Index: ServletContext.java
===================================================================
RCS file: /cvs/glassfish/servlet-api/src/jakarta-servletapi-5/jsr154/src/share/javax/servlet/ServletContext.java,v
retrieving revision 1.7.6.1
diff -u -r1.7.6.1 ServletContext.java
--- ServletContext.java 17 Apr 2008 20:15:00 -0000 1.7.6.1
+++ ServletContext.java 5 May 2008 19:23:15 -0000
@@ -59,6 +59,7 @@
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
+import java.util.EnumSet;
import java.util.Enumeration;
import java.util.Set;
@@ -704,6 +705,80 @@
*/
public String getServletContextName();
+
+ /**
+ * Sets the session tracking cookie configuration for this
+ * <tt>ServletContext</tt>.
+ *
+ * <p>The given <tt>sessionCookieConfig</tt> replaces any
+ * session tracking cookie configuration that was set by a previous
+ * invocation of this method on this <tt>ServletContext</tt>.
+ *
+ * @param sessionCookieConfig the configuration of the session
+ * tracking cookies for this <tt>ServletContext</tt>
+ *
+ * @throws IllegalStateException if this <tt>ServletContext</tt> has
+ * already been initialized
+ */
+ public void setSessionCookieConfig(SessionCookieConfig sessionCookieConfig);
+
+ /**
+ * Gets the session tracking cookie configuration of this
+ * <tt>ServletContext</tt>.
+ *
+ * @return the session tracking cookie configuration of this
+ * <tt>ServletContext</tt>, or <tt>null</tt> if
+ * {@link #setSessionCookieConfig setSessionCookieConfig} was never
+ * called on this <tt>ServletContext</tt>
+ */
+ public SessionCookieConfig getSessionCookieConfig();
+
+ /**
+ * Sets the session tracking modes that are to become effective for this
+ * <tt>ServletContext</tt>.
+ *
+ * <p>The given <tt>sessionTrackingModes</tt> replaces any
+ * session tracking modes set by a previous invocation of this
+ * method on this <tt>ServletContext</tt>.
+ *
+ * @param sessionTrackingModes enum set of session tracking modes to
+ * become effective for this <tt>ServletContext</tt>
+ *
+ * @throws IllegalStateException if this <tt>ServletContext</tt> has
+ * already been initialized
+ * @throws IllegalArgumentException if <tt>sessionTrackingModes</tt>
+ * specifies a combination of <tt>SessionTrackingMode.SSL</tt> with a
+ * session tracking mode other than <tt>SessionTrackingMode.SSL</tt>,
+ * or if <tt>sessionTrackingModes</tt> specifies a session tracking mode
+ * that is not supported by the servlet container
+ */
+ public void setSessionTrackingModes(EnumSet<SessionTrackingMode> sessionTrackingModes);
+
+ /**
+ * Gets the session tracking modes that are supported by default for this
+ * <tt>ServletContext</tt>.
+ *
+ * @return enum set of the session tracking modes supported by default for
+ * this <tt>ServletContext</tt>
+ */
+ public EnumSet<SessionTrackingMode> getDefaultSessionTrackingModes();
+
+ /**
+ * Gets the session tracking modes that are in effect for this
+ * <tt>ServletContext</tt>.
+ *
+ * <p>The session tracking modes in effect are those provided to
+ * {@link #setSessionTrackingModes setSessionTrackingModes}.
+ *
+ * <p>By default, the session tracking modes returned by
+ * {@link #getDefaultSessionTrackingModes getDefaultSessionTrackingModes}
+ * are in effect.
+ *
+ * @return enum set of the session tracking modes in effect for this
+ * <tt>ServletContext</tt>
+ */
+ public EnumSet<SessionTrackingMode> getEffectiveSessionTrackingModes();
+
}
------------------------------------------------------------------------------------------------------- package javax.servlet;
/**
* Enumeration of session tracking modes.
*
* @since 3.0
*/
public enum SessionTrackingMode {
COOKIE,
URL,
SSL
}
------------------------------------------------------------------------------------------------------- package javax.servlet;
/**
* Session tracking cookie configuration class.
*
* @since 3.0
*/
public class SessionCookieConfig {
private String domain;
private String path;
private String comment;
private boolean isHttpOnly;
private boolean isSecure;
/**
* Constructor.
*
* <p>If <tt>isHttpOnly</tt> is <tt>true</tt>, any session
* tracking cookies configured by this <tt>SessionCookieConfig</tt>
* will be marked as <i>HttpOnly</i>, by adding the <tt>HttpOnly</tt>
* attribute to them. <i>HttpOnly</i> cookies are not supposed to be
* exposed to client-side scripting code, and may therefore help
* mitigate certain kinds of cross-site scripting attacks.
