[Statelessfilter-commits] SF.net SVN: statelessfilter:[94] trunk
Status: Beta
Brought to you by:
nricheton
Menu
▾
▴
[Statelessfilter-commits] SF.net SVN: statelessfilter:[94] trunk
|
From: <nri...@us...> - 2011-12-23 15:54:04
|
Revision: 94
http://statelessfilter.svn.sourceforge.net/statelessfilter/?rev=94&view=rev
Author: nricheton
Date: 2011-12-23 15:53:53 +0000 (Fri, 23 Dec 2011)
Log Message:
-----------
- Cleanup
- Support for X-Forwarded-For
Modified Paths:
--------------
trunk/pom.xml
trunk/stateless-cookie-aes/pom.xml
trunk/stateless-cookie-aes/src/main/java/net/sourceforge/statelessfilter/backend/aescookie/AESCookieBackend.java
trunk/stateless-cookie-aes-json/pom.xml
trunk/stateless-cookie-aes-json/src/main/java/net/sourceforge/statelessfilter/backend/jsonaescookie/JSONAESCookieBackend.java
trunk/stateless-core/pom.xml
trunk/stateless-core/src/main/java/net/sourceforge/statelessfilter/backend/support/CookieBackendSupport.java
trunk/stateless-memcache/pom.xml
trunk/stateless-memcache/src/main/java/net/sourceforge/statelessfilter/backend/memcache/MemcacheBackend.java
trunk/stateless-processor-cookie/pom.xml
trunk/stateless-processor-cookie/src/main/java/net/sourceforge/statelessfilter/processor/request/Cookie2AttributeProcessor.java
trunk/stateless-session/pom.xml
Added Paths:
-----------
trunk/stateless-core/src/main/java/net/sourceforge/statelessfilter/wrappers/StatelessRequestWrapperDev.java
trunk/stateless-core/src/test/java/net/sourceforge/statelessfilter/backend/XForwardedForTest.java
Removed Paths:
-------------
trunk/stateless-cookie-aes/src/main/java/META-INF/
trunk/stateless-cookie-aes-json/src/main/java/META-INF/
Modified: trunk/pom.xml
===================================================================
--- trunk/pom.xml 2011-12-22 16:18:16 UTC (rev 93)
+++ trunk/pom.xml 2011-12-23 15:53:53 UTC (rev 94)
@@ -4,7 +4,7 @@
<artifactId>stateless-parent</artifactId>
<packaging>pom</packaging>
<name>Stateless filter</name>
- <version>0.9-SNAPSHOT</version>
+ <version>0.8.1-SNAPSHOT</version>
<inceptionYear>2009</inceptionYear>
<mailingLists>
<mailingList>
@@ -119,6 +119,7 @@
<module>stateless-cookie-aes-json</module>
<module>stateless-memcache</module>
<module>stateless-processor-cookie</module>
+ <module>stateless-cookie-mac-json</module>
</modules>
<reporting>
<plugins>
Modified: trunk/stateless-cookie-aes/pom.xml
===================================================================
--- trunk/stateless-cookie-aes/pom.xml 2011-12-22 16:18:16 UTC (rev 93)
+++ trunk/stateless-cookie-aes/pom.xml 2011-12-23 15:53:53 UTC (rev 94)
@@ -2,7 +2,7 @@
<parent>
<artifactId>stateless-parent</artifactId>
<groupId>net.sourceforge.statelessfilter</groupId>
- <version>0.9-SNAPSHOT</version>
+ <version>0.8.1-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>stateless-cookie-aes</artifactId>
@@ -12,7 +12,7 @@
<dependency>
<groupId>net.sourceforge.statelessfilter</groupId>
<artifactId>stateless-core</artifactId>
- <version>0.9-SNAPSHOT</version>
+ <version>0.8.1-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
Modified: trunk/stateless-cookie-aes/src/main/java/net/sourceforge/statelessfilter/backend/aescookie/AESCookieBackend.java
===================================================================
--- trunk/stateless-cookie-aes/src/main/java/net/sourceforge/statelessfilter/backend/aescookie/AESCookieBackend.java 2011-12-22 16:18:16 UTC (rev 93)
+++ trunk/stateless-cookie-aes/src/main/java/net/sourceforge/statelessfilter/backend/aescookie/AESCookieBackend.java 2011-12-23 15:53:53 UTC (rev 94)
@@ -22,6 +22,7 @@
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
+import java.security.SignatureException;
import java.util.List;
import java.util.Map;
import java.util.zip.GZIPInputStream;
@@ -146,10 +147,10 @@
@Override
public ISessionData restore(HttpServletRequest request) {
- byte[] data = getCookieData(request, null);
+ try {
+ byte[] data = getCookieData(request, null);
- if (data != null) {
- try {
+ if (data != null) {
int index = ArrayUtils.indexOf(data, SEPARATOR.getBytes()[0]);
int size = Integer.parseInt(new String(ArrayUtils.subarray(
@@ -172,12 +173,12 @@
CookieDataSupport s = (CookieDataSupport) ois.readObject();
if (s.isValid()
- && s.getRemoteAddress().equals(request.getRemoteAddr())) {
+ && s.getRemoteAddress().equals(getFullRemoteAddr(request))) {
return s;
}
- } catch (Exception e) {
- logger.info(DESERIALIZE_ERROR, e);
}
+ } catch (Exception e) {
+ logger.info(DESERIALIZE_ERROR, e);
}
return null;
@@ -193,42 +194,46 @@
HttpServletRequest request, HttpServletResponse response)
throws IOException {
- if (session != null) {
- CookieDataSupport cookieData = new CookieDataSupport(session);
- cookieData.setRemoteAddress(request.getRemoteAddr());
+ try {
+ if (session != null) {
+ CookieDataSupport cookieData = new CookieDataSupport(session);
+ cookieData.setRemoteAddress(getFullRemoteAddr(request));
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- OutputStream outputStream = baos;
- if (compress) {
- outputStream = new GZIPOutputStream(outputStream);
- }
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ OutputStream outputStream = baos;
+ if (compress) {
+ outputStream = new GZIPOutputStream(outputStream);
