Author: markt
Date: Mon Oct 25 17:00:43 2010
New Revision: 1027196

URL: http://svn.apache.org/viewvc?rev=1027196&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49811
Add context option to disable URL re-writing and session parsing from URLs
Based on a patch by Wesley.

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/Context.java
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Response.java
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java
    tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/mbeans-descriptors.xml
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1027196&r1=1027195&r2=1027196&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Oct 25 17:00:43 2010
@@ -225,21 +225,6 @@ PATCHES PROPOSED TO BACKPORT:
   +1: kkolinko
   -1:
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49811
-  Add context option to disable URL re-writing and session parsing from URLs
-  Based on a patch by Wesley.
-  https://issues.apache.org/bugzilla/attachment.cgi?id=26135
-  +1: markt, kkolinko, kfujino
-  -1:
-   kkolinko: minor thoughts, not mandatory:
-     - I think in CoyoteAdapter.java the added "if 
(isURLRewritingDisabled(request))" call
-      should better be moved below setWrapper(..), for better readability.
-     - Implementation of CoyoteAdapter.isURLRewritingDisabled(request) could 
call
-      request.getContext(), because request.setContext(..) was already called,
-      but I do not insist on such changes.
-     - Do not remove "// Make sure no session ID is returned" comment.
-     - Documentation update will be needed.
-
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50072
   NIO connector can mis-read request line if not sent in a single pacaket
   https://issues.apache.org/bugzilla/attachment.cgi?id=26173&action=edit

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/Context.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/Context.java?rev=1027196&r1=1027195&r2=1027196&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/Context.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/Context.java Mon Oct 25 
17:00:43 2010
@@ -325,6 +325,35 @@ public interface Context extends Contain
      * @param docBase The new document root
      */
     public void setDocBase(String docBase);
+    
+    
+    /**
+     * Is URL rewriting disabled?
+     * URL rewriting is an optional component of the servlet 2.5 specification.
+     * However if set to true this will be non-compliant with the specification
+     * as the specification requires that there <b>must</b> be a way to retain
+     * sessions if the client doesn't allow session cookies.
+     * 
+     * @return true If URL rewriting is disabled.
+     * 
+     * @see <a 
href="http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html";>Servlet
+     *      2.5 Specification. Sections SRV.7.1.3 and SRV.7.1.4</a>
+     * @see javax.servlet.http.HttpServletResponse#encodeURL(String) encodeURL
+     * @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(String)
+     *      encodeRedirectURL
+     */
+    public boolean isDisableURLRewriting();
+    
+    /**
+     * Is URL rewriting disabled?
+     * URL rewriting is an optional component of the servlet 2.5 specification.
+     * However if set to true this will be non-compliant with the specification
+     * as the specification requires that there <b>must</b> be a way to retain
+     * sessions if the client doesn't allow session cookies.
+     *
+     * @param disable True to disable URL Rewriting. Default <b>false</b>.
+     */
+    public void setDisableURLRewriting(boolean disable);
 
 
     /**

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java?rev=1027196&r1=1027195&r2=1027196&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java 
Mon Oct 25 17:00:43 2010
@@ -462,6 +462,13 @@ public class CoyoteAdapter implements Ad
         connector.getMapper().map(serverName, decodedURI, 
                                   request.getMappingData());
         request.setContext((Context) request.getMappingData().context);
+        
+        // Had to do this after the context was set.
+        // Unfortunately parseSessionId is still necessary as it 
+        // affects the final URL. Safe as session cookies still 
+        // haven't been parsed.
+        if (isURLRewritingDisabled(request))
+            clearRequestedSessionURL(request);
         request.setWrapper((Wrapper) request.getMappingData().wrapper);
 
         // Filter trace method
@@ -516,6 +523,13 @@ public class CoyoteAdapter implements Ad
         return true;
     }
 
+    private boolean isURLRewritingDisabled(Request request) {
+        Context context = (Context) request.getMappingData().context;
+        if (context != null)
+            return (context.isDisableURLRewriting());
+        else
+            return (false);
+    }
 
     /**
      * Parse session id in URL.
@@ -561,18 +575,22 @@ public class CoyoteAdapter implements Ad
                 request.setRequestedSessionURL(true);
             } catch (UnsupportedEncodingException uee) {
                 // Make sure no session ID is returned
-                request.setRequestedSessionId(null);
-                request.setRequestedSessionURL(false);
+                clearRequestedSessionURL(request);
                 log.warn(sm.getString("coyoteAdapter.parseSession", enc), uee);
             }
         } else {
-            request.setRequestedSessionId(null);
-            request.setRequestedSessionURL(false);
+            clearRequestedSessionURL(request);
         }
 