*
* <p>If <tt>isSecure</tt> is <tt>true</tt>, any session
* tracking cookie configured by this <tt>SessionCookieConfig</tt>
* will be marked as <i>secure</i>, even if the request that initiated
* the corresponding session is using plain HTTP instead of a secure
* protocol such as HTTPS.
* If <tt>isSecure</tt> is <tt>false</tt>, any session tracking
* cookie configured by this <tt>SessionCookieConfig</tt> will be marked
* as <i>secure</i> only if the request that initiated the corresponding
* session is also secure.
*
* @param domain The domain assigned to any session tracking cookie
* configured by this <tt>SessionCookieConfig</tt>
* @param path The path assigned to any session tracking cookie
* configured by this <tt>SessionCookieConfig</tt>, or <tt>null</tt> if the
* context path of the <tt>ServletContext</tt> with which this
* <tt>SessionCookieConfig</tt> has been associated is to be used
* as the cookie path
* @param comment The comment assigned to any session tracking cookie
* configured by this <tt>SessionCookieConfig</tt>
* @param isHttpOnly true if any session tracking cookies configured
* by this <tt>SessionCookieConfig</tt> will be marked as <i>HttpOnly</i>,
* false otherwise
* @param isSecure true if any session tracking ccokie configured by
* this <tt>SessionCookieConfig</tt> will be marked as <i>secure</i>
* even if the request that initiated the corresponding session is
* using plain HTTP instead of HTTPS, and false if any session tracking
* cookie configured by this <tt>SessionCookieConfig</tt> will be marked
* as <i>secure</i> only if the request that initiated the corresponding
* session is also secure
*
* @see javax.servlet.http.Cookie#setDomain(String)
* @see javax.servlet.http.Cookie#setPath(String)
* @see javax.servlet.http.Cookie#setComment(String)
* @see javax.servlet.http.Cookie#setHttpOnly(boolean)
* @see javax.servlet.http.Cookie#setSecure(boolean)
* @see ServletContext#setSessionCookieConfig
*/
public SessionCookieConfig(String domain, String path, String comment,
boolean isHttpOnly, boolean isSecure) {
this.domain = domain;
this.path = path;
this.comment = comment;
this.isHttpOnly = isHttpOnly;
this.isSecure = isSecure;
}
/**
* Gets the domain assigned to any session tracking cookie configured
* by this <tt>SessionCookieConfig</tt>.
*
* @return the session tracking cookie domain
*
* @see javax.servlet.http.Cookie#getDomain()
*/
public String getDomain() {
return domain;
}
/**
* Gets the path assigned to any session tracking cookie configured
* by this <tt>SessionCookieConfig</tt>.
*
* @return the session tracking cookie path
*
* @see javax.servlet.http.Cookie#getPath()
*/
public String getPath() {
return path;
}
/**
* Gets the comment assigned to any session tracking cookie configured
* by this <tt>SessionCookieConfig</tt>.
*
* @return the session tracking cookie comment
*
* @see javax.servlet.http.Cookie#getComment()
*/
public String getComment() {
return comment;
}
/**
* Checks if any session tracking cookies configured by this
* <tt>SessionCookieConfig</tt> will be marked as <i>HttpOnly</i>.
*
* @return true if any session tracking cookies configured by this
* <tt>SessionCookieConfig</tt> will be marked as <i>HttpOnly</i>,
* false otherwise
*
* @see javax.servlet.http.Cookie#isHttpOnly(boolean)
*/
public boolean isHttpOnly() {
return isHttpOnly;
}
/**
* Checks if any session tracking cookie configured by this
* <tt>SessionCookieConfig</tt> will be marked as <i>secure</i> even
* if the request that initiated the corresponding session is using
* plain HTTP instead of HTTPS.
*
* @return true if any session tracking cookie configured by this
* <tt>SessionCookieConfig</tt> will be marked as <i>secure</i> even
* if the request that initiated the corresponding session is using
* plain HTTP instead of HTTPS, and false if any session tracking
* cookie configured by this <tt>SessionCookieConfig</tt> will be marked
* as <i>secure</i> only if the request that initiated the corresponding
* session is also secure.
*
* @see javax.servlet.http.Cookie#getSecure()
* @see ServletRequest#isSecure()
*/
public boolean isSecure() {
return isSecure;
}
}
|
