Add rejectInvalidCookies flag to CookieLocaleResolver
Closes gh-22861
This commit is contained in:
Juergen Hoeller
parent
1f473261a8
commit
359c4f091e
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2018 the original author or authors.
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -56,7 +56,7 @@ import org.springframework.web.util.WebUtils;
|
|||
public class CookieLocaleResolver extends CookieGenerator implements LocaleContextResolver {
|
||||
|
||||
/**
|
||||
* The name of the request attribute that holds the Locale.
|
||||
* The name of the request attribute that holds the {@code Locale}.
|
||||
* <p>Only used for overriding a cookie value if the locale has been
|
||||
* changed in the course of the current request!
|
||||
* <p>Use {@code RequestContext(Utils).getLocale()}
|
||||
|
|
@ -67,7 +67,7 @@ public class CookieLocaleResolver extends CookieGenerator implements LocaleConte
|
|||
public static final String LOCALE_REQUEST_ATTRIBUTE_NAME = CookieLocaleResolver.class.getName() + ".LOCALE";
|
||||
|
||||
/**
|
||||
* The name of the request attribute that holds the TimeZone.
|
||||
* The name of the request attribute that holds the {@code TimeZone}.
|
||||
* <p>Only used for overriding a cookie value if the locale has been
|
||||
* changed in the course of the current request!
|
||||
* <p>Use {@code RequestContext(Utils).getTimeZone()}
|
||||
|
|
@ -85,6 +85,8 @@ public class CookieLocaleResolver extends CookieGenerator implements LocaleConte
|
|||
|
||||
private boolean languageTagCompliant = true;
|
||||
|
||||
private boolean rejectInvalidCookies = true;
|
||||
|
||||
@Nullable
|
||||
private Locale defaultLocale;
|
||||
|
||||
|
|
@ -128,14 +130,36 @@ public class CookieLocaleResolver extends CookieGenerator implements LocaleConte
|
|||
}
|
||||
|
||||
/**
|
||||
* Set a fixed Locale that this resolver will return if no cookie found.
|
||||
* Specify whether to reject cookies with invalid content (e.g. invalid format).
|
||||
* <p>The default is {@code true}. Turn this off for lenient handling of parse
|
||||
* failures, falling back to the default locale and time zone in such a case.
|
||||
* @since 5.1.7
|
||||
* @see #setDefaultLocale
|
||||
* @see #setDefaultTimeZone
|
||||
* @see #determineDefaultLocale
|
||||
* @see #determineDefaultTimeZone
|
||||
*/
|
||||
public void setRejectInvalidCookies(boolean rejectInvalidCookies) {
|
||||
this.rejectInvalidCookies = rejectInvalidCookies;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return whether to reject cookies with invalid content (e.g. invalid format).
|
||||
* @since 5.1.7
|
||||
*/
|
||||
public boolean isRejectInvalidCookies() {
|
||||
return this.rejectInvalidCookies;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set a fixed locale that this resolver will return if no cookie found.
|
||||
*/
|
||||
public void setDefaultLocale(@Nullable Locale defaultLocale) {
|
||||
this.defaultLocale = defaultLocale;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the fixed Locale that this resolver will return if no cookie found,
|
||||
* Return the fixed locale that this resolver will return if no cookie found,
|
||||
* if any.
|
||||
*/
|
||||
@Nullable
|
||||
|
|
@ -144,7 +168,7 @@ public class CookieLocaleResolver extends CookieGenerator implements LocaleConte
|
|||
}
|
||||
|
||||
/**
|
||||
* Set a fixed TimeZone that this resolver will return if no cookie found.
|
||||
* Set a fixed time zone that this resolver will return if no cookie found.
|
||||
* @since 4.0
|
||||
*/
|
||||
public void setDefaultTimeZone(@Nullable TimeZone defaultTimeZone) {
|
||||
|
|
@ -152,7 +176,7 @@ public class CookieLocaleResolver extends CookieGenerator implements LocaleConte
|
|||
}
|
||||
|
||||
/**
|
||||
* Return the fixed TimeZone that this resolver will return if no cookie found,
|
||||
* Return the fixed time zone that this resolver will return if no cookie found,
|
||||
* if any.
|
||||
* @since 4.0
|
||||
*/
|
||||
|
|
@ -214,16 +238,17 @@ public class CookieLocaleResolver extends CookieGenerator implements LocaleConte
|
|||
}
|
||||
}
|
||||
catch (IllegalArgumentException ex) {
|
||||
String cookieDescription = "invalid locale cookie '" + cookieName +
|
||||
"': [" + value + "] due to: " + ex.getMessage();
|
||||
if (request.getAttribute(WebUtils.ERROR_EXCEPTION_ATTRIBUTE) != null) {
|
||||
// Error dispatch: ignore locale/timezone parse exceptions
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Ignoring " + cookieDescription);
|
||||
}
|
||||
if (isRejectInvalidCookies() &&
|
||||
request.getAttribute(WebUtils.ERROR_EXCEPTION_ATTRIBUTE) == null) {
|
||||
throw new IllegalStateException("Encountered invalid locale cookie '" +
|
||||
cookieName + "': [" + value + "] due to: " + ex.getMessage());
|
||||
}
|
||||
else {
|
||||
throw new IllegalStateException("Encountered " + cookieDescription);
|
||||
// Lenient handling (e.g. error dispatch): ignore locale/timezone parse exceptions
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Ignoring invalid locale cookie '" + cookieName +
|
||||
"': [" + value + "] due to: " + ex.getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
if (logger.isTraceEnabled()) {
|
||||
|
|
@ -320,7 +345,7 @@ public class CookieLocaleResolver extends CookieGenerator implements LocaleConte
|
|||
|
||||
/**
|
||||
* Determine the default time zone for the given request,
|
||||
* Called if no TimeZone cookie has been found.
|
||||
* Called if no time zone cookie has been found.
|
||||
* <p>The default implementation returns the specified default time zone,
|
||||
* if any, or {@code null} otherwise.
|
||||
* @param request the request to resolve the time zone for
|
||||
|
|
|
|||
Loading…
Reference in New Issue