     }
 
 
+    private void clearRequestedSessionURL(Request request) {
+        request.setRequestedSessionId(null);
+        request.setRequestedSessionURL(false);
+    }
+
+
     /**
      * Parse session id in URL.
      */

Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Response.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Response.java?rev=1027196&r1=1027195&r2=1027196&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Response.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Response.java Mon 
Oct 25 17:00:43 2010
@@ -1479,12 +1479,14 @@ public class Response
      * <li>The requested session ID was not received via a cookie
      * <li>The specified URL points back to somewhere within the web
      *     application that is responding to this request
+     * <li>If URL rewriting hasn't been disabled for this context
      * </ul>
      *
      * @param location Absolute URL to be validated
      */
     protected boolean isEncodeable(final String location) {
-
+        if (getContext().isDisableURLRewriting())
+            return (false);
         if (location == null)
             return (false);
 

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java?rev=1027196&r1=1027195&r2=1027196&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java Mon 
Oct 25 17:00:43 2010
@@ -341,6 +341,12 @@ public class StandardContext
 
 
     /**
+     * Has URL rewriting been disabled. 
+     */
+    private boolean disableURLRewriting = false;
+
+
+    /**
      * The exception pages for this web application, keyed by fully qualified
      * class name of the Java exception.
      */
@@ -1461,6 +1467,37 @@ public class StandardContext
         this.docBase = docBase;
 
     }
+    
+    /**
+     * Is URL rewriting disabled?
+     * URL rewriting is an optional component of the servlet 2.5 specification.
+     * However if set to true this will be non-compliant with the specification
+     * as the specification requires that there <b>must</b> be a way to retain
+     * sessions if the client doesn't allow session cookies.
+     * 
+     * @return true If URL rewriting is disabled.
+     * 
+     * @see <a 
href="http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html";>Servlet
+     *      2.5 Specification. Sections SRV.7.1.3 and SRV.7.1.4</a>
+     * @see javax.servlet.http.HttpServletResponse#encodeURL(String) encodeURL
+     * @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(String)
+     *      encodeRedirectURL
+     */
+    public boolean isDisableURLRewriting() {
+        return (this.disableURLRewriting);
+    }
+    
+    /**
+     * Sets the disabling of URL Rewriting.
+     * @param disable True to disable URL Rewriting. Default <b>false</b>.
+     */
+    public void setDisableURLRewriting(boolean disable){
+        boolean oldDisableURLRewriting = this.isDisableURLRewriting();
+        this.disableURLRewriting = disable;
+        support.firePropertyChange("disableURLRewriting",
+                oldDisableURLRewriting, disableURLRewriting);
+        
+    }
 
     // experimental
     public boolean isLazy() {

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/mbeans-descriptors.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/mbeans-descriptors.xml?rev=1027196&r1=1027195&r2=1027196&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/mbeans-descriptors.xml 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/mbeans-descriptors.xml 
Mon Oct 25 17:00:43 2010
@@ -135,6 +135,11 @@
                description="String deployment descriptor "
                type="java.lang.String"/>
                      
+    <attribute name="disableURLRewriting"
+               description="Is URL Rewriting disabled?"
+               is="true"
+               type="boolean"/>
+    
     <attribute name="docBase"
                description="The document root for this web application"
                type="java.lang.String"/>

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1027196&r1=1027195&r2=1027196&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Oct 25 17:00:43 2010
@@ -109,6 +109,10 @@
         Provide better web application state information via JMX. (markt)
       </add>
       <add>
+        <bug>49811</bug>: Add an option to disable URL rewriting on a per
+        Context basis. (markt)
+      </add>
+      <add>
         <bug>49856</bug>: Expose the executor name for the connector via JMX.
         (markt)
       </add>

Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml?rev=1027196&r1=1027195&r2=1027196&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml Mon Oct 25 17:00:43 
2010
@@ -167,6 +167,17 @@
         return <code>null</code>.</p>
       </attribute>
 
+      <attribute name="disableURLRewriting" required="false">
+        <p>Set to <code>true</code> to disable support for using URL rewriting
+        to track session IDs for clients of this Context. URL rewriting is an
+        optional component of the servlet 2.5 specification but disabling URL
+        rewriting will result in non-compliant behaviour since the 
specification
+        requires that there <em>must</em> be a way to retain sessions if the
+        client doesn't allow session cookies. If not specified, the
+        specification compliant default value of <code>false</code> will be
+        used.</p>
+      </attribute>
+
       <attribute name="docBase" required="true">
         <p>The <em>Document Base</em> (also known as the <em>Context
         Root</em>) directory for this web application, or the pathname



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to