Author: markt
Date: Mon Oct 25 17:00:43 2010
New Revision: 1027196
URL: http://svn.apache.org/viewvc?rev=1027196&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49811
Add context option to disable URL re-writing and session parsing from URLs
Based on a patch by Wesley.
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/Context.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Response.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/mbeans-descriptors.xml
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1027196&r1=1027195&r2=1027196&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Oct 25 17:00:43 2010
@@ -225,21 +225,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: kkolinko
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49811
- Add context option to disable URL re-writing and session parsing from URLs
- Based on a patch by Wesley.
- https://issues.apache.org/bugzilla/attachment.cgi?id=26135
- +1: markt, kkolinko, kfujino
- -1:
- kkolinko: minor thoughts, not mandatory:
- - I think in CoyoteAdapter.java the added "if
(isURLRewritingDisabled(request))" call
- should better be moved below setWrapper(..), for better readability.
- - Implementation of CoyoteAdapter.isURLRewritingDisabled(request) could
call
- request.getContext(), because request.setContext(..) was already called,
- but I do not insist on such changes.
- - Do not remove "// Make sure no session ID is returned" comment.
- - Documentation update will be needed.
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50072
NIO connector can mis-read request line if not sent in a single pacaket
https://issues.apache.org/bugzilla/attachment.cgi?id=26173&action=edit
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/Context.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/Context.java?rev=1027196&r1=1027195&r2=1027196&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/Context.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/Context.java Mon Oct 25
17:00:43 2010
@@ -325,6 +325,35 @@ public interface Context extends Contain
* @param docBase The new document root
*/
public void setDocBase(String docBase);
+
+
+ /**
+ * Is URL rewriting disabled?
+ * URL rewriting is an optional component of the servlet 2.5 specification.
+ * However if set to true this will be non-compliant with the specification
+ * as the specification requires that there <b>must</b> be a way to retain
+ * sessions if the client doesn't allow session cookies.
+ *
+ * @return true If URL rewriting is disabled.
+ *
+ * @see <a
href="http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html";>Servlet
+ * 2.5 Specification. Sections SRV.7.1.3 and SRV.7.1.4</a>
+ * @see javax.servlet.http.HttpServletResponse#encodeURL(String) encodeURL
+ * @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(String)
+ * encodeRedirectURL
+ */
+ public boolean isDisableURLRewriting();
+
+ /**
+ * Is URL rewriting disabled?
+ * URL rewriting is an optional component of the servlet 2.5 specification.
+ * However if set to true this will be non-compliant with the specification
+ * as the specification requires that there <b>must</b> be a way to retain
+ * sessions if the client doesn't allow session cookies.
+ *
+ * @param disable True to disable URL Rewriting. Default <b>false</b>.
+ */
+ public void setDisableURLRewriting(boolean disable);
/**
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java?rev=1027196&r1=1027195&r2=1027196&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
Mon Oct 25 17:00:43 2010
@@ -462,6 +462,13 @@ public class CoyoteAdapter implements Ad
connector.getMapper().map(serverName, decodedURI,
request.getMappingData());
request.setContext((Context) request.getMappingData().context);
+
+ // Had to do this after the context was set.
+ // Unfortunately parseSessionId is still necessary as it
+ // affects the final URL. Safe as session cookies still
+ // haven't been parsed.
+ if (isURLRewritingDisabled(request))
+ clearRequestedSessionURL(request);
request.setWrapper((Wrapper) request.getMappingData().wrapper);
// Filter trace method
@@ -516,6 +523,13 @@ public class CoyoteAdapter implements Ad
return true;
}
+ private boolean isURLRewritingDisabled(Request request) {
+ Context context = (Context) request.getMappingData().context;
+ if (context != null)
+ return (context.isDisableURLRewriting());
+ else
+ return (false);
+ }
/**
* Parse session id in URL.
@@ -561,18 +575,22 @@ public class CoyoteAdapter implements Ad
request.setRequestedSessionURL(true);
} catch (UnsupportedEncodingException uee) {
// Make sure no session ID is returned
- request.setRequestedSessionId(null);
- request.setRequestedSessionURL(false);
+ clearRequestedSessionURL(request);
log.warn(sm.getString("coyoteAdapter.parseSession", enc), uee);
}
} else {
- request.setRequestedSessionId(null);
- request.setRequestedSessionURL(false);
+ clearRequestedSessionURL(request);
}
}
+ private void clearRequestedSessionURL(Request request) {
+ request.setRequestedSessionId(null);
+ request.setRequestedSessionURL(false);
+ }
+
+
/**
* Parse session id in URL.