+ }
- ObjectOutputStream oos = new ObjectOutputStream(outputStream);
- oos.writeObject(cookieData);
- oos.close();
- outputStream.close();
- baos.close();
+ ObjectOutputStream oos = new ObjectOutputStream(outputStream);
+ oos.writeObject(cookieData);
+ oos.close();
+ outputStream.close();
+ baos.close();
- byte[] data;
- try {
- Cipher encryptCipher = Cipher
- .getInstance(ENCRYPTION_WITH_PARAM);
- encryptCipher.init(Cipher.ENCRYPT_MODE, secretKey, iv);
- data = encryptCipher.doFinal(baos.toByteArray());
- } catch (Exception e) {
- throw new IOException(e.getMessage());
- }
+ byte[] data;
+ try {
+ Cipher encryptCipher = Cipher
+ .getInstance(ENCRYPTION_WITH_PARAM);
+ encryptCipher.init(Cipher.ENCRYPT_MODE, secretKey, iv);
+ data = encryptCipher.doFinal(baos.toByteArray());
+ } catch (Exception e) {
+ throw new IOException(e.getMessage());
+ }
- byte[] size = (data.length + SEPARATOR).getBytes();
+ byte[] size = (data.length + SEPARATOR).getBytes();
- setCookieData(request, response, ArrayUtils.addAll(size, data));
+ setCookieData(request, response, ArrayUtils.addAll(size, data));
- if (logger.isDebugEnabled()) {
- logger.debug("Cookie size : " + ArrayUtils.addAll(size, data).length); //$NON-NLS-1$
+ if (logger.isDebugEnabled()) {
+ logger.debug("Cookie size : " + ArrayUtils.addAll(size, data).length); //$NON-NLS-1$
+ }
+
+ } else {
+ setCookieData(request, response, null);
}
-
- } else {
- setCookieData(request, response, null);
+ } catch (SignatureException e) {
+ throw new IOException(e);
}
}
}
Modified: trunk/stateless-cookie-aes-json/pom.xml
===================================================================
--- trunk/stateless-cookie-aes-json/pom.xml 2011-12-22 16:18:16 UTC (rev 93)
+++ trunk/stateless-cookie-aes-json/pom.xml 2011-12-23 15:53:53 UTC (rev 94)
@@ -2,7 +2,7 @@
<parent>
<artifactId>stateless-parent</artifactId>
<groupId>net.sourceforge.statelessfilter</groupId>
- <version>0.9-SNAPSHOT</version>
+ <version>0.8.1-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>stateless-cookie-aes-json</artifactId>
@@ -25,8 +25,7 @@
<dependency>
<groupId>net.sourceforge.statelessfilter</groupId>
<artifactId>stateless-core</artifactId>
- <version>0.9-SNAPSHOT</version>
- <scope>compile</scope>
+ <version>0.8.1-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
@@ -59,5 +58,11 @@
<artifactId>jackson-core-asl</artifactId>
<version>1.9.3</version>
</dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.10</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
\ No newline at end of file
Modified: trunk/stateless-cookie-aes-json/src/main/java/net/sourceforge/statelessfilter/backend/jsonaescookie/JSONAESCookieBackend.java
===================================================================
--- trunk/stateless-cookie-aes-json/src/main/java/net/sourceforge/statelessfilter/backend/jsonaescookie/JSONAESCookieBackend.java 2011-12-22 16:18:16 UTC (rev 93)
+++ trunk/stateless-cookie-aes-json/src/main/java/net/sourceforge/statelessfilter/backend/jsonaescookie/JSONAESCookieBackend.java 2011-12-23 15:53:53 UTC (rev 94)
@@ -16,6 +16,7 @@
package net.sourceforge.statelessfilter.backend.jsonaescookie;
import java.io.IOException;
+import java.security.SignatureException;
import java.util.List;
import java.util.Map;
@@ -101,7 +102,7 @@
}
/**
- * Loads key and iv for encryption and performs normal init.
+ * Loads key and iv for encryption and performs normal init.
*
* @throws Exception
* @see com.capgemini.stateless.backend.plaincookie.ISessionBackend#init(java.util.Map)
@@ -128,11 +129,11 @@
*/
@Override
public ISessionData restore(HttpServletRequest request) {
+ try {
- byte[] data = getCookieData(request, null);
+ byte[] data = getCookieData(request, null);
- if (data != null) {
- try {
+ if (data != null) {
int index = ArrayUtils.indexOf(data, SEPARATOR.getBytes()[0]);
int size = Integer.parseInt(new String(ArrayUtils.subarray(
@@ -150,12 +151,12 @@
CookieDataSupport.class);
if (s.isValid()
- && s.getRemoteAddress().equals(request.getRemoteAddr())) {
+ && s.getRemoteAddress().equals(getFullRemoteAddr(request))) {
return s;
}
- } catch (Exception e) {
- logger.info(DESERIALIZE_ERROR, e);
}
+ } catch (Exception e) {
+ logger.info(DESERIALIZE_ERROR, e);
}
return null;
@@ -170,33 +171,36 @@
public void save(ISessionData session, List<String> dirtyAttributes,
HttpServletRequest request, HttpServletResponse response)
throws IOException {
+ try {
+ if (session != null) {
+ CookieDataSupport cookieData = new CookieDataSupport(session);
+ cookieData.setRemoteAddress(getFullRemoteAddr(request));
- if (session != null) {
- CookieDataSupport cookieData = new CookieDataSupport(session);
- cookieData.setRemoteAddress(request.getRemoteAddr());
+ String dataString = mapper.writeValueAsString(cookieData);
- String dataString = mapper.writeValueAsString(cookieData);
+ byte[] data;
+ try {
+ Cipher encryptCipher = Cipher
+ .getInstance(ENCRYPTION_WITH_PARAM);
+ encryptCipher.init(Cipher.ENCRYPT_MODE, secretKey, iv);
+ data = encryptCipher.doFinal(dataString.getBytes());
+ } catch (Exception e) {
+ throw new IOException(e.getMessage());
+ }
- byte[] data;
- try {
- Cipher encryptCipher = Cipher
