Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4437

Bug in CookieInterceptor

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.20
    • Fix Version/s: 2.3.24
    • Component/s: Core Interceptors
    • Labels:
      None

      Description

      Sorry, I don't have an environment set up to create a patch, but I found an error in the CookieInterceptor.isAccepted() method. It currently looks like:

      /**
       * Checks if name of Cookie match {@link #acceptedPattern}
       *
       * @param name of Cookie
       * @return true|false
       */
      protected boolean isAccepted(String name) {
          boolean matches = acceptedPattern.matcher(name).matches();
          if (matches) {
              if (LOG.isTraceEnabled()) {
                  LOG.trace("Cookie [#0] matches acceptedPattern [#1]", name, ACCEPTED_PATTERN);
              }
          } else {
              if (LOG.isTraceEnabled()) {
                  LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]", name, ACCEPTED_PATTERN);
              }
          }
          return matches;
      }
      

      But it would be more useful if it actually reported the RegEx being used instead of the default. And, it would be more performant if the comparisons were reversed. So something more like:

      /**
       * Checks if name of Cookie match {@link #acceptedPattern}
       *
       * @param name of Cookie
       * @return true|false
       */
      protected boolean isAccepted (String name) {
        boolean matches = acceptedPattern.matcher(name).matches();
        if(LOG.isTraceEnabled()) {   
          if(matches) {
            LOG.trace("Cookie [#0] matches acceptedPattern [#1]",name,acceptedPattern.pattern());
          } else {
            LOG.trace("Cookie [#0] doesn't match acceptedPattern [#1]",name,acceptedPattern.pattern());
          }
        }
        return matches;
      }
      

      In addition, it looks like the default and the override are handled differently. The current code compiles the default case-insensitive, but not the override pattern. Shouldn't that be consistent?

      private Pattern acceptedPattern = Pattern.compile(ACCEPTED_PATTERN,Pattern.CASE_INSENSITIVE);
      
      public void setAcceptCookieNames (String pattern) {
        acceptedPattern = Pattern.compile(pattern);
      }
      

        Attachments

          Activity

            People

            • Assignee:
              lukaszlenart Lukasz Lenart
              Reporter:
              planetpratt Chris Pratt
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: