 @@ public abstract class AbstractSessionManager extends AbstractLifeCycle implement protected int _maxCookieAge=-1; protected int _refreshCookieAge; protected boolean _nodeIdInSessionId; + protected boolean _checkingRemoteSessionIdEncoding; protected final CounterStatistic _sessionsStats = new CounterStatistic(); protected final SampleStatistic _sessionTimeStats = new SampleStatistic(); @@ -192,6 +193,10 @@ public abstract class AbstractSessionManager extends AbstractLifeCycle implement // set up the sessionPath if it isn't already if (_sessionPath==null) _sessionPath=_context.getInitParameter(SessionManager.__SessionPathProperty); + + tmp=_context.getInitParameter(SessionManager.__CheckRemoteSessionEncoding); + if (tmp!=null) + _checkingRemoteSessionIdEncoding=Boolean.parseBoolean(tmp); } super.doStart(); @@ -743,6 +748,24 @@ public abstract class AbstractSessionManager extends AbstractLifeCycle implement /* ------------------------------------------------------------ */ /** + * @see org.eclipse.jetty.server.SessionManager#isCheckingRemoteSessionIdEncoding() + */ + public boolean isCheckingRemoteSessionIdEncoding() + { + return _checkingRemoteSessionIdEncoding; + } + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.server.SessionManager#setCheckingRemoteSessionIdEncoding(boolean) + */ + public void setCheckingRemoteSessionIdEncoding(boolean remote) + { + _checkingRemoteSessionIdEncoding=remote; + } + + /* ------------------------------------------------------------ */ + /** * Null returning implementation of HttpSessionContext * * diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java index 5298e2a87e..b1f1ce9f48 100644 --- a/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java +++ b/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java @@ -338,19 +338,18 @@ public class ResponseTest extends TestCase request.setSessionManager(manager); request.setSession(new TestSession(manager,"12345")); + manager.setCheckingRemoteSessionIdEncoding(false); + assertEquals("http://myhost:8888/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost:8888/path/info;param?query=0&more=1#target")); - assertEquals("http://other:8888/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://other:8888/path/info;param?query=0&more=1#target")); - assertEquals("http://other:8888/path/info;param?query=0&more=1#target",response.encodeRedirectURL("http://other:8888/path/info;param?query=0&more=1#target")); - assertEquals("http://myhost/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost/path/info;param?query=0&more=1#target")); - assertEquals("http://myhost/path/info;param?query=0&more=1#target",response.encodeRedirectURL("http://myhost/path/info;param?query=0&more=1#target")); - assertEquals("http://myhost:8888/other/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost:8888/other/info;param?query=0&more=1#target")); - assertEquals("http://myhost:8888/other/info;param?query=0&more=1#target",response.encodeRedirectURL("http://myhost:8888/other/info;param?query=0&more=1#target")); - - + manager.setCheckingRemoteSessionIdEncoding(true); + assertEquals("http://myhost:8888/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost:8888/path/info;param?query=0&more=1#target")); + assertEquals("http://other:8888/path/info;param?query=0&more=1#target",response.encodeURL("http://other:8888/path/info;param?query=0&more=1#target")); + assertEquals("http://myhost/path/info;param?query=0&more=1#target",response.encodeURL("http://myhost/path/info;param?query=0&more=1#target")); + assertEquals("http://myhost:8888/other/info;param?query=0&more=1#target",response.encodeURL("http://myhost:8888/other/info;param?query=0&more=1#target")); } public void testSetBufferSize () diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/session/SessionHandlerTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/session/SessionHandlerTest.java index 1cfe113f1e..3ba42414d4 100644 --- a/jetty-server/src/test/java/org/eclipse/jetty/server/session/SessionHandlerTest.java +++ b/jetty-server/src/test/java/org/eclipse/jetty/server/session/SessionHandlerTest.java @@ -574,6 +574,17 @@ public class SessionHandlerTest extends TestCase { } + boolean _checkRemote=false; + public boolean isCheckingRemoteSessionIdEncoding() + { + return _checkRemote; + } + + public void setCheckingRemoteSessionIdEncoding(boolean remote) + { + _checkRemote=remote; + } + } } |