Search in sources :

Example 51 with MessageBytes

use of org.apache.tomcat.util.buf.MessageBytes in project tomcat70 by apache.

the class CoyoteAdapter method postParseRequest.

// ------------------------------------------------------ Protected Methods
/**
 * Parse additional request parameters.
 */
protected boolean postParseRequest(org.apache.coyote.Request req, Request request, org.apache.coyote.Response res, Response response) throws Exception {
    // otherwise, use connector configuration
    if (!req.scheme().isNull()) {
        // use processor specified scheme to determine secure state
        request.setSecure(req.scheme().equals("https"));
    } else {
        // use connector scheme and secure configuration, (defaults to
        // "http" and false respectively)
        req.scheme().setString(connector.getScheme());
        request.setSecure(connector.getSecure());
    }
    // FIXME: the code below doesn't belongs to here,
    // this is only have sense
    // in Http11, not in ajp13..
    // At this point the Host header has been processed.
    // Override if the proxyPort/proxyHost are set
    String proxyName = connector.getProxyName();
    int proxyPort = connector.getProxyPort();
    if (proxyPort != 0) {
        req.setServerPort(proxyPort);
    }
    if (proxyName != null) {
        req.serverName().setString(proxyName);
    }
    // Copy the raw URI to the decodedURI
    MessageBytes decodedURI = req.decodedURI();
    decodedURI.duplicate(req.requestURI());
    // Parse the path parameters. This will:
    // - strip out the path parameters
    // - convert the decodedURI to bytes
    parsePathParameters(req, request);
    // %xx decoding of the URL
    try {
        req.getURLDecoder().convert(decodedURI, false);
    } catch (IOException ioe) {
        res.setStatus(400);
        res.setMessage("Invalid URI: " + ioe.getMessage());
        connector.getService().getContainer().logAccess(request, response, 0, true);
        return false;
    }
    // Normalization
    if (!normalize(req.decodedURI())) {
        res.setStatus(400);
        res.setMessage("Invalid URI");
        connector.getService().getContainer().logAccess(request, response, 0, true);
        return false;
    }
    // Character decoding
    convertURI(decodedURI, request);
    // Check that the URI is still normalized
    if (!checkNormalize(req.decodedURI())) {
        res.setStatus(400);
        res.setMessage("Invalid URI character encoding");
        connector.getService().getContainer().logAccess(request, response, 0, true);
        return false;
    }
    // Request mapping.
    MessageBytes serverName;
    if (connector.getUseIPVHosts()) {
        serverName = req.localName();
        if (serverName.isNull()) {
            // well, they did ask for it
            res.action(ActionCode.REQ_LOCAL_NAME_ATTRIBUTE, null);
        }
    } else {
        serverName = req.serverName();
    }
    if (request.isAsyncStarted()) {
        // TODO SERVLET3 - async
        // reset mapping data, should prolly be done elsewhere
        request.getMappingData().recycle();
    }
    // Version for the second mapping loop and
    // Context that we expect to get for that version
    String version = null;
    Context versionContext = null;
    boolean mapRequired = true;
    while (mapRequired) {
        // This will map the the latest version by default
        connector.getMapper().map(serverName, decodedURI, version, request.getMappingData());
        request.setContext((Context) request.getMappingData().context);
        request.setWrapper((Wrapper) request.getMappingData().wrapper);
        // has been deployed
        if (request.getContext() == null) {
            res.setStatus(404);
            res.setMessage("Not found");
            // No context, so use host
            Host host = request.getHost();
            // Make sure there is a host (might not be during shutdown)
            if (host != null) {
                host.logAccess(request, response, 0, true);
            }
            return false;
        }
        // Now we have the context, we can parse the session ID from the URL
        // (if any). Need to do this before we redirect in case we need to
        // include the session id in the redirect
        String sessionID;
        if (request.getServletContext().getEffectiveSessionTrackingModes().contains(SessionTrackingMode.URL)) {
            // Get the session ID if there was one
            sessionID = request.getPathParameter(SessionConfig.getSessionUriParamName(request.getContext()));
            if (sessionID != null) {
                request.setRequestedSessionId(sessionID);
                request.setRequestedSessionURL(true);
            }
        }
        // Look for session ID in cookies and SSL session
        parseSessionCookiesId(req, request);
        parseSessionSslId(request);
        sessionID = request.getRequestedSessionId();
        mapRequired = false;
        if (version != null && request.getContext() == versionContext) {
        // We got the version that we asked for. That is it.
        } else {
            version = null;
            versionContext = null;
            Object[] contexts = request.getMappingData().contexts;
            // No session ID means no possibility of remap
            if (contexts != null && sessionID != null) {
                // Find the context associated with the session
                for (int i = (contexts.length); i > 0; i--) {
                    Context ctxt = (Context) contexts[i - 1];
                    if (ctxt.getManager().findSession(sessionID) != null) {
                        // already been mapped?
                        if (!ctxt.equals(request.getMappingData().context)) {
                            // Set version so second time through mapping
                            // the correct context is found
                            version = ctxt.getWebappVersion();
                            versionContext = ctxt;
                            // Reset mapping
                            request.getMappingData().recycle();
                            mapRequired = true;
                            // Recycle session info in case the correct
                            // context is configured with different settings
                            request.recycleSessionInfo();
                        }
                        break;
                    }
                }
            }
        }
        if (!mapRequired && request.getContext().getPaused()) {
            // point.
            try {
                Thread.sleep(1000);
            } catch (InterruptedException e) {
            // Should never happen
            }
            // Reset mapping
            request.getMappingData().recycle();
            mapRequired = true;
        }
    }
    // Possible redirect
    MessageBytes redirectPathMB = request.getMappingData().redirectPath;
    if (!redirectPathMB.isNull()) {
        String redirectPath = urlEncoder.encode(redirectPathMB.toString(), "UTF-8");
        String query = request.getQueryString();
        if (request.isRequestedSessionIdFromURL()) {
            // This is not optimal, but as this is not very common, it
            // shouldn't matter
            redirectPath = redirectPath + ";" + SessionConfig.getSessionUriParamName(request.getContext()) + "=" + request.getRequestedSessionId();
        }
        if (query != null) {
            // This is not optimal, but as this is not very common, it
            // shouldn't matter
            redirectPath = redirectPath + "?" + query;
        }
        response.sendRedirect(redirectPath);
        request.getContext().logAccess(request, response, 0, true);
        return false;
    }
    // Filter trace method
    if (!connector.getAllowTrace() && req.method().equalsIgnoreCase("TRACE")) {
        Wrapper wrapper = request.getWrapper();
        String header = null;
        if (wrapper != null) {
            String[] methods = wrapper.getServletMethods();
            if (methods != null) {
                for (int i = 0; i < methods.length; i++) {
                    if ("TRACE".equals(methods[i])) {
                        continue;
                    }
                    if (header == null) {
                        header = methods[i];
                    } else {
                        header += ", " + methods[i];
                    }
                }
            }
        }
        res.setStatus(405);
        res.addHeader("Allow", header);
        res.setMessage("TRACE method is not allowed");
        request.getContext().logAccess(request, response, 0, true);
        return false;
    }
    doConnectorAuthenticationAuthorization(req, request);
    return true;
}
Also used : Context(org.apache.catalina.Context) Wrapper(org.apache.catalina.Wrapper) MessageBytes(org.apache.tomcat.util.buf.MessageBytes) Host(org.apache.catalina.Host) IOException(java.io.IOException)