- .getInstance(ENCRYPTION_WITH_PARAM);
- encryptCipher.init(Cipher.ENCRYPT_MODE, secretKey, iv);
- data = encryptCipher.doFinal(dataString.getBytes());
- } catch (Exception e) {
- throw new IOException(e.getMessage());
- }
+ byte[] size = (data.length + SEPARATOR).getBytes();
- byte[] size = (data.length + SEPARATOR).getBytes();
+ setCookieData(request, response, ArrayUtils.addAll(size, data));
- setCookieData(request, response, ArrayUtils.addAll(size, data));
+ if (logger.isDebugEnabled()) {
+ logger.debug("Cookie size : " + ArrayUtils.addAll(size, data).length); //$NON-NLS-1$
+ }
- if (logger.isDebugEnabled()) {
- logger.debug("Cookie size : " + ArrayUtils.addAll(size, data).length); //$NON-NLS-1$
+ } else {
+ setCookieData(request, response, null);
}
-
- } else {
- setCookieData(request, response, null);
+ } catch (SignatureException e) {
+ throw new IOException(e);
}
}
}
Modified: trunk/stateless-core/pom.xml
===================================================================
--- trunk/stateless-core/pom.xml 2011-12-22 16:18:16 UTC (rev 93)
+++ trunk/stateless-core/pom.xml 2011-12-23 15:53:53 UTC (rev 94)
@@ -2,7 +2,7 @@
<parent>
<artifactId>stateless-parent</artifactId>
<groupId>net.sourceforge.statelessfilter</groupId>
- <version>0.9-SNAPSHOT</version>
+ <version>0.8.1-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>stateless-core</artifactId>
Modified: trunk/stateless-core/src/main/java/net/sourceforge/statelessfilter/backend/support/CookieBackendSupport.java
===================================================================
--- trunk/stateless-core/src/main/java/net/sourceforge/statelessfilter/backend/support/CookieBackendSupport.java 2011-12-22 16:18:16 UTC (rev 93)
+++ trunk/stateless-core/src/main/java/net/sourceforge/statelessfilter/backend/support/CookieBackendSupport.java 2011-12-23 15:53:53 UTC (rev 94)
@@ -16,6 +16,7 @@
import java.io.IOException;
import java.security.SignatureException;
import java.util.ArrayList;
+import java.util.Enumeration;
import java.util.List;
import java.util.Map;
@@ -56,215 +57,231 @@
*
*/
public abstract class CookieBackendSupport implements ISessionBackend {
- /**
- * If cookie data exceed this value, multiple cookie are created.
- */
- private static final int COOKIE_MAX_SIZE = 3000;
- private static Logger logger = LoggerFactory.getLogger(CookieBackendSupport.class);
+ /**
+ * If cookie data exceed this value, multiple cookie are created.
+ */
+ private static final int COOKIE_MAX_SIZE = 3000;
+ private static Logger logger = LoggerFactory.getLogger(CookieBackendSupport.class);
- /* Constants used in properties */
- private static final String PARAM_COOKIEDOMAIN = "cookiedomain"; //$NON-NLS-1$
- private static final String PARAM_COOKIEMAXAGE = "cookiemaxage"; //$NON-NLS-1$
- private static final String PARAM_COOKIENAME = "cookiename"; //$NON-NLS-1$
- private static final String PARAM_COOKIEPATH = "cookiepath"; //$NON-NLS-1$
+ /* Constants used in properties */
+ private static final String PARAM_COOKIEDOMAIN = "cookiedomain"; //$NON-NLS-1$
+ private static final String PARAM_COOKIEMAXAGE = "cookiemaxage"; //$NON-NLS-1$
+ private static final String PARAM_COOKIENAME = "cookiename"; //$NON-NLS-1$
+ private static final String PARAM_COOKIEPATH = "cookiepath"; //$NON-NLS-1$
- /**
- * Constant used to store the number of cookie segment within a single
- * request. This information is used for cleaning.
- *
- * <p>
- * Constant value depends of the cookie name.
- *
- * @see CookieBackendSupport#setCookieName(String)
- */
- private String ATTR_COUNT = "stateless.session.count"; //$NON-NLS-1$
+ /**
+ * Constant used to store the number of cookie segment within a single
+ * request. This information is used for cleaning.
+ *
+ * <p>
+ * Constant value depends of the cookie name.
+ *
+ * @see CookieBackendSupport#setCookieName(String)
+ */
+ private String ATTR_COUNT = "stateless.session.count"; //$NON-NLS-1$
- /* Default values */
- protected String cookieName = "session"; //$NON-NLS-1$
- protected String domain = null;
- protected Integer maxAge = null;
- protected String path = "/"; //$NON-NLS-1$
+ /* Default values */
+ protected String cookieName = "session"; //$NON-NLS-1$
+ protected String domain = null;
+ protected Integer maxAge = null;
+ protected String path = "/"; //$NON-NLS-1$
- /**
- * @see net.sourceforge.statelessfilter.backend.ISessionBackend#destroy()
- */
- abstract public void destroy();
+ /**
+ * @see net.sourceforge.statelessfilter.backend.ISessionBackend#destroy()
+ */
+ abstract public void destroy();
- /**
- * @see net.sourceforge.statelessfilter.backend.ISessionBackend#getId()
- */
- abstract public String getId();
+ /**
+ * @see net.sourceforge.statelessfilter.backend.ISessionBackend#getId()
+ */
+ abstract public String getId();
- /**
- * Read cookie configuration : name, path, domain and maxAge.
- *
- * @see net.sourceforge.statelessfilter.backend.ISessionBackend#init(java.util.Map)
- */
- public void init(Map<String, String> config) throws Exception {
- // Name
- String name = config.get(PARAM_COOKIENAME);
- if (!StringUtils.isEmpty(name)) {
- setCookieName(name);
- }
+ /**
+ * Read cookie configuration : name, path, domain and maxAge.
