diff --git a/htroot/CookieTest_p.java b/htroot/CookieTest_p.java index 5d445caa5..891692b4d 100644 --- a/htroot/CookieTest_p.java +++ b/htroot/CookieTest_p.java @@ -27,12 +27,9 @@ // javac -classpath .:../classes index.java // if the shell's current path is HTROOT -import java.util.Iterator; -import java.util.Map; +import javax.servlet.http.Cookie; import net.yacy.cora.protocol.RequestHeader; - import net.yacy.cora.protocol.ResponseHeader; -import net.yacy.cora.util.CommonPattern; import net.yacy.server.serverObjects; import net.yacy.server.serverSwitch; import net.yacy.server.servletProperties; @@ -53,22 +50,14 @@ public class CookieTest_p { final servletProperties prop = new servletProperties(); if (post.containsKey("act") && "clear_cookie".equals(post.get("act"))) { final ResponseHeader outgoingHeader = new ResponseHeader(200); - final Iterator> it = header.entrySet().iterator(); - Map.Entry e; - while (it.hasNext()) { - e = it.next(); - if ("Cookie".equals(e.getKey())) { - final String cookies[] = CommonPattern.SEMICOLON.split(e.getValue()); - for (final String cookie : cookies) { - final String nameValue[] = cookie.split("="); - outgoingHeader.setCookie(nameValue[0].trim(), nameValue.length > 1 ? (nameValue[1].trim()) : ""); - } + Cookie[] cookies = header.getCookies(); + if (cookies != null) { + for (final Cookie cookie : cookies) { + outgoingHeader.setCookie(cookie.getName(), cookie.getValue(), cookie.getMaxAge(), cookie.getPath(), cookie.getDomain(), cookie.getSecure()); } } - prop.setOutgoingHeader(outgoingHeader); prop.put("coockiesout", "0"); - //header. } else if (post.containsKey("act") && "set_cookie".equals(post.get("act"))) { final String cookieName = post.get("cookie_name").trim(); @@ -80,15 +69,15 @@ public class CookieTest_p { prop.put("cookiesin", "1"); prop.putHTML("cookiesin_0_name", cookieName); prop.putHTML("cookiesin_0_value", cookieValue); - //header. } - //prop.put("cookiesout", "1"); - String[] cookielst = header.getHeaderCookies().split(";"); + Cookie[] cookielst = header.getCookies(); int i = 0; - for (String singleco : cookielst) { - prop.putHTML("cookiesout_" + i + "_string", singleco + ";"); // output with ";" for compatiblity with cookiesin - i++; + if (cookielst != null) { + for (Cookie singleco : cookielst) { + prop.putHTML("cookiesout_" + i + "_string", singleco.getName() + "=" + singleco.getValue() + ";"); // output with ";" for compatiblity with cookiesin + i++; + } } prop.put("cookiesout", i); return prop; diff --git a/htroot/User.java b/htroot/User.java index ec0a2d780..22ebba5dd 100644 --- a/htroot/User.java +++ b/htroot/User.java @@ -59,7 +59,7 @@ public class User{ prop.put("logged-in_identified-by", "1"); //try via cookie }else{ - entry=sb.userDB.cookieAuth(requestHeader.getHeaderCookies()); + entry=sb.userDB.cookieAuth(requestHeader.getCookies()); prop.put("logged-in_identified-by", "2"); //try via ip if(entry == null){ @@ -159,7 +159,7 @@ public class User{ prop.put("logged-in", "0"); if(entry != null){ final String ip = requestHeader.getRemoteAddr(); - entry.logout((ip != null ? ip : "xxxxxx"), UserDB.getLoginToken(requestHeader.getHeaderCookies())); //todo: logout cookie + entry.logout((ip != null ? ip : "xxxxxx"), UserDB.getLoginToken(requestHeader.getCookies())); } try { requestHeader.logout(); // servlet container session logout diff --git a/source/net/yacy/cora/protocol/RequestHeader.java b/source/net/yacy/cora/protocol/RequestHeader.java index bfdfb2e1a..eebc6e865 100644 --- a/source/net/yacy/cora/protocol/RequestHeader.java +++ b/source/net/yacy/cora/protocol/RequestHeader.java @@ -152,8 +152,10 @@ public class RequestHeader extends HeaderFramework implements HttpServletRequest * * @return String with cookies separated by ';' * @see getCookies() + * @deprecated depreceated since 1.92, use getCookies() */ - public String getHeaderCookies() { // TODO: harmonize with standard getCookies + @Deprecated + public String getHeaderCookies() { String cookiestring = this.get(COOKIE); // get from legacy or HttpServletRequest if (cookiestring == null) { return ""; diff --git a/source/net/yacy/cora/protocol/ResponseHeader.java b/source/net/yacy/cora/protocol/ResponseHeader.java