• Home
• org.membrane-soa
• service-proxy-core
• 4.8.3
• source code
• CookieSupport.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.predic8.membrane.core.http.cookie.CookieSupport Maven / Gradle / Ivy

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.predic8.membrane.core.http.cookie;


/**
 * Static constants for this package.
 *
 * Source: http://tomcat.apache.org/
 * License:  http://www.apache.org/licenses/LICENSE-2.0
 *
 * @author unknown (Tomcat)
 */
public final class CookieSupport {

	// --------------------------------------------------------------- Constants
	/**
	 * If set to true, we parse cookies strictly according to the servlet,
	 * cookie and HTTP specs by default.
	 */
	public static final boolean STRICT_SERVLET_COMPLIANCE;

	/**
	 * If true, cookie values are allowed to contain an equals character without
	 * being quoted.
	 */
	public static final boolean ALLOW_EQUALS_IN_VALUE;

	/**
	 * If true, separators that are not explicitly dis-allowed by the v0 cookie
	 * spec but are disallowed by the HTTP spec will be allowed in v0 cookie
	 * names and values. These characters are: \"()/:<=>?@[\\]{} Note that the
	 * inclusion of / depends on the value of {@link #FWD_SLASH_IS_SEPARATOR}.
	 */
	public static final boolean ALLOW_HTTP_SEPARATORS_IN_V0;

	/**
	 * If set to false, we don't use the IE6/7 Max-Age/Expires work around.
	 * Default is usually true. If STRICT_SERVLET_COMPLIANCE==true then default
	 * is false. Explicitly setting always takes priority.
	 */
	public static final boolean ALWAYS_ADD_EXPIRES;

	/**
	 * If set to true, the / character will be treated as a
	 * separator. Default is usually false. If STRICT_SERVLET_COMPLIANCE==true
	 * then default is true. Explicitly setting always takes priority.
	 */
	public static final boolean FWD_SLASH_IS_SEPARATOR;

	/**
	 * If true, name only cookies will be permitted.
	 */
	public static final boolean ALLOW_NAME_ONLY;

	/**
	 * The list of separators that apply to version 0 cookies. To quote the
	 * spec, these are comma, semi-colon and white-space. The HTTP spec
	 * definition of linear white space is [CRLF] 1*( SP | HT )
	 */
	private static final char[] V0_SEPARATORS = {',', ';', ' ', '\t'};
	private static final boolean[] V0_SEPARATOR_FLAGS = new boolean[128];

	/**
	 * The list of separators that apply to version 1 cookies. This may or may
	 * not include '/' depending on the setting of
	 * {@link #FWD_SLASH_IS_SEPARATOR}.
	 */
	private static final char[] HTTP_SEPARATORS;
	private static final boolean[] HTTP_SEPARATOR_FLAGS = new boolean[128];

	static {
		STRICT_SERVLET_COMPLIANCE = Boolean.valueOf(System.getProperty(
				"org.apache.catalina.STRICT_SERVLET_COMPLIANCE",
				"false")).booleanValue();

		ALLOW_EQUALS_IN_VALUE = Boolean.valueOf(System.getProperty(
				"org.apache.tomcat.util.http.ServerCookie.ALLOW_EQUALS_IN_VALUE",
				"false")).booleanValue();

		ALLOW_HTTP_SEPARATORS_IN_V0 = Boolean.valueOf(System.getProperty(
				"org.apache.tomcat.util.http.ServerCookie.ALLOW_HTTP_SEPARATORS_IN_V0",
				"false")).booleanValue();

		String alwaysAddExpires = System.getProperty(
				"org.apache.tomcat.util.http.ServerCookie.ALWAYS_ADD_EXPIRES");
		if (alwaysAddExpires == null) {
			ALWAYS_ADD_EXPIRES = !STRICT_SERVLET_COMPLIANCE;
		} else {
			ALWAYS_ADD_EXPIRES =
					Boolean.valueOf(alwaysAddExpires).booleanValue();
		}