+ *
+ * @see net.sourceforge.statelessfilter.backend.ISessionBackend#init(java.util.Map)
+ */
+ public void init(Map<String, String> config) throws Exception {
+ // Name
+ String name = config.get(PARAM_COOKIENAME);
+ if (!StringUtils.isEmpty(name)) {
+ setCookieName(name);
+ }
- // Path
- String path = config.get(PARAM_COOKIEPATH);
- if (!StringUtils.isEmpty(path)) {
- this.path = path;
- }
+ // Path
+ String path = config.get(PARAM_COOKIEPATH);
+ if (!StringUtils.isEmpty(path)) {
+ this.path = path;
+ }
- // Domain
- String domain = config.get(PARAM_COOKIEDOMAIN);
- if (!StringUtils.isEmpty(domain)) {
- this.domain = domain;
- }
+ // Domain
+ String domain = config.get(PARAM_COOKIEDOMAIN);
+ if (!StringUtils.isEmpty(domain)) {
+ this.domain = domain;
+ }
- // MaxAge
- String maxAge = config.get(PARAM_COOKIEMAXAGE);
- if (!StringUtils.isEmpty(maxAge)) {
- this.maxAge = new Integer(Integer.parseInt(maxAge));
- }
+ // MaxAge
+ String maxAge = config.get(PARAM_COOKIEMAXAGE);
+ if (!StringUtils.isEmpty(maxAge)) {
+ this.maxAge = new Integer(Integer.parseInt(maxAge));
+ }
- }
+ }
- /**
- * Buffering only headers should be enough for most cases. But if the
- * application updates session after sending response body, switch to full
- * buffering in configuration.
- *
- * @see net.sourceforge.statelessfilter.backend.ISessionBackend#isBufferingRequired()
- */
- public String isBufferingRequired() {
- return Configuration.BUFFERING_HEADERS;
- }
+ /**
+ * Buffering only headers should be enough for most cases. But if the
+ * application updates session after sending response body, switch to full
+ * buffering in configuration.
+ *
+ * @see net.sourceforge.statelessfilter.backend.ISessionBackend#isBufferingRequired()
+ */
+ public String isBufferingRequired() {
+ return Configuration.BUFFERING_HEADERS;
+ }
- /**
- * @see net.sourceforge.statelessfilter.backend.ISessionBackend#restore(javax.servlet.http.HttpServletRequest)
- */
- abstract public ISessionData restore(HttpServletRequest request);
+ /**
+ * @see net.sourceforge.statelessfilter.backend.ISessionBackend#restore(javax.servlet.http.HttpServletRequest)
+ */
+ abstract public ISessionData restore(HttpServletRequest request);
- /**
- * @see net.sourceforge.statelessfilter.backend.ISessionBackend#save(net.sourceforge.statelessfilter.backend.ISessionData,
- * java.util.List, javax.servlet.http.HttpServletRequest,
- * javax.servlet.http.HttpServletResponse)
- */
- abstract public void save(ISessionData session, List<String> dirtyAttributes, HttpServletRequest request,
- HttpServletResponse response) throws IOException;
+ /**
+ * @see net.sourceforge.statelessfilter.backend.ISessionBackend#save(net.sourceforge.statelessfilter.backend.ISessionData,
+ * java.util.List, javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse)
+ */
+ abstract public void save(ISessionData session, List<String> dirtyAttributes, HttpServletRequest request,
+ HttpServletResponse response) throws IOException;
- /**
- * @deprecated see :{@link CookieUtils}
- * @param request
- * @param content
- * @return
- */
- @Deprecated
- protected Cookie createCookie(String name, String content) {
- try {
- return CookieUtils.createCookie(name, content, domain, path, maxAge);
- } catch (SignatureException e) {
- logger.error("Error creating cookie", e); //$NON-NLS-1$
- }
- return null;
- }
+ /**
+ * Read raw data from cookie.
+ *
+ * @param request
+ * @param response
+ * @return
+ * @throws SignatureException
+ */
+ protected byte[] getCookieData(HttpServletRequest request, HttpServletResponse response) throws SignatureException {
+ return getCookieData(request, response, false, null);
+ }
- /**
- * @deprecated see :{@link CookieUtils}
- * @param request
- * @param name
- * @return
- */
- @Deprecated
- protected Cookie getCookie(HttpServletRequest request, String name) {
- try {
- return CookieUtils.getCookie(request, name);
- } catch (SignatureException e) {
- logger.error("Error sending cookie", e); //$NON-NLS-1$
- }
- return null;
- }
+ protected byte[] getCookieData(HttpServletRequest request, HttpServletResponse response, boolean signed, String key)
+ throws SignatureException {
+ int i = 0;
+ Cookie c = null;
+ StringBuilder data = new StringBuilder();
- /**
- * Read raw data from cookie.
- *
- * @param request
- * @param response
- * @return
- */
- protected byte[] getCookieData(HttpServletRequest request, HttpServletResponse response) {
- int i = 0;
- Cookie c = null;
- StringBuilder data = new StringBuilder();
+ while ((c = CookieUtils.getCookie(request, cookieName + i, signed, key)) != null) {
+ data.append(c.getValue());
+ i++;
+ }
- while ((c = getCookie(request, cookieName + i)) != null) {
- data.append(c.getValue());
- i++;
- }
+ request.setAttribute(ATTR_COUNT, new Integer(i));
- request.setAttribute(ATTR_COUNT, new Integer(i));
+ String dataString = data.toString();
+ if (dataString.length() == 0) {
+ return null;
+ }
+ return Base64.decodeBase64(dataString);
+ }
- String dataString = data.toString();
- if (dataString.length() == 0) {
- return null;
- }
- return Base64.decodeBase64(dataString);
- }
+ /**
+ * Set raw data in a cookie. Data is split in several cookies if it exceeds
+ * max cookie length.
+ * <p>
+ * Also ensure that the reponse cannot be cached (Cache-control header set
+ * to private/no-cache/no-store/must-revalidate)
+ *
+ * @param request
+ * @param response
+ * @param data
+ * @throws SignatureException
+ */
+ protected void setCookieData(HttpServletRequest request, HttpServletResponse response, byte[] data)
+ throws SignatureException {
+ setCookieData(request, response, data, false, null);
+ }
- /**
- * Set raw data in a cookie. Data is split in several cookies if it exceeds
- * max cookie length.
