myfaces-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jak...@apache.org
Subject svn commit: r1136967 - /myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java
Date Fri, 17 Jun 2011 18:25:49 GMT
Author: jakobk
Date: Fri Jun 17 18:25:49 2011
New Revision: 1136967

URL: http://svn.apache.org/viewvc?rev=1136967&view=rev
Log:
MYFACES-3177 Add secure flag for cookies if the page is accessed over a secure protocol

Modified:
    myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java

Modified: myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java?rev=1136967&r1=1136966&r2=1136967&view=diff
==============================================================================
--- myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java
(original)
+++ myfaces/shared/trunk_4.0.x/core/src/main/java/org/apache/myfaces/shared/context/flash/FlashImpl.java
Fri Jun 17 18:25:49 2011
@@ -26,6 +26,7 @@ import javax.faces.context.ExternalConte
 import javax.faces.context.FacesContext;
 import javax.faces.context.Flash;
 import javax.faces.event.PhaseId;
+import javax.servlet.ServletRequest;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
 import java.io.Serializable;
@@ -39,7 +40,6 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.atomic.AtomicLong;
-import java.util.logging.Level;
 import java.util.logging.Logger;
 
 /**
@@ -588,9 +588,7 @@ public class FlashImpl extends Flash
                 .getHttpServletResponse(externalContext);
         if (httpResponse != null)
         {
-            Cookie cookie = new Cookie(FLASH_REDIRECT, "true");
-            cookie.setMaxAge(-1);
-            cookie.setPath(_getCookiePath(externalContext));
+            Cookie cookie = _createFlashCookie(FLASH_REDIRECT, "true", externalContext);
             httpResponse.addCookie(cookie);
         }
         else
@@ -598,7 +596,7 @@ public class FlashImpl extends Flash
             externalContext.getSessionMap().put(FLASH_REDIRECT, true);
         }
     }
-    
+
     /**
      * Restores the redirect value of the previous request and saves
      * it in the RequestMap under the key FLASH_PREVIOUS_REQUEST_REDIRECT.
@@ -734,9 +732,7 @@ public class FlashImpl extends Flash
         HttpServletResponse httpResponse = ExternalContextUtils.getHttpServletResponse(externalContext);
         if (httpResponse != null)
         {
-            Cookie cookie = new Cookie(FLASH_RENDER_MAP_TOKEN, tokenValue);
-            cookie.setMaxAge(-1);
-            cookie.setPath(_getCookiePath(externalContext));
+            Cookie cookie = _createFlashCookie(FLASH_RENDER_MAP_TOKEN, tokenValue, externalContext);
             httpResponse.addCookie(cookie);
         }
         else
@@ -1004,6 +1000,26 @@ public class FlashImpl extends Flash
     }
 
     /**
+     * Creates a Cookie with the given name and value.
+     * In addition, it will be configured with maxAge=-1, the current request path and secure
value.
+     *
+     * @param name
+     * @param value
+     * @param externalContext
+     * @return
+     */
+    private Cookie _createFlashCookie(String name, String value, ExternalContext externalContext)
+    {
+        Cookie cookie = new Cookie(name, value);
+
+        cookie.setMaxAge(-1);
+        cookie.setPath(_getCookiePath(externalContext));
+        cookie.setSecure(_isCurrentRequestSecure(externalContext));
+
+        return cookie;
+    }
+
+    /**
      * Returns the path for the Flash-Cookies.
      * @param externalContext
      * @return
@@ -1019,6 +1035,27 @@ public class FlashImpl extends Flash
 
         return contextPath;
     }
+
+    /**
+     * Return true if the current request is secure (--> HTTPS).
+     *
+     * @param externalContext
+     * @return
+     */
+    private boolean _isCurrentRequestSecure(ExternalContext externalContext)
+    {
+        boolean secure = false;
+
+        // NOTE that ExternalContext.isSecure() is only available
+        // since JSF 2.1, thus we have to check ServletRequest directly here
+        Object requestObject = externalContext.getRequest();
+        if (requestObject instanceof ServletRequest)
+        {
+            secure = ((ServletRequest) requestObject).isSecure();
+        }
+
+        return secure;
+    }
     
     /**
      * Convert the Object to a Boolean.



Mime
View raw message