		String  fwdSlashIsSeparator = System.getProperty(
				"org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR");
		if (fwdSlashIsSeparator == null) {
			FWD_SLASH_IS_SEPARATOR = STRICT_SERVLET_COMPLIANCE;
		} else {
			FWD_SLASH_IS_SEPARATOR =
					Boolean.valueOf(fwdSlashIsSeparator).booleanValue();
		}

		ALLOW_NAME_ONLY = Boolean.valueOf(System.getProperty(
				"org.apache.tomcat.util.http.ServerCookie.ALLOW_NAME_ONLY",
				"false")).booleanValue();


		/*
        Excluding the '/' char by default violates the RFC, but
        it looks like a lot of people put '/'
        in unquoted values: '/': ; //47
        '\t':9 ' ':32 '\"':34 '(':40 ')':41 ',':44 ':':58 ';':59 '<':60
        '=':61 '>':62 '?':63 '@':64 '[':91 '\\':92 ']':93 '{':123 '}':125
		 */
		if (CookieSupport.FWD_SLASH_IS_SEPARATOR) {
			HTTP_SEPARATORS = new char[] { '\t', ' ', '\"', '(', ')', ',', '/',
					':', ';', '<', '=', '>', '?', '@', '[', '\\', ']', '{', '}' };
		} else {
			HTTP_SEPARATORS = new char[] { '\t', ' ', '\"', '(', ')', ',',
					':', ';', '<', '=', '>', '?', '@', '[', '\\', ']', '{', '}' };
		}
		for (int i = 0; i < 128; i++) {
			V0_SEPARATOR_FLAGS[i] = false;
			HTTP_SEPARATOR_FLAGS[i] = false;
		}
		for (int i = 0; i < V0_SEPARATORS.length; i++) {
			V0_SEPARATOR_FLAGS[V0_SEPARATORS[i]] = true;
		}
		for (int i = 0; i < HTTP_SEPARATORS.length; i++) {
			HTTP_SEPARATOR_FLAGS[HTTP_SEPARATORS[i]] = true;
		}

	}

	// ----------------------------------------------------------------- Methods

	/**
	 * Returns true if the byte is a separator as defined by V0 of the cookie
	 * spec.
	 */
	public static final boolean isV0Separator(final char c) {
		if (c < 0x20 || c >= 0x7f) {
			if (c != 0x09) {
				throw new IllegalArgumentException(
						"Control character in cookie value or attribute.");
			}
		}

		return V0_SEPARATOR_FLAGS[c];
	}

	public static boolean isV0Token(String value) {
		if( value==null) {
			return false;
		}

		int i = 0;
		int len = value.length();

		if (alreadyQuoted(value)) {
			i++;
			len--;
		}

		for (; i < len; i++) {
			char c = value.charAt(i);

			if (isV0Separator(c)) {
				return true;
			}
		}
		return false;
	}

	/**
	 * Returns true if the byte is a separator as defined by V1 of the cookie
	 * spec, RFC2109.
	 * @throws IllegalArgumentException if a control character was supplied as
	 *         input
	 */
	public static final boolean isHttpSeparator(final char c) {
		if (c < 0x20 || c >= 0x7f) {
			if (c != 0x09) {
				throw new IllegalArgumentException(
						"Control character in cookie value or attribute.");
			}
		}

		return HTTP_SEPARATOR_FLAGS[c];
	}

	public static boolean isHttpToken(String value) {
		if( value==null) {
			return false;
		}

		int i = 0;
		int len = value.length();

		if (alreadyQuoted(value)) {
			i++;
			len--;
		}

		for (; i < len; i++) {
			char c = value.charAt(i);

			if (isHttpSeparator(c)) {
				return true;
			}
		}
		return false;
	}

	public static boolean alreadyQuoted (String value) {
		if (value==null || value.length() < 2) {
			return false;
		}
		return (value.charAt(0)=='\"' && value.charAt(value.length()-1)=='\"');
	}


	// ------------------------------------------------------------- Constructor
	private CookieSupport() {
		// Utility class. Don't allow instances to be created.
	}
}