- * <p>
- * Also ensure that the reponse cannot be cached (Cache-control header set
- * to private/no-cache/no-store/must-revalidate)
- *
- * @param request
- * @param response
- * @param data
- */
- protected void setCookieData(HttpServletRequest request, HttpServletResponse response, byte[] data) {
- // As soon as we send a session cookie, the response must not be cached.
- response.setHeader("Cache-Control", "private, no-cache, no-store, must-revalidate");
+ protected void setCookieData(HttpServletRequest request, HttpServletResponse response, byte[] data, boolean sign,
+ String key) throws SignatureException {
+ // As soon as we send a session cookie, the response must not be cached.
+ response.setHeader("Cache-Control", "private, no-cache, no-store, must-revalidate");
- String encoded = StringUtils.EMPTY;
- if (data != null) {
- encoded = new String(Base64.encodeBase64(data));
- }
+ String encoded = StringUtils.EMPTY;
+ if (data != null) {
+ encoded = new String(Base64.encodeBase64(data));
+ }
- ArrayList<String> splittedData = new ArrayList<String>();
- while (encoded.length() > COOKIE_MAX_SIZE) {
- splittedData.add(encoded.substring(0, COOKIE_MAX_SIZE));
- encoded = encoded.substring(COOKIE_MAX_SIZE);
- }
- if (encoded.length() > 0) {
- splittedData.add(encoded);
- }
+ ArrayList<String> splittedData = new ArrayList<String>();
+ while (encoded.length() > COOKIE_MAX_SIZE) {
+ splittedData.add(encoded.substring(0, COOKIE_MAX_SIZE));
+ encoded = encoded.substring(COOKIE_MAX_SIZE);
+ }
+ if (encoded.length() > 0) {
+ splittedData.add(encoded);
+ }
- int i = 0;
- Cookie c = null;
- for (String datapart : splittedData) {
- c = createCookie(cookieName + i, datapart);
- response.addCookie(c);
- i++;
- }
+ int i = 0;
+ Cookie c = null;
+ for (String datapart : splittedData) {
+ c = CookieUtils.createCookie(cookieName + i, datapart, domain, path, maxAge, sign, key);
+ response.addCookie(c);
+ i++;
+ }
- // Clear no longer used segments.
- int previousCount = ((Integer) request.getAttribute(ATTR_COUNT)).intValue();
- while (i < previousCount) {
- c = createCookie(cookieName + i, StringUtils.EMPTY);
- response.addCookie(c);
- i++;
- }
+ // Clear no longer used segments.
+ int previousCount = ((Integer) request.getAttribute(ATTR_COUNT)).intValue();
+ while (i < previousCount) {
+ c = CookieUtils.createCookie(cookieName + i, StringUtils.EMPTY, domain, path, maxAge, sign, key);
+ response.addCookie(c);
+ i++;
+ }
- }
+ }
- /**
- * Set the name of the cookie and update internal values accordingly.
- *
- * @param cookieName
- */
- protected void setCookieName(String cookieName) {
- this.cookieName = cookieName;
+ /**
+ * Set the name of the cookie and update internal values accordingly.
+ *
+ * @param cookieName
+ */
+ protected void setCookieName(String cookieName) {
+ this.cookieName = cookieName;
- // Update constant to inclue cookie name.
- ATTR_COUNT = "stateless." + cookieName + ".count"; //$NON-NLS-1$ //$NON-NLS-2$
- }
+ // Update constant to inclue cookie name.
+ ATTR_COUNT = "stateless." + cookieName + ".count"; //$NON-NLS-1$ //$NON-NLS-2$
+ }
+
+ /**
+ * Get request remote address. If a proxy was in use, all X-Forwarded-For
+ * headers are also returned.
+ *
+ * @param request
+ * @return
+ */
+ protected String getFullRemoteAddr(HttpServletRequest request) {
+ StringBuilder sb = new StringBuilder();
+ Enumeration<?> headers = request.getHeaders("X-Forwarded-For");
+
+ if (headers != null) {
+ logger.info("X-Forwarded-For headers found.");
+ while (headers.hasMoreElements()) {
+ String h = (String) headers.nextElement();
+ String[] splitted = StringUtils.split(h, ",");
+
+ for (String s : splitted) {
+ if (sb.length() > 0)
+ sb.append(",");
+ sb.append(s.trim());
+ }
+ }
+ }
+
+ if (sb.length() > 0)
+ sb.append(",");
+ sb.append(request.getRemoteAddr());
+
+ if (logger.isInfoEnabled()) {
+ logger.info("Remote ip address : " + sb.toString());
+ }
+ return sb.toString();
+ }
}
Added: trunk/stateless-core/src/main/java/net/sourceforge/statelessfilter/wrappers/StatelessRequestWrapperDev.java
===================================================================
--- trunk/stateless-core/src/main/java/net/sourceforge/statelessfilter/wrappers/StatelessRequestWrapperDev.java (rev 0)
+++ trunk/stateless-core/src/main/java/net/sourceforge/statelessfilter/wrappers/StatelessRequestWrapperDev.java 2011-12-23 15:53:53 UTC (rev 94)
@@ -0,0 +1,356 @@
+/*
+ * Copyright 2009-2010 Capgemini Licensed under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package net.sourceforge.statelessfilter.wrappers;
+
+import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import net.sourceforge.statelessfilter.backend.ISessionBackend;
+import net.sourceforge.statelessfilter.backend.ISessionData;
+import net.sourceforge.statelessfilter.filter.Configuration;
+import net.sourceforge.statelessfilter.session.SessionData;
+import net.sourceforge.statelessfilter.session.StatelessSession;
+
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Stateless request wrapper
+ *
+ * @author Nicolas Richeton - Capgemini
+ *
+ */
+public class StatelessRequestWrapperDev extends HttpServletRequestWrapper {
+ private static final String INFO_USES = "{} uses {}"; //$NON-NLS-1$
+ private static final String INFO_USES_DEFAULT = "{} uses default {}"; //$NON-NLS-1$
+ // private static final String WARN_SESSION_SYNC = "Session are not synchronized between backends. Reseting..."; //$NON-NLS-1$
+ Configuration backends = null;
+ Logger logger = LoggerFactory.getLogger(StatelessRequestWrapperDev.class);
+ HttpServletRequest originalRequest = null;
+
+ StatelessSession session = null;
+
+ /**
+ * Create a new request wrapper.
