Add Servlet 2.x support to the Spring Security adapter

Cookie.setHttpOnly() was added in Servlet 3.0. Make setting a
cookie as HttpOnly dependent on servlet version.
This commit is contained in:
Scott Rossillo 2015-05-11 19:48:16 -04:00
parent 224f85b981
commit 4d32ac8765
2 changed files with 19 additions and 1 deletions

View file

@ -1,11 +1,15 @@
package org.keycloak.adapters.springsecurity.facade;
import org.keycloak.adapters.HttpFacade.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.OutputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
/**
* Concrete Keycloak {@link Response response} implementation wrapping an {@link HttpServletResponse}.
@ -15,6 +19,7 @@ import java.io.OutputStream;
*/
class WrappedHttpServletResponse implements Response {
private static final Logger log = LoggerFactory.getLogger(WrappedHttpServletResponse.class);
private final HttpServletResponse response;
/**
@ -50,11 +55,23 @@ class WrappedHttpServletResponse implements Response {
cookie.setMaxAge(maxAge);
cookie.setSecure(secure);
cookie.setHttpOnly(httpOnly);
this.setHttpOnly(cookie, httpOnly);
response.addCookie(cookie);
}
private void setHttpOnly(Cookie cookie, boolean httpOnly) {
Method method;
try {
method = Cookie.class.getMethod("setHttpOnly", boolean.class);
method.invoke(cookie, httpOnly);
} catch (NoSuchMethodException e) {
log.warn("Unable to set httpOnly on cookie [{}]; no such method on javax.servlet.http.Cookie", cookie.getName());
} catch (ReflectiveOperationException e) {
log.error("Unable to set httpOnly on cookie [{}]", cookie.getName(), e);
}
}
@Override
public void setStatus(int status) {
response.setStatus(status);

View file

@ -48,6 +48,7 @@ public class WrappedHttpServletResponseTest {
assertEquals(COOKIE_DOMAIN, mockResponse.getCookie(COOKIE_NAME).getDomain());
assertEquals(maxAge, mockResponse.getCookie(COOKIE_NAME).getMaxAge());
assertEquals(COOKIE_VALUE, mockResponse.getCookie(COOKIE_NAME).getValue());
assertEquals(true, mockResponse.getCookie(COOKIE_NAME).isHttpOnly());
}
@Test