Example 52 with MessageBytes

use of org.apache.tomcat.util.buf.MessageBytes in project tomcat70 by apache.

the class AbstractAjpProcessor method prepareRequest.

/**
 * After reading the request headers, we have to setup the request filters.
 */
protected void prepareRequest() {
    // Translate the HTTP method code to a String.
    byte methodCode = requestHeaderMessage.getByte();
    if (methodCode != Constants.SC_M_JK_STORED) {
        String methodName = Constants.getMethodForCode(methodCode - 1);
        request.method().setString(methodName);
    }
    requestHeaderMessage.getBytes(request.protocol());
    requestHeaderMessage.getBytes(request.requestURI());
    requestHeaderMessage.getBytes(request.remoteAddr());
    requestHeaderMessage.getBytes(request.remoteHost());
    requestHeaderMessage.getBytes(request.localName());
    request.setLocalPort(requestHeaderMessage.getInt());
    boolean isSSL = requestHeaderMessage.getByte() != 0;
    if (isSSL) {
        request.scheme().setString("https");
    }
    // Decode headers
    MimeHeaders headers = request.getMimeHeaders();
    // Set this every time in case limit has been changed via JMX
    headers.setLimit(endpoint.getMaxHeaderCount());
    request.getCookies().setLimit(getMaxCookieCount());
    boolean contentLengthSet = false;
    int hCount = requestHeaderMessage.getInt();
    for (int i = 0; i < hCount; i++) {
        String hName = null;
        // Header names are encoded as either an integer code starting
        // with 0xA0, or as a normal string (in which case the first
        // two bytes are the length).
        int isc = requestHeaderMessage.peekInt();
        int hId = isc & 0xFF;
        MessageBytes vMB = null;
        isc &= 0xFF00;
        if (0xA000 == isc) {
            // To advance the read position
            requestHeaderMessage.getInt();
            hName = Constants.getHeaderForCode(hId - 1);
            vMB = headers.addValue(hName);
        } else {
            // reset hId -- if the header currently being read
            // happens to be 7 or 8 bytes long, the code below
            // will think it's the content-type header or the
            // content-length header - SC_REQ_CONTENT_TYPE=7,
            // SC_REQ_CONTENT_LENGTH=8 - leading to unexpected
            // behaviour.  see bug 5861 for more information.
            hId = -1;
            requestHeaderMessage.getBytes(tmpMB);
            ByteChunk bc = tmpMB.getByteChunk();
            vMB = headers.addValue(bc.getBuffer(), bc.getStart(), bc.getLength());
        }
        requestHeaderMessage.getBytes(vMB);
        if (hId == Constants.SC_REQ_CONTENT_LENGTH || (hId == -1 && tmpMB.equalsIgnoreCase("Content-Length"))) {
            long cl = vMB.getLong();
            if (contentLengthSet) {
                response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
                setErrorState(ErrorState.CLOSE_CLEAN, null);
            } else {
                contentLengthSet = true;
                // Set the content-length header for the request
                request.setContentLength(cl);
            }
        } else if (hId == Constants.SC_REQ_CONTENT_TYPE || (hId == -1 && tmpMB.equalsIgnoreCase("Content-Type"))) {
            // just read the content-type header, so set it
            ByteChunk bchunk = vMB.getByteChunk();
            request.contentType().setBytes(bchunk.getBytes(), bchunk.getOffset(), bchunk.getLength());
        }
    }
    // Decode extra attributes
    boolean secret = false;
    byte attributeCode;
    while ((attributeCode = requestHeaderMessage.getByte()) != Constants.SC_A_ARE_DONE) {
        switch(attributeCode) {
            case Constants.SC_A_REQ_ATTRIBUTE:
                requestHeaderMessage.getBytes(tmpMB);
                String n = tmpMB.toString();
                requestHeaderMessage.getBytes(tmpMB);
                String v = tmpMB.toString();
                /*
                 * AJP13 misses to forward the local IP address and the
                 * remote port. Allow the AJP connector to add this info via
                 * private request attributes.
                 * We will accept the forwarded data and remove it from the
                 * public list of request attributes.
                 */
                if (n.equals(Constants.SC_A_REQ_LOCAL_ADDR)) {
                    request.localAddr().setString(v);
                } else if (n.equals(Constants.SC_A_REQ_REMOTE_PORT)) {
                    try {
                        request.setRemotePort(Integer.parseInt(v));
                    } catch (NumberFormatException nfe) {
                    // Ignore invalid value
                    }
                } else if (n.equals(Constants.SC_A_SSL_PROTOCOL)) {
