GitHub-Spring
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Port call setHttpOnly property on Tomcat context 

Port "setHttpOnly on the TomcatContext" fix from commit 4d84933ee4 to
2.0.x. Since `Session` details are now configured on the
`WebServerFactory` we can directly configure the context.

See gh-12580
pull/13312/merge
Phillip Webb 8 years ago
parent
e38d5f910b
commit
587df6a07a
2 changed files with 15 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactory.java
  2. 11
      spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactoryTests.java

4
spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactory.java
Unescape View File

@ -354,6 +354,10 @@ public class TomcatServletWebServerFactory extends AbstractServletWebServerFacto @@ -354,6 +354,10 @@ public class TomcatServletWebServerFactory extends AbstractServletWebServerFacto
private void configureSession(Context context) {
long sessionTimeout = getSessionTimeoutInMinutes();
context.setSessionTimeout((int) sessionTimeout);
Boolean httpOnly = getSession().getCookie().getHttpOnly();
if (httpOnly != null) {
context.setUseHttpOnly(httpOnly);
}
if (getSession().isPersistent()) {
Manager manager = context.getManager();
if (manager == null) {

11
spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactoryTests.java
Unescape View File

@ -420,6 +420,17 @@ public class TomcatServletWebServerFactoryTests @@ -420,6 +420,17 @@ public class TomcatServletWebServerFactoryTests
assertThat(tldSkipSet).contains("foo.jar", "bar.jar");
}
@Test
public void customTomcatHttpOnlyCookie() {
TomcatServletWebServerFactory factory = getFactory();
factory.getSession().getCookie().setHttpOnly(false);
this.webServer = factory.getWebServer();
this.webServer.start();
Tomcat tomcat = ((TomcatWebServer) this.webServer).getTomcat();
Context context = (Context) tomcat.getHost().findChildren()[0];
assertThat(context.getUseHttpOnly()).isFalse();
}
@Override
protected JspServlet getJspServlet() throws ServletException {
Tomcat tomcat = ((TomcatWebServer) this.webServer).getTomcat();

Write Preview
Loading…
Cancel
Save