index 2c3d44c49..ca5a07ab3 100644 --- a/source/net/yacy/cora/protocol/ResponseHeader.java +++ b/source/net/yacy/cora/protocol/ResponseHeader.java @@ -158,7 +158,7 @@ public class ResponseHeader extends HeaderFramework { if (!name.isEmpty()) { if (this.cookieStore == null) this.cookieStore = new ArrayList(); Cookie c = new Cookie (name, value); - if (maxage != null) c.setMaxAge(maxage); + if (maxage != null && maxage >= 0) c.setMaxAge(maxage); if (path != null) c.setPath(path); if (domain != null) c.setDomain(domain); if (secure) c.setSecure(secure); diff --git a/source/net/yacy/data/UserDB.java b/source/net/yacy/data/UserDB.java index fec81d0ed..1372c8c07 100644 --- a/source/net/yacy/data/UserDB.java +++ b/source/net/yacy/data/UserDB.java @@ -35,6 +35,7 @@ import java.util.HashSet; import java.util.Iterator; import java.util.Map; import java.util.Random; +import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import net.yacy.cora.document.encoding.UTF8; @@ -43,7 +44,6 @@ import net.yacy.cora.order.CloneableIterator; import net.yacy.cora.order.Digest; import net.yacy.cora.order.NaturalOrder; import net.yacy.cora.protocol.RequestHeader; -import net.yacy.cora.util.CommonPattern; import net.yacy.cora.util.ConcurrentLog; import net.yacy.cora.util.SpaceExceededException; import net.yacy.kelondro.blob.MapHeap; @@ -159,15 +159,15 @@ public final class UserDB { } public Entry getUser(final RequestHeader header){ - return getUser(header.get(RequestHeader.AUTHORIZATION), header.getHeaderCookies()); + return getUser(header.get(RequestHeader.AUTHORIZATION), header.getCookies()); } - public Entry getUser(final String auth, final String cookies){ + public Entry getUser(final String auth, final Cookie[] cookies){ Entry entry=null; if(auth != null) { entry=proxyAuth(auth); } - if(entry == null) { + if(entry == null && cookies != null) { entry=cookieAuth(cookies); } return entry; @@ -180,7 +180,7 @@ public final class UserDB { * @param auth http-headerline for authorisation. * @param cookies */ - public boolean hasAdminRight(final String auth, final String cookies) { + public boolean hasAdminRight(final String auth, final Cookie[] cookies) { final Entry entry = getUser(auth, cookies); return (entry != null) ? entry.hasRight(AccessRight.ADMIN_RIGHT) : false; } @@ -255,8 +255,15 @@ public final class UserDB { return null; } - public Entry cookieAuth(final String cookieString){ - final String token = getLoginToken(cookieString); + /** + * Returns the user entry matching the cookie login token created and set + * on login. + * + * @param cookies + * @return user entry or null + */ + public Entry cookieAuth(final Cookie[] cookies){ + final String token = getLoginToken(cookies); if (cookieUsers.containsKey(token)) { final Entry entry = cookieUsers.get(token); return entry; @@ -270,13 +277,18 @@ public final class UserDB { cookieUsers.put(token, entry); return token; } - - public static String getLoginToken(final String cookies){ - final String[] cookie = CommonPattern.SEMICOLON.split(cookies); //TODO: Mozilla uses "; " - for (final String c :cookie) { - String[] pair = c.split("="); - if (pair[0].trim().equals("login")) { - return pair[1].trim(); + + /** + * Extracts the token set as value in a cookie with name "login" + * @param cookies + * @return login token string + */ + public static String getLoginToken(final Cookie[] cookies) { + if (cookies != null) { + for (final Cookie c : cookies) { + if (c.getName().equals("login")) { + return c.getValue().trim(); + } } } return ""; diff --git a/source/net/yacy/search/Switchboard.java b/source/net/yacy/search/Switchboard.java index d95df41a5..cd6dda9f7 100644 --- a/source/net/yacy/search/Switchboard.java +++ b/source/net/yacy/search/Switchboard.java @@ -3574,7 +3574,7 @@ public final class Switchboard extends serverSwitch { } // authorization by hit in userDB (authtype username:encodedpassword - handed over by DefaultServlet) - if ( this.userDB.hasAdminRight(realmProp, requestHeader.getHeaderCookies()) ) { + if ( this.userDB.hasAdminRight(realmProp, requestHeader.getCookies()) ) { adminAuthenticationLastAccess = System.currentTimeMillis(); return 4; //return, because 4=max }