Permalink
Browse files

Complete harmonization RequestHeader getCookie with std ServletRequest

to use javax.servlet.http.Cookie parameters.
Depreciate now obsolete getHeaderCookies.
Adjust setting of MaxAge to spec if >= 0 otherwise keep default.
  • Loading branch information...
reger24 committed Jan 2, 2017
1 parent 396ed3c commit 68d4dc5cc50d93a5d55d63ff151d6255650c80d0
@@ -27,12 +27,9 @@
// javac -classpath .:../classes index.java
// if the shell's current path is HTROOT
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.Cookie;
import net.yacy.cora.protocol.RequestHeader;
import net.yacy.cora.protocol.ResponseHeader;
import net.yacy.cora.util.CommonPattern;
import net.yacy.server.serverObjects;
import net.yacy.server.serverSwitch;
import net.yacy.server.servletProperties;
@@ -53,22 +50,14 @@ public static serverObjects respond(final RequestHeader header, final serverObje
final servletProperties prop = new servletProperties();
if (post.containsKey("act") && "clear_cookie".equals(post.get("act"))) {
final ResponseHeader outgoingHeader = new ResponseHeader(200);
final Iterator<Map.Entry<String, String>> it = header.entrySet().iterator();
Map.Entry<String, String> e;
while (it.hasNext()) {
e = it.next();
if ("Cookie".equals(e.getKey())) {
final String cookies[] = CommonPattern.SEMICOLON.split(e.getValue());
for (final String cookie : cookies) {
final String nameValue[] = cookie.split("=");
outgoingHeader.setCookie(nameValue[0].trim(), nameValue.length > 1 ? (nameValue[1].trim()) : "");
}
Cookie[] cookies = header.getCookies();
if (cookies != null) {
for (final Cookie cookie : cookies) {
outgoingHeader.setCookie(cookie.getName(), cookie.getValue(), cookie.getMaxAge(), cookie.getPath(), cookie.getDomain(), cookie.getSecure());
}
}
prop.setOutgoingHeader(outgoingHeader);
prop.put("coockiesout", "0");
//header.
} else if (post.containsKey("act") && "set_cookie".equals(post.get("act"))) {
final String cookieName = post.get("cookie_name").trim();
@@ -80,15 +69,15 @@ public static serverObjects respond(final RequestHeader header, final serverObje
prop.put("cookiesin", "1");
prop.putHTML("cookiesin_0_name", cookieName);
prop.putHTML("cookiesin_0_value", cookieValue);
//header.
}
//prop.put("cookiesout", "1");
String[] cookielst = header.getHeaderCookies().split(";");
Cookie[] cookielst = header.getCookies();
int i = 0;
for (String singleco : cookielst) {
prop.putHTML("cookiesout_" + i + "_string", singleco + ";"); // output with ";" for compatiblity with cookiesin
i++;
if (cookielst != null) {
for (Cookie singleco : cookielst) {
prop.putHTML("cookiesout_" + i + "_string", singleco.getName() + "=" + singleco.getValue() + ";"); // output with ";" for compatiblity with cookiesin
i++;
}
}
prop.put("cookiesout", i);
return prop;
@@ -59,7 +59,7 @@ public static servletProperties respond(final RequestHeader requestHeader, final
prop.put("logged-in_identified-by", "1");
//try via cookie
}else{
entry=sb.userDB.cookieAuth(requestHeader.getHeaderCookies());
entry=sb.userDB.cookieAuth(requestHeader.getCookies());
prop.put("logged-in_identified-by", "2");
//try via ip
if(entry == null){
@@ -159,7 +159,7 @@ public static servletProperties respond(final RequestHeader requestHeader, final
prop.put("logged-in", "0");
if(entry != null){
final String ip = requestHeader.getRemoteAddr();
entry.logout((ip != null ? ip : "xxxxxx"), UserDB.getLoginToken(requestHeader.getHeaderCookies())); //todo: logout cookie
entry.logout((ip != null ? ip : "xxxxxx"), UserDB.getLoginToken(requestHeader.getCookies()));
}
try {
requestHeader.logout(); // servlet container session logout
@@ -152,8 +152,10 @@ public boolean accessFromLocalhost() {
*
* @return String with cookies separated by ';'
* @see getCookies()
* @deprecated depreceated since 1.92, use getCookies()
*/
public String getHeaderCookies() { // TODO: harmonize with standard getCookies
