Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
dc16d53b
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
dc16d53b
编写于
10月 21, 2009
作者:
J
jccollet
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
6873543: CookieManager doesn't enforce httpOnly
Summary: Adds check for httpOnly tag and clarifies javadoc Reviewed-by: chegar
上级
316413c2
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
43 addition
and
4 deletion
+43
-4
src/share/classes/java/net/CookieHandler.java
src/share/classes/java/net/CookieHandler.java
+13
-3
src/share/classes/java/net/CookieManager.java
src/share/classes/java/net/CookieManager.java
+7
-0
test/java/net/CookieHandler/B6644726.java
test/java/net/CookieHandler/B6644726.java
+23
-1
未找到文件。
src/share/classes/java/net/CookieHandler.java
浏览文件 @
dc16d53b
...
...
@@ -101,11 +101,21 @@ public abstract class CookieHandler {
* Gets all the applicable cookies from a cookie cache for the
* specified uri in the request header.
*
* HTTP protocol implementers should make sure that this method is
* <P>The {@code URI} passed as an argument specifies the intended use for
* the cookies. In particular the scheme should reflect whether the cookies
* will be sent over http, https or used in another context like javascript.
* The host part should reflect either the destination of the cookies or
* their origin in the case of javascript.</P>
* <P>It is up to the implementation to take into account the {@code URI} and
* the cookies attributes and security settings to determine which ones
* should be returned.</P>
*
* <P>HTTP protocol implementers should make sure that this method is
* called after all request headers related to choosing cookies
* are added, and before the request is sent.
* are added, and before the request is sent.
</P>
*
* @param uri a <code>URI</code> to send cookies to in a request
* @param uri a <code>URI</code> representing the intended use for the
* cookies
* @param requestHeaders - a Map from request header
* field names to lists of field values representing
* the current request headers
...
...
src/share/classes/java/net/CookieManager.java
浏览文件 @
dc16d53b
...
...
@@ -218,6 +218,13 @@ public class CookieManager extends CookieHandler
// 'secure' cookies over unsecure links)
if
(
pathMatches
(
path
,
cookie
.
getPath
())
&&
(
secureLink
||
!
cookie
.
getSecure
()))
{
// Enforce httponly attribute
if
(
cookie
.
isHttpOnly
())
{
String
s
=
uri
.
getScheme
();
if
(!
"http"
.
equalsIgnoreCase
(
s
)
&&
!
"https"
.
equalsIgnoreCase
(
s
))
{
continue
;
}
}
// Let's check the authorize port list if it exists
String
ports
=
cookie
.
getPortlist
();
if
(
ports
!=
null
&&
!
ports
.
isEmpty
())
{
...
...
test/java/net/CookieHandler/B6644726.java
浏览文件 @
dc16d53b
...
...
@@ -23,7 +23,7 @@
/*
* @test
* @bug 6644726
* @bug 6644726
6873543
* @summary Cookie management issues
*/
...
...
@@ -170,6 +170,28 @@ public class B6644726 {
if
(
isIn
(
clst
,
"myCookie8="
))
{
fail
(
"A cookie with an invalid port list was returned"
);
}
// Test httpOnly flag (CR# 6873543)
lst
.
clear
();
map
.
clear
();
cm
.
getCookieStore
().
removeAll
();
lst
.
add
(
"myCookie11=httpOnlyTest; httpOnly"
);
map
.
put
(
"Set-Cookie"
,
lst
);
uri
=
new
URI
(
"http://www.sun.com/"
);
cm
.
put
(
uri
,
map
);
m
=
cm
.
get
(
uri
,
emptyMap
);
clst
=
m
.
get
(
"Cookie"
);
// URI scheme was http: so we should get the cookie
if
(!
isIn
(
clst
,
"myCookie11="
))
{
fail
(
"Missing cookie with httpOnly flag"
);
}
uri
=
new
URI
(
"javascript://www.sun.com/"
);
m
=
cm
.
get
(
uri
,
emptyMap
);
clst
=
m
.
get
(
"Cookie"
);
// URI scheme was neither http or https so we shouldn't get the cookie
if
(
isIn
(
clst
,
"myCookie11="
))
{
fail
(
"Should get the cookie with httpOnly when scheme is javascript:"
);
}
}
private
static
boolean
isIn
(
List
<
String
>
lst
,
String
cookie
)
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录