root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 2 Packages Projects Releases Wiki Activity

CookieGenerator supports "cookieHttpOnly" flag for Servlet 3.0 

Issue: SPR-9794
This commit is contained in:
Juergen Hoeller 2012-09-17 11:25:41 +02:00 committed by unknown
parent e26da7c2ab
commit aa4d9c48ab
1 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
spring-web/src/main/java/org/springframework/web/util/CookieGenerator.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2009 the original author or authors.
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -64,9 +64,12 @@ public class CookieGenerator {
private boolean cookieSecure = false;
private boolean cookieHttpOnly = false;
/**
* Use the given name for cookies created by this generator.
* @see javax.servlet.http.Cookie#getName()
*/
public void setCookieName(String cookieName) {
this.cookieName = cookieName;
@ -82,6 +85,7 @@ public class CookieGenerator {
/**
* Use the given domain for cookies created by this generator.
* The cookie is only visible to servers in this domain.
* @see javax.servlet.http.Cookie#setDomain
*/
public void setCookieDomain(String cookieDomain) {
this.cookieDomain = cookieDomain;
@ -97,6 +101,7 @@ public class CookieGenerator {
/**
* Use the given path for cookies created by this generator.
* The cookie is only visible to URLs in this path and below.
* @see javax.servlet.http.Cookie#setPath
*/
public void setCookiePath(String cookiePath) {
this.cookiePath = cookiePath;
@ -112,6 +117,7 @@ public class CookieGenerator {
/**
* Use the given maximum age (in seconds) for cookies created by this generator.
* Useful special value: -1 ... not persistent, deleted when client shuts down
* @see javax.servlet.http.Cookie#setMaxAge
*/
public void setCookieMaxAge(Integer cookieMaxAge) {
this.cookieMaxAge = cookieMaxAge;
@ -128,6 +134,7 @@ public class CookieGenerator {
* Set whether the cookie should only be sent using a secure protocol,
* such as HTTPS (SSL). This is an indication to the receiving browser,
* not processed by the HTTP server itself. Default is "false".
* @see javax.servlet.http.Cookie#setSecure
*/
public void setCookieSecure(boolean cookieSecure) {
this.cookieSecure = cookieSecure;
@ -141,6 +148,22 @@ public class CookieGenerator {
return this.cookieSecure;
}
/**
* Set whether the cookie is supposed to be marked with the "HttpOnly" attribute.
* <p>Note that this feature is only available on Servlet 3.0 and higher.
* @see javax.servlet.http.Cookie#setHttpOnly
*/
public void setCookieHttpOnly(boolean cookieHttpOnly) {
this.cookieHttpOnly = cookieHttpOnly;
}
/**
* Return whether the cookie is supposed to be marked with the "HttpOnly" attribute.
*/
public boolean isCookieHttpOnly() {
return this.cookieHttpOnly;
}
/**
* Add a cookie with the given value to the response,
@ -162,6 +185,9 @@ public class CookieGenerator {
if (isCookieSecure()) {
cookie.setSecure(true);
}
if (isCookieHttpOnly()) {
cookie.setHttpOnly(true);
}
response.addCookie(cookie);
if (logger.isDebugEnabled()) {
logger.debug("Added cookie with name [" + getCookieName() + "] and value [" + cookieValue + "]");