+ *
+ * @param request
+ * @param backends
+ */
+ public StatelessRequestWrapperDev(HttpServletRequest request,
+ Configuration backends) {
+ super(request);
+ originalRequest = request;
+ this.backends = backends;
+ }
+
+ /**
+ * Returns real server session.
+ *
+ * @return
+ */
+ public HttpSession getServerSession() {
+ return super.getSession();
+ }
+
+ /**
+ * (non-Javadoc)
+ *
+ * @see javax.servlet.http.HttpServletRequestWrapper#getSession()
+ */
+ @Override
+ public HttpSession getSession() {
+ if (session == null) {
+ try {
+ session = createSession();
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(e);
+ }
+ }
+ return session;
+ }
+
+ /**
+ * (non-Javadoc)
+ *
+ * @see javax.servlet.http.HttpServletRequestWrapper#getSession(boolean)
+ */
+ @Override
+ public HttpSession getSession(boolean create) {
+ if (create) {
+ return getSession();
+ }
+
+ if (session == null) {
+ try {
+ session = restoreSession();
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ return session;
+ }
+
+ /**
+ * Stores session in backends
+ *
+ * @param myrequest
+ * @param myresponse
+ * @throws IOException
+ */
+ public void writeSession(HttpServletRequest myrequest,
+ HttpServletResponse myresponse) throws IOException {
+
+ // If there is a session (session requested by the application)
+ if (session != null) {
+
+ // Session has changed ?
+ if (backends.useDirty && !session.isDirty()) {
+ logger.info("Session has not changed."); //$NON-NLS-1$
+ return;
+ }
+
+ long requestId = System.currentTimeMillis();
+ session.setNew(false);
+
+ // Dispatch attributes between backends according to configuration
+
+ // Session attributes
+ Map<String, Object> sessionAttributes = session.getContent();
+ // Session attributes which were modified during the request
+ List<String> modifiedAttributes = session.getDirtyAttributes();
+
+ // Backends flagged as dirty during dispatch
+ List<String> modifiedBackends = new ArrayList<String>();
+
+ // Remaining modified attributes to process
+ List<String> remainingModifiedAttributes = new ArrayList<String>(
+ modifiedAttributes);
+ // Attributes for each backend
+ Map<String, ISessionData> attributesDispatched = new HashMap<String, ISessionData>();
+ Map<String, List<String>> modifiedAttributesDispatched = new HashMap<String, List<String>>();
+
+ for (String name : sessionAttributes.keySet()) {
+ if (isAttributeMapped(name)) {
+ // Add attribute to backend session
+ getBackendSessionData(attributesDispatched,
+ backends.backendsAttributeMapping.get(name),
+ requestId).getContent().put(name,
+ sessionAttributes.get(name));
+
+ // Add attribute name as modified for this backend
+ if( remainingModifiedAttributes.contains(name))
+ getBackendModifiedAttributes(modifiedAttributesDispatched,
+ backends.backendsAttributeMapping.get(name)).add(
+ name);
+
+ // Set backend modified.
+ setModified(modifiedBackends, modifiedAttributes, name);
+
+ logger.info(INFO_USES, name,
+ backends.backendsAttributeMapping.get(name));
+
+ } else {
+ getBackendSessionData(attributesDispatched,
+ backends.defaultBackend, requestId).getContent()
+ .put(name, sessionAttributes.get(name));
+
+ if( remainingModifiedAttributes.contains(name))
+ getBackendModifiedAttributes(modifiedAttributesDispatched,
+ backends.defaultBackend).add(name);
+
+ setModified(modifiedBackends, modifiedAttributes, name);
+ logger.info(INFO_USES_DEFAULT, name,
+ backends.defaultBackend);
+
+ }
+
+ // Remove attribute from remaining attributes to process
+ remainingModifiedAttributes.remove(name);
+ }
+
+ // Process remaining attributes
+ for (String name : remainingModifiedAttributes) {
+ if (isAttributeMapped(name)) {
+ getBackendModifiedAttributes(modifiedAttributesDispatched,
+ backends.backendsAttributeMapping.get(name)).add(
+ name);
+
+ setModified(modifiedBackends, modifiedAttributes, name);
+ logger.info(INFO_USES, name,
+ backends.backendsAttributeMapping.get(name));
+ } else {
+ getBackendModifiedAttributes(modifiedAttributesDispatched,
+ backends.defaultBackend).add(name);
+
+ setModified(modifiedBackends, modifiedAttributes, name);
+
+ logger.info(INFO_USES_DEFAULT, name,
+ backends.defaultBackend);
+ }
+ }
+
+ if (session.isPropertyDirty()) {
+ // Force update on all backends.
+ logger.info("Session properties have changed. Forcing update on all backends."); //$NON-NLS-1$
+
+ for (String back : backends.backends.keySet()) {
+ ISessionBackend backend = backends.backends.get(back);
+ backend.save(
+ getBackendSessionData(attributesDispatched, back,
+ requestId), modifiedAttributesDispatched
+ .get(back), originalRequest, myresponse);
+ }
+ } else {
+ // Update only modified backends.
+ for (String back : modifiedBackends) {
+ ISessionBackend backend = backends.backends.get(back);
+ backend.save(
+ getBackendSessionData(attributesDispatched, back,
+ requestId), modifiedAttributesDispatched
+ .get(back), originalRequest, myresponse);
+ }
+ }
+ }
+
+ }
+
+ /**
+ * Restore a session by querying all backends. If session cannot be
+ * restored, a new one is created.
+ *
+ *
+ * @return the restored or created session.
+ * @throws NoSuchAlgorithmException
+ */
+ private StatelessSession createSession() throws NoSuchAlgorithmException {
+
+ StatelessSession s = restoreSession();
+
+ if (s == null) {
+ s = new StatelessSession(this);
+ s.init(true);
+ }
+
+ return s;
+ }
+
+ /**
+ * Get current data for session backend. Creates a new ISessionData if
+ * necessary.