*/
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Response.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Response.java?rev=1027196&r1=1027195&r2=1027196&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Response.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Response.java Mon
Oct 25 17:00:43 2010
@@ -1479,12 +1479,14 @@ public class Response
* <li>The requested session ID was not received via a cookie
* <li>The specified URL points back to somewhere within the web
* application that is responding to this request
+ * <li>If URL rewriting hasn't been disabled for this context
* </ul>
*
* @param location Absolute URL to be validated
*/
protected boolean isEncodeable(final String location) {
-
+ if (getContext().isDisableURLRewriting())
+ return (false);
if (location == null)
return (false);
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java?rev=1027196&r1=1027195&r2=1027196&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/StandardContext.java Mon
Oct 25 17:00:43 2010
@@ -341,6 +341,12 @@ public class StandardContext
/**
+ * Has URL rewriting been disabled.
+ */
+ private boolean disableURLRewriting = false;
+
+
+ /**
* The exception pages for this web application, keyed by fully qualified
* class name of the Java exception.
*/
@@ -1461,6 +1467,37 @@ public class StandardContext
this.docBase = docBase;
}
+
+ /**
+ * Is URL rewriting disabled?
+ * URL rewriting is an optional component of the servlet 2.5 specification.
+ * However if set to true this will be non-compliant with the specification
+ * as the specification requires that there <b>must</b> be a way to retain
+ * sessions if the client doesn't allow session cookies.
+ *
+ * @return true If URL rewriting is disabled.
+ *
+ * @see <a
href="http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html";>Servlet
+ * 2.5 Specification. Sections SRV.7.1.3 and SRV.7.1.4</a>
+ * @see javax.servlet.http.HttpServletResponse#encodeURL(String) encodeURL
+ * @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(String)
+ * encodeRedirectURL
+ */
+ public boolean isDisableURLRewriting() {
+ return (this.disableURLRewriting);
+ }
+
+ /**
+ * Sets the disabling of URL Rewriting.
+ * @param disable True to disable URL Rewriting. Default <b>false</b>.
+ */
+ public void setDisableURLRewriting(boolean disable){
+ boolean oldDisableURLRewriting = this.isDisableURLRewriting();
+ this.disableURLRewriting = disable;
+ support.firePropertyChange("disableURLRewriting",
+ oldDisableURLRewriting, disableURLRewriting);
+
+ }
// experimental
public boolean isLazy() {
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/mbeans-descriptors.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/mbeans-descriptors.xml?rev=1027196&r1=1027195&r2=1027196&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/mbeans-descriptors.xml
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/mbeans-descriptors.xml
Mon Oct 25 17:00:43 2010
@@ -135,6 +135,11 @@
description="String deployment descriptor "
type="java.lang.String"/>
+ <attribute name="disableURLRewriting"
+ description="Is URL Rewriting disabled?"
+ is="true"
+ type="boolean"/>
+
<attribute name="docBase"
description="The document root for this web application"
type="java.lang.String"/>
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1027196&r1=1027195&r2=1027196&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Oct 25 17:00:43 2010
@@ -109,6 +109,10 @@
Provide better web application state information via JMX. (markt)
</add>
<add>
+ <bug>49811</bug>: Add an option to disable URL rewriting on a per
+ Context basis. (markt)
+ </add>
+ <add>
<bug>49856</bug>: Expose the executor name for the connector via JMX.
(markt)
</add>
Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml?rev=1027196&r1=1027195&r2=1027196&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/context.xml Mon Oct 25 17:00:43
2010
@@ -167,6 +167,17 @@
return <code>null</code>.</p>
</attribute>
+ <attribute name="disableURLRewriting" required="false">
+ <p>Set to <code>true</code> to disable support for using URL rewriting
+ to track session IDs for clients of this Context. URL rewriting is an
+ optional component of the servlet 2.5 specification but disabling URL
+ rewriting will result in non-compliant behaviour since the
specification
+ requires that there <em>must</em> be a way to retain sessions if the
+ client doesn't allow session cookies. If not specified, the
+ specification compliant default value of <code>false</code> will be
+ used.</p>
+ </attribute>
+
<attribute name="docBase" required="true">
<p>The <em>Document Base</em> (also known as the <em>Context
Root</em>) directory for this web application, or the pathname
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