                    request.setAttribute(SSLSupport.PROTOCOL_VERSION_KEY, v);
                } else {
                    request.setAttribute(n, v);
                }
                break;
            case Constants.SC_A_CONTEXT:
                requestHeaderMessage.getBytes(tmpMB);
                // nothing
                break;
            case Constants.SC_A_SERVLET_PATH:
                requestHeaderMessage.getBytes(tmpMB);
                // nothing
                break;
            case Constants.SC_A_REMOTE_USER:
                if (tomcatAuthorization || !tomcatAuthentication) {
                    // Implies tomcatAuthentication == false
                    requestHeaderMessage.getBytes(request.getRemoteUser());
                    request.setRemoteUserNeedsAuthorization(tomcatAuthorization);
                } else {
                    // Ignore user information from reverse proxy
                    requestHeaderMessage.getBytes(tmpMB);
                }
                break;
            case Constants.SC_A_AUTH_TYPE:
                if (tomcatAuthentication) {
                    // ignore server
                    requestHeaderMessage.getBytes(tmpMB);
                } else {
                    requestHeaderMessage.getBytes(request.getAuthType());
                }
                break;
            case Constants.SC_A_QUERY_STRING:
                requestHeaderMessage.getBytes(request.queryString());
                break;
            case Constants.SC_A_JVM_ROUTE:
                requestHeaderMessage.getBytes(request.instanceId());
                break;
            case Constants.SC_A_SSL_CERT:
                request.scheme().setString("https");
                // SSL certificate extraction is lazy, moved to JkCoyoteHandler
                requestHeaderMessage.getBytes(certificates);
                break;
            case Constants.SC_A_SSL_CIPHER:
                request.scheme().setString("https");
                requestHeaderMessage.getBytes(tmpMB);
                request.setAttribute(SSLSupport.CIPHER_SUITE_KEY, tmpMB.toString());
                break;
            case Constants.SC_A_SSL_SESSION:
                request.scheme().setString("https");
                requestHeaderMessage.getBytes(tmpMB);
                request.setAttribute(SSLSupport.SESSION_ID_KEY, tmpMB.toString());
                break;
            case Constants.SC_A_SSL_KEY_SIZE:
                request.setAttribute(SSLSupport.KEY_SIZE_KEY, Integer.valueOf(requestHeaderMessage.getInt()));
                break;
            case Constants.SC_A_STORED_METHOD:
                requestHeaderMessage.getBytes(request.method());
                break;
            case Constants.SC_A_SECRET:
                requestHeaderMessage.getBytes(tmpMB);
                if (requiredSecret != null) {
                    secret = true;
                    if (!tmpMB.equals(requiredSecret)) {
                        response.setStatus(403);
                        setErrorState(ErrorState.CLOSE_CLEAN, null);
                    }
                }
                break;
            default:
                // Ignore unknown attribute for backward compatibility
                break;
        }
    }
    // Check if secret was submitted if required
    if ((requiredSecret != null) && !secret) {
        response.setStatus(403);
        setErrorState(ErrorState.CLOSE_CLEAN, null);
    }
    // Check for a full URI (including protocol://host:port/)
    ByteChunk uriBC = request.requestURI().getByteChunk();
    if (uriBC.startsWithIgnoreCase("http", 0)) {
        int pos = uriBC.indexOf("://", 0, 3, 4);
        int uriBCStart = uriBC.getStart();
        int slashPos = -1;
        if (pos != -1) {
            byte[] uriB = uriBC.getBytes();
            slashPos = uriBC.indexOf('/', pos + 3);
            if (slashPos == -1) {
                slashPos = uriBC.getLength();
                // Set URI as "/"
                request.requestURI().setBytes(uriB, uriBCStart + pos + 1, 1);
            } else {
                request.requestURI().setBytes(uriB, uriBCStart + slashPos, uriBC.getLength() - slashPos);
            }
            MessageBytes hostMB = headers.setValue("host");
            hostMB.setBytes(uriB, uriBCStart + pos + 3, slashPos - pos - 3);
        }
    }
    MessageBytes valueMB = request.getMimeHeaders().getValue("host");
    parseHost(valueMB);
    if (getErrorState().isError()) {
        adapter.log(request, response, 0);
    }
}
Also used : MimeHeaders(org.apache.tomcat.util.http.MimeHeaders) ByteChunk(org.apache.tomcat.util.buf.ByteChunk) MessageBytes(org.apache.tomcat.util.buf.MessageBytes) AbstractEndpoint(org.apache.tomcat.util.net.AbstractEndpoint)