+ *
+ * @param dispatched
+ * @param backendName
+ * @param requestId
+ * @return
+ */
+ private ISessionData getBackendSessionData(
+ Map<String, ISessionData> dispatched, String backendName,
+ long requestId) {
+
+ // If session data exists for this backend, return immediately.
+ if (dispatched.containsKey(backendName)) {
+ return dispatched.get(backendName);
+ }
+
+ // Else create empty session data for this backend.
+ SessionData data = new SessionData();
+ data.setId(session.getId());
+ data.setCreationTime(session.getCreationTime());
+ data.setValid(session.isValid());
+ data.setRequestId(requestId);
+ dispatched.put(backendName, data);
+ return data;
+ }
+
+ private List<String> getBackendModifiedAttributes(
+ Map<String, List<String>> modifiedAttributesDispatched,
+ String backendName) {
+ if (modifiedAttributesDispatched.containsKey(backendName)) {
+ return modifiedAttributesDispatched.get(backendName);
+ }
+
+ List<String> result = new ArrayList<String>();
+ modifiedAttributesDispatched.put(backendName, result);
+
+ return result;
+ }
+
+ /**
+ * Checks if attrName is specifically mapped to a session backend in
+ * configuration.
+ *
+ * @param attrName
+ * session attribute name.
+ * @return true if mapped to a session backend, false if using default.
+ */
+ private boolean isAttributeMapped(String attrName) {
+ if (backends != null && backends.backendsAttributeMapping != null) {
+ return backends.backendsAttributeMapping.containsKey(attrName);
+ }
+
+ return false;
+ }
+
+ private StatelessSession restoreSession() throws NoSuchAlgorithmException {
+ StatelessSession s = new StatelessSession(this);
+ ISessionData data = null;
+ boolean restored = false;
+ // long requestId = -1;
+
+ s.init(false);
+ for (ISessionBackend back : backends.backends.values()) {
+ data = back.restore(originalRequest);
+
+ // Mark session restored if at least one backend returned a session
+ if (data != null) {
+ restored = true;
+ s.merge(data);
+ }
+ }
+
+ // Reset session
+ if (!restored) {
+ return null;
+ }
+ return s;
+ }
+
+ private void setModified(List<String> modifiedBackends,
+ List<String> modifiedAttributes, String attributeName) {
+ String backend = backends.backendsAttributeMapping.get(attributeName);
+
+ if (StringUtils.isEmpty(backend)) {
+ backend = backends.defaultBackend;
+ }
+
+ if (modifiedAttributes.contains(attributeName)
+ && !modifiedBackends.contains(backend)) {
+
+ modifiedBackends.add(backend);
+
+ logger.info("Flagging backend {} as modified", backend); //$NON-NLS-1$
+ }
+ }
+}
Added: trunk/stateless-core/src/test/java/net/sourceforge/statelessfilter/backend/XForwardedForTest.java
===================================================================
--- trunk/stateless-core/src/test/java/net/sourceforge/statelessfilter/backend/XForwardedForTest.java (rev 0)
+++ trunk/stateless-core/src/test/java/net/sourceforge/statelessfilter/backend/XForwardedForTest.java 2011-12-23 15:53:53 UTC (rev 94)
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2009-2010 Capgemini
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package net.sourceforge.statelessfilter.backend;
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestCase;
+import net.sourceforge.statelessfilter.backend.support.CookieBackendSupport;
+
+import org.springframework.mock.web.MockHttpServletRequest;
+
+public class XForwardedForTest extends TestCase {
+
+ public void testXForwardedFor() {
+
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.addHeader("X-Forwarded-For", "client1, proxy1, proxy2");
+ request.addHeader("X-Forwarded-For", "proxy3");
+ request.setRemoteAddr("proxy4");
+
+ MockCookieBackendSupport cbs = new MockCookieBackendSupport();
+ String result = cbs.getFullRemoteAddr(request);
+
+ assertEquals("client1,proxy1,proxy2,proxy3,proxy4", result);
+
+ }
+
+ public class MockCookieBackendSupport extends CookieBackendSupport {
+
+ @Override
+ public void save(ISessionData session, List<String> dirtyAttributes, HttpServletRequest request,
+ HttpServletResponse response) throws IOException {
+
+ }
+
+ @Override
+ public ISessionData restore(HttpServletRequest request) {
+ return null;
+ }
+
+ @Override
+ public String getId() {
+ return null;
+ }
+
+ @Override
+ public void destroy() {
+
+ }
+
+ public String getFullRemoteAddr(HttpServletRequest request) {
+ return super.getFullRemoteAddr(request);
+ }
+ }
+
+}
Modified: trunk/stateless-memcache/pom.xml
===================================================================
--- trunk/stateless-memcache/pom.xml 2011-12-22 16:18:16 UTC (rev 93)
+++ trunk/stateless-memcache/pom.xml 2011-12-23 15:53:53 UTC (rev 94)
@@ -2,7 +2,7 @@
<parent>
<artifactId>stateless-parent</artifactId>
<groupId>net.sourceforge.statelessfilter</groupId>
- <version>0.9-SNAPSHOT</version>
+ <version>0.8.1-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>stateless-memcache</artifactId>
@@ -15,8 +15,7 @@
<dependency>
<groupId>net.sourceforge.statelessfilter</groupId>
<artifactId>stateless-core</artifactId>
- <version>0.9-SNAPSHOT</version>
- <scope>compile</scope>
+ <version>0.8.1-SNAPSHOT</version>
</dependency>
<dependency> <groupId>spy</groupId>
<artifactId>memcached</artifactId>
Modified: trunk/stateless-memcache/src/main/java/net/sourceforge/statelessfilter/backend/memcache/MemcacheBackend.java
===================================================================
--- trunk/stateless-memcache/src/main/java/net/sourceforge/statelessfilter/backend/memcache/MemcacheBackend.java 2011-12-22 16:18:16 UTC (rev 93)
+++ trunk/stateless-memcache/src/main/java/net/sourceforge/statelessfilter/backend/memcache/MemcacheBackend.java 2011-12-23 15:53:53 UTC (rev 94)