@Deprecated
public String getHeaderCookies() {
String cookiestring = this.get(COOKIE); // get from legacy or HttpServletRequest
if (cookiestring == null) {
return "";
@@ -158,7 +158,7 @@ public void setCookie(final String name, final String value, final Integer maxag
if (!name.isEmpty()) {
if (this.cookieStore == null) this.cookieStore = new ArrayList<Cookie>();
Cookie c = new Cookie (name, value);
if (maxage != null) c.setMaxAge(maxage);
if (maxage != null && maxage >= 0) c.setMaxAge(maxage);
if (path != null) c.setPath(path);
if (domain != null) c.setDomain(domain);
if (secure) c.setSecure(secure);
@@ -35,6 +35,7 @@
import java.util.Iterator;
import java.util.Map;
import java.util.Random;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import net.yacy.cora.document.encoding.UTF8;
@@ -43,7 +44,6 @@
import net.yacy.cora.order.Digest;
import net.yacy.cora.order.NaturalOrder;
import net.yacy.cora.protocol.RequestHeader;
import net.yacy.cora.util.CommonPattern;
import net.yacy.cora.util.ConcurrentLog;
import net.yacy.cora.util.SpaceExceededException;
import net.yacy.kelondro.blob.MapHeap;
@@ -159,15 +159,15 @@ public Entry proxyAuth(final String authHeader) {
}
public Entry getUser(final RequestHeader header){
return getUser(header.get(RequestHeader.AUTHORIZATION), header.getHeaderCookies());
return getUser(header.get(RequestHeader.AUTHORIZATION), header.getCookies());
}
public Entry getUser(final String auth, final String cookies){
public Entry getUser(final String auth, final Cookie[] cookies){
Entry entry=null;
if(auth != null) {
entry=proxyAuth(auth);
}
if(entry == null) {
if(entry == null && cookies != null) {
entry=cookieAuth(cookies);
}
return entry;
@@ -180,7 +180,7 @@ public Entry getUser(final String auth, final String cookies){
* @param auth http-headerline for authorisation.
* @param cookies
*/
public boolean hasAdminRight(final String auth, final String cookies) {
public boolean hasAdminRight(final String auth, final Cookie[] cookies) {
final Entry entry = getUser(auth, cookies);
return (entry != null) ? entry.hasRight(AccessRight.ADMIN_RIGHT) : false;
}
@@ -255,8 +255,15 @@ public Entry md5Auth(final String user, final String md5) {
return null;
}
public Entry cookieAuth(final String cookieString){
final String token = getLoginToken(cookieString);
/**
* Returns the user entry matching the cookie login token created and set
* on login.
*
* @param cookies
* @return user entry or null
*/
public Entry cookieAuth(final Cookie[] cookies){
final String token = getLoginToken(cookies);
if (cookieUsers.containsKey(token)) {
final Entry entry = cookieUsers.get(token);
return entry;
@@ -270,13 +277,18 @@ public String getCookie(final Entry entry){
cookieUsers.put(token, entry);
return token;
}
public static String getLoginToken(final String cookies){
final String[] cookie = CommonPattern.SEMICOLON.split(cookies); //TODO: Mozilla uses "; "
for (final String c :cookie) {
String[] pair = c.split("=");
if (pair[0].trim().equals("login")) {
return pair[1].trim();
/**
* Extracts the token set as value in a cookie with name "login"
* @param cookies
* @return login token string
*/
public static String getLoginToken(final Cookie[] cookies) {
if (cookies != null) {
for (final Cookie c : cookies) {
if (c.getName().equals("login")) {
return c.getValue().trim();
}
}
}
return "";
@@ -3574,7 +3574,7 @@ public int adminAuthenticated(final RequestHeader requestHeader) {
}
// authorization by hit in userDB (authtype username:encodedpassword - handed over by DefaultServlet)
if ( this.userDB.hasAdminRight(realmProp, requestHeader.getHeaderCookies()) ) {
if ( this.userDB.hasAdminRight(realmProp, requestHeader.getCookies()) ) {
adminAuthenticationLastAccess = System.currentTimeMillis();
return 4; //return, because 4=max
}

0 comments on commit 68d4dc5

Please sign in to comment.