Example 53 with MessageBytes

use of org.apache.tomcat.util.buf.MessageBytes in project tomcat70 by apache.

the class InternalAprInputBuffer method parseHeader.

/**
 * Parse an HTTP header.
 *
 * @return false after reading a blank line (which indicates that the
 * HTTP header parsing is done
 */
// headerValue cannot be null
@SuppressWarnings("null")
private boolean parseHeader() throws IOException {
    // 
    // Check for blank line
    // 
    byte chr = 0;
    while (true) {
        // Read new bytes if needed
        if (pos >= lastValid) {
            if (!fill())
                throw new EOFException(sm.getString("iib.eof.error"));
        }
        chr = buf[pos];
        if (chr == Constants.CR) {
        // Skip
        } else if (chr == Constants.LF) {
            pos++;
            return false;
        } else {
            break;
        }
        pos++;
    }
    // Mark the current buffer position
    int start = pos;
    // 
    // Reading the header name
    // Header name is always US-ASCII
    // 
    boolean colon = false;
    MessageBytes headerValue = null;
    while (!colon) {
        // Read new bytes if needed
        if (pos >= lastValid) {
            if (!fill())
                throw new EOFException(sm.getString("iib.eof.error"));
        }
        if (buf[pos] == Constants.COLON) {
            colon = true;
            headerValue = headers.addValue(buf, start, pos - start);
        } else if (!HttpParser.isToken(buf[pos])) {
            // Non-token characters are illegal in header names
            // Parsing continues so the error can be reported in context
            // skipLine() will handle the error
            skipLine(start);
            return true;
        }
        chr = buf[pos];
        if ((chr >= Constants.A) && (chr <= Constants.Z)) {
            buf[pos] = (byte) (chr - Constants.LC_OFFSET);
        }
        pos++;
    }
    // Mark the current buffer position
    start = pos;
    int realPos = pos;
    // 
    // Reading the header value (which can be spanned over multiple lines)
    // 
    boolean eol = false;
    boolean validLine = true;
    while (validLine) {
        boolean space = true;
        // Skipping spaces
        while (space) {
            // Read new bytes if needed
            if (pos >= lastValid) {
                if (!fill())
                    throw new EOFException(sm.getString("iib.eof.error"));
            }
            if ((buf[pos] == Constants.SP) || (buf[pos] == Constants.HT)) {
                pos++;
            } else {
                space = false;
            }
        }
        int lastSignificantChar = realPos;
        // Reading bytes until the end of the line
        while (!eol) {
            // Read new bytes if needed
            if (pos >= lastValid) {
                if (!fill())
                    throw new EOFException(sm.getString("iib.eof.error"));
            }
            if (buf[pos] == Constants.CR) {
            // Skip
            } else if (buf[pos] == Constants.LF) {
                eol = true;
            } else if (buf[pos] == Constants.SP) {
                buf[realPos] = buf[pos];
                realPos++;
            } else {
                buf[realPos] = buf[pos];
                realPos++;
                lastSignificantChar = realPos;
            }
            pos++;
        }
        realPos = lastSignificantChar;
        // Read new bytes if needed
        if (pos >= lastValid) {
            if (!fill())
                throw new EOFException(sm.getString("iib.eof.error"));
        }
        chr = buf[pos];
        if ((chr != Constants.SP) && (chr != Constants.HT)) {
            validLine = false;
        } else {
            eol = false;
            // Copying one extra space in the buffer (since there must
            // be at least one space inserted between the lines)
            buf[realPos] = chr;
            realPos++;
        }
    }
    // Set the header value
    headerValue.setBytes(buf, start, realPos - start);
    return true;
}
Also used : EOFException(java.io.EOFException) MessageBytes(org.apache.tomcat.util.buf.MessageBytes) AbstractEndpoint(org.apache.tomcat.util.net.AbstractEndpoint)

Example 54 with MessageBytes

use of org.apache.tomcat.util.buf.MessageBytes in project tomcat70 by apache.

the class ChunkedInputFilter method parseHeader.