@@ -17,6 +17,7 @@
import java.io.IOException;
import java.net.InetSocketAddress;
+import java.security.SignatureException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
@@ -49,6 +50,7 @@
*
*/
public class MemcacheBackend extends CookieBackendSupport {
+ private static final String DESERIALIZE_ERROR = "Cannot deserialize session. A new one will be created"; //$NON-NLS-1$
private static final String ID = "memcache"; //$NON-NLS-1$
private static final String PARAM_SERVER = "server"; //$NON-NLS-1$
private static final char SEPARATOR = ':';
@@ -113,41 +115,50 @@
*/
@Override
public ISessionData restore(HttpServletRequest request) {
- byte[] data = getCookieData(request, null);
+ try {
+ byte[] data = getCookieData(request, null);
- if (data != null) {
- String id = new String(data);
- request.setAttribute(SESSION_ID, id);
+ if (data != null) {
+ String id = new String(data);
+ request.setAttribute(SESSION_ID, id);
- CookieDataSupport s = (CookieDataSupport) c.get(id);
- if (s != null && s.isValid()
- && s.getRemoteAddress().equals(request.getRemoteAddr())) {
- return s;
+ CookieDataSupport s = (CookieDataSupport) c.get(id);
+ if (s != null && s.isValid()
+ && s.getRemoteAddress().equals(getFullRemoteAddr(request))) {
+ return s;
+ }
}
+ } catch (SignatureException e) {
+ logger.info(DESERIALIZE_ERROR, e);
}
return null;
}
-
/**
- * @see net.sourceforge.statelessfilter.backend.ISessionBackend#save(net.sourceforge.statelessfilter.backend.ISessionData, java.util.List, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ * @see net.sourceforge.statelessfilter.backend.ISessionBackend#save(net.sourceforge.statelessfilter.backend.ISessionData,
+ * java.util.List, javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse)
*/
@Override
- public void save(ISessionData session, List<String> dirtyAttributes, HttpServletRequest request,
- HttpServletResponse response) throws IOException {
+ public void save(ISessionData session, List<String> dirtyAttributes,
+ HttpServletRequest request, HttpServletResponse response)
+ throws IOException {
+ try {
+ if (session != null) {
+ CookieDataSupport cookieData = new CookieDataSupport(session);
+ cookieData.setRemoteAddress(getFullRemoteAddr(request));
- if (session != null) {
- CookieDataSupport cookieData = new CookieDataSupport(session);
- cookieData.setRemoteAddress(request.getRemoteAddr());
+ c.set(session.getId(), 3600, cookieData);
- c.set(session.getId(), 3600, cookieData);
+ if (request.getAttribute(SESSION_ID) == null) {
+ setCookieData(request, response, session.getId().getBytes());
+ }
+ } else {
+ setCookieData(request, response, null);
+ }
- if (request.getAttribute(SESSION_ID) == null) {
- setCookieData(request, response, session.getId().getBytes());
- }
- } else {
- setCookieData(request, response, null);
+ } catch (SignatureException e) {
+ throw new IOException(e);
}
-
}
}
Modified: trunk/stateless-processor-cookie/pom.xml
===================================================================
--- trunk/stateless-processor-cookie/pom.xml 2011-12-22 16:18:16 UTC (rev 93)
+++ trunk/stateless-processor-cookie/pom.xml 2011-12-23 15:53:53 UTC (rev 94)
@@ -3,7 +3,7 @@
<parent>
<artifactId>stateless-parent</artifactId>
<groupId>net.sourceforge.statelessfilter</groupId>
- <version>0.9-SNAPSHOT</version>
+ <version>0.8.1-SNAPSHOT</version>
</parent>
<artifactId>stateless-processor-cookie</artifactId>
<name>Request Processor : Cookie</name>
@@ -13,15 +13,13 @@
<dependency>
<groupId>net.sourceforge.statelessfilter</groupId>
<artifactId>stateless-core</artifactId>
- <version>0.9-SNAPSHOT</version>
+ <version>0.8.1-SNAPSHOT</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
- <version>1.4</version>
- <type>jar</type>
- <scope>compile</scope>
+ <version>2.0</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
Modified: trunk/stateless-processor-cookie/src/main/java/net/sourceforge/statelessfilter/processor/request/Cookie2AttributeProcessor.java
===================================================================
--- trunk/stateless-processor-cookie/src/main/java/net/sourceforge/statelessfilter/processor/request/Cookie2AttributeProcessor.java 2011-12-22 16:18:16 UTC (rev 93)
+++ trunk/stateless-processor-cookie/src/main/java/net/sourceforge/statelessfilter/processor/request/Cookie2AttributeProcessor.java 2011-12-23 15:53:53 UTC (rev 94)
@@ -170,6 +170,11 @@
if (!StringUtils.equals(previousValue, cookieContent)) {
Cookie c = CookieUtils.createCookie(cookieName, cookieContent,
domain, path, maxAge, secret != null, secret);
+ // As soon as we send a session cookie, the response must not be
+ // cached.
+ ((HttpServletResponse) response).setHeader("Cache-Control",
+ "private, no-cache, no-store, must-revalidate");
+
((HttpServletResponse) response).addCookie(c);
}
}
Modified: trunk/stateless-session/pom.xml
===================================================================
--- trunk/stateless-session/pom.xml 2011-12-22 16:18:16 UTC (rev 93)
+++ trunk/stateless-session/pom.xml 2011-12-23 15:53:53 UTC (rev 94)
@@ -2,7 +2,7 @@
<parent>
<artifactId>stateless-parent</artifactId>
<groupId>net.sourceforge.statelessfilter</groupId>
- <version>0.9-SNAPSHOT</version>
+ <version>0.8.1-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>stateless-session</artifactId>
@@ -15,7 +15,7 @@
<dependency>
<groupId>net.sourceforge.statelessfilter</groupId>
<artifactId>stateless-core</artifactId>
- <version>0.9-SNAPSHOT</version>
+ <version>0.8.1-SNAPSHOT</version>
<scope>compile</scope>
</dependency>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
