root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 6 Packages Projects Releases Wiki Activity

CookieGenerator supports "cookieHttpOnly" flag for Servlet 3.0 

Issue: SPR-9794
This commit is contained in:
Juergen Hoeller 2012-09-17 11:25:41 +02:00 committed by unknown
parent e26da7c2ab
commit aa4d9c48ab
1 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
spring-web/src/main/java/org/springframework/web/util/CookieGenerator.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2009 the original author or authors. * Copyright 2002-2012 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -64,9 +64,12 @@ public class CookieGenerator {
private boolean cookieSecure = false; private boolean cookieSecure = false;
private boolean cookieHttpOnly = false;
/** /**
* Use the given name for cookies created by this generator. * Use the given name for cookies created by this generator.
* @see javax.servlet.http.Cookie#getName()
*/ */
public void setCookieName(String cookieName) { public void setCookieName(String cookieName) {
this.cookieName = cookieName; this.cookieName = cookieName;
@ -82,6 +85,7 @@ public class CookieGenerator {
/** /**
* Use the given domain for cookies created by this generator. * Use the given domain for cookies created by this generator.
* The cookie is only visible to servers in this domain. * The cookie is only visible to servers in this domain.
* @see javax.servlet.http.Cookie#setDomain
*/ */
public void setCookieDomain(String cookieDomain) { public void setCookieDomain(String cookieDomain) {
this.cookieDomain = cookieDomain; this.cookieDomain = cookieDomain;
@ -97,6 +101,7 @@ public class CookieGenerator {
/** /**
* Use the given path for cookies created by this generator. * Use the given path for cookies created by this generator.
* The cookie is only visible to URLs in this path and below. * The cookie is only visible to URLs in this path and below.
* @see javax.servlet.http.Cookie#setPath
*/ */
public void setCookiePath(String cookiePath) { public void setCookiePath(String cookiePath) {
this.cookiePath = cookiePath; this.cookiePath = cookiePath;
@ -112,6 +117,7 @@ public class CookieGenerator {
/** /**
* Use the given maximum age (in seconds) for cookies created by this generator. * Use the given maximum age (in seconds) for cookies created by this generator.
* Useful special value: -1 ... not persistent, deleted when client shuts down * Useful special value: -1 ... not persistent, deleted when client shuts down
* @see javax.servlet.http.Cookie#setMaxAge
*/ */
public void setCookieMaxAge(Integer cookieMaxAge) { public void setCookieMaxAge(Integer cookieMaxAge) {
this.cookieMaxAge = cookieMaxAge; this.cookieMaxAge = cookieMaxAge;
@ -128,6 +134,7 @@ public class CookieGenerator {
* Set whether the cookie should only be sent using a secure protocol, * Set whether the cookie should only be sent using a secure protocol,
* such as HTTPS (SSL). This is an indication to the receiving browser, * such as HTTPS (SSL). This is an indication to the receiving browser,
* not processed by the HTTP server itself. Default is "false". * not processed by the HTTP server itself. Default is "false".
* @see javax.servlet.http.Cookie#setSecure
*/ */
public void setCookieSecure(boolean cookieSecure) { public void setCookieSecure(boolean cookieSecure) {
this.cookieSecure = cookieSecure; this.cookieSecure = cookieSecure;
@ -141,6 +148,22 @@ public class CookieGenerator {
return this.cookieSecure; return this.cookieSecure;
} }
/**
* Set whether the cookie is supposed to be marked with the "HttpOnly" attribute.
* <p>Note that this feature is only available on Servlet 3.0 and higher.
* @see javax.servlet.http.Cookie#setHttpOnly
*/
public void setCookieHttpOnly(boolean cookieHttpOnly) {
this.cookieHttpOnly = cookieHttpOnly;
}
/**
* Return whether the cookie is supposed to be marked with the "HttpOnly" attribute.
*/
public boolean isCookieHttpOnly() {
return this.cookieHttpOnly;
}
/** /**
* Add a cookie with the given value to the response, * Add a cookie with the given value to the response,
@ -162,6 +185,9 @@ public class CookieGenerator {
if (isCookieSecure()) { if (isCookieSecure()) {
cookie.setSecure(true); cookie.setSecure(true);
} }
if (isCookieHttpOnly()) {
cookie.setHttpOnly(true);
}
response.addCookie(cookie); response.addCookie(cookie);
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Added cookie with name [" + getCookieName() + "] and value [" + cookieValue + "]"); logger.debug("Added cookie with name [" + getCookieName() + "] and value [" + cookieValue + "]");