private boolean parseHeader() throws IOException {
    MimeHeaders headers = request.getMimeHeaders();
    byte chr = 0;
    // Read new bytes if needed
    if (pos >= lastValid) {
        if (readBytes() < 0) {
            throwEOFException(sm.getString("chunkedInputFilter.eosTrailer"));
        }
    }
    chr = buf[pos];
    // CRLF terminates the request
    if (chr == Constants.CR || chr == Constants.LF) {
        parseCRLF(false);
        return false;
    }
    // Mark the current buffer position
    int startPos = trailingHeaders.getEnd();
    // 
    // Reading the header name
    // Header name is always US-ASCII
    // 
    boolean colon = false;
    while (!colon) {
        // Read new bytes if needed
        if (pos >= lastValid) {
            if (readBytes() < 0) {
                throwEOFException(sm.getString("chunkedInputFilter.eosTrailer"));
            }
        }
        chr = buf[pos];
        if ((chr >= Constants.A) && (chr <= Constants.Z)) {
            chr = (byte) (chr - Constants.LC_OFFSET);
        }
        if (chr == Constants.COLON) {
            colon = true;
        } else {
            trailingHeaders.append(chr);
        }
        pos++;
    }
    int colonPos = trailingHeaders.getEnd();
    // 
    // Reading the header value (which can be spanned over multiple lines)
    // 
    boolean eol = false;
    boolean validLine = true;
    int lastSignificantChar = 0;
    while (validLine) {
        boolean space = true;
        // Skipping spaces
        while (space) {
            // Read new bytes if needed
            if (pos >= lastValid) {
                if (readBytes() < 0) {
                    throwEOFException(sm.getString("chunkedInputFilter.eosTrailer"));
                }
            }
            chr = buf[pos];
            if ((chr == Constants.SP) || (chr == Constants.HT)) {
                pos++;
                // If we swallow whitespace, make sure it counts towards the
                // limit placed on trailing header size
                int newlimit = trailingHeaders.getLimit() - 1;
                if (trailingHeaders.getEnd() > newlimit) {
                    throwIOException(sm.getString("chunkedInputFilter.maxTrailer"));
                }
                trailingHeaders.setLimit(newlimit);
            } else {
                space = false;
            }
        }
        // Reading bytes until the end of the line
        while (!eol) {
            // Read new bytes if needed
            if (pos >= lastValid) {
                if (readBytes() < 0) {
                    throwEOFException(sm.getString("chunkedInputFilter.eosTrailer"));
                }
            }
            chr = buf[pos];
            if (chr == Constants.CR || chr == Constants.LF) {
                parseCRLF(true);
                eol = true;
            } else if (chr == Constants.SP) {
                trailingHeaders.append(chr);
            } else {
                trailingHeaders.append(chr);
                lastSignificantChar = trailingHeaders.getEnd();
            }
            if (!eol) {
                pos++;
            }
        }
        // Read new bytes if needed
        if (pos >= lastValid) {
            if (readBytes() < 0) {
                throwEOFException(sm.getString("chunkedInputFilter.eosTrailer"));
            }
        }
        chr = buf[pos];
        if ((chr != Constants.SP) && (chr != Constants.HT)) {
            validLine = false;
        } else {
            eol = false;
            // Copying one extra space in the buffer (since there must
            // be at least one space inserted between the lines)
            trailingHeaders.append(chr);
        }
    }
    String headerName = new String(trailingHeaders.getBytes(), startPos, colonPos - startPos, "ISO_8859_1");
    if (allowedTrailerHeaders.contains(headerName.toLowerCase(Locale.ENGLISH))) {
        MessageBytes headerValue = headers.addValue(headerName);
        // Set the header value
        headerValue.setBytes(trailingHeaders.getBytes(), colonPos, lastSignificantChar - colonPos);
    }
    return true;
}
Also used : MimeHeaders(org.apache.tomcat.util.http.MimeHeaders) MessageBytes(org.apache.tomcat.util.buf.MessageBytes)

Example 55 with MessageBytes

use of org.apache.tomcat.util.buf.MessageBytes in project ofbiz-framework by apache.

the class CrossSubdomainSessionValve method replaceCookie.

protected void replaceCookie(Request request, Response response, Cookie cookie) {
    Delegator delegator = (Delegator) request.getAttribute("delegator");
    // copy the existing session cookie, but use a different domain (only if domain is valid)
    String cookieDomain = null;
    cookieDomain = EntityUtilProperties.getPropertyValue("url", "cookie.domain", "", delegator);
    if (UtilValidate.isEmpty(cookieDomain)) {
        String serverName = request.getServerName();
        String[] domainArray = serverName.split("\\.");
        // check that the domain isn't an IP address
        if (domainArray.length == 4) {
            boolean isIpAddress = true;
            for (String domainSection : domainArray) {
                if (!UtilValidate.isIntegerInRange(domainSection, 0, 255)) {
                    isIpAddress = false;
                    break;
                }
            }
            if (isIpAddress) {
                return;
            }
        }
        if (domainArray.length > 2) {
            cookieDomain = "." + domainArray[domainArray.length - 2] + "." + domainArray[domainArray.length - 1];
        }
    }
    if (UtilValidate.isNotEmpty(cookieDomain)) {
        Cookie newCookie = new Cookie(cookie.getName(), cookie.getValue());
        if (cookie.getPath() != null) {
            newCookie.setPath(cookie.getPath());
        }
        newCookie.setDomain(cookieDomain);
        newCookie.setMaxAge(cookie.getMaxAge());
        newCookie.setVersion(cookie.getVersion());
        if (cookie.getComment() != null) {
            newCookie.setComment(cookie.getComment());
        }
        newCookie.setSecure(cookie.getSecure());
        // if the response has already been committed, our replacement strategy will have no effect
        if (response.isCommitted()) {
            Debug.logError("CrossSubdomainSessionValve: response was already committed!", module);
        }
        // find the Set-Cookie header for the existing cookie and replace its value with new cookie
        MimeHeaders mimeHeaders = request.getCoyoteRequest().getMimeHeaders();
        for (int i = 0, size = mimeHeaders.size(); i < size; i++) {
            if (mimeHeaders.getName(i).equals("Set-Cookie")) {
                MessageBytes value = mimeHeaders.getValue(i);
                if (value.indexOf(cookie.getName()) >= 0) {
                    String newCookieValue = request.getContext().getCookieProcessor().generateHeader(newCookie);
                    if (Debug.verboseOn())
                        Debug.logVerbose("CrossSubdomainSessionValve: old Set-Cookie value: " + value.toString(), module);
                    if (Debug.verboseOn())
                        Debug.logVerbose("CrossSubdomainSessionValve: new Set-Cookie value: " + newCookieValue, module);
                    value.setString(newCookieValue);
                }
            }
        }
    }
}
Also used : Cookie(javax.servlet.http.Cookie) MimeHeaders(org.apache.tomcat.util.http.MimeHeaders) Delegator(org.apache.ofbiz.entity.Delegator) MessageBytes(org.apache.tomcat.util.buf.MessageBytes)

Aggregations

MessageBytes (org.apache.tomcat.util.buf.MessageBytes)73 MimeHeaders (org.apache.tomcat.util.http.MimeHeaders)15 ByteChunk (org.apache.tomcat.util.buf.ByteChunk)14 IOException (java.io.IOException)11 Test (org.junit.Test)11 Context (org.apache.catalina.Context)10 LoggingBaseTest (org.apache.catalina.startup.LoggingBaseTest)8 Pattern (java.util.regex.Pattern)6 AbstractEndpoint (org.apache.tomcat.util.net.AbstractEndpoint)6 Principal (java.security.Principal)5 Wrapper (org.apache.catalina.Wrapper)5 CharChunk (org.apache.tomcat.util.buf.CharChunk)5 Host (org.apache.catalina.Host)4 ServletException (jakarta.servlet.ServletException)3 Cookie (jakarta.servlet.http.Cookie)3 UnsupportedEncodingException (java.io.UnsupportedEncodingException)3 HashSet (java.util.HashSet)3 ServletException (javax.servlet.ServletException)3 Cookie (javax.servlet.http.Cookie)3 Container (org.apache.catalina.Container)3