keycloak-aplcache

Merge pull request #1247 from Smartling/KEYCLOAK-1299 Add …

5/12/2015 2:26:50 AM

Servlet 2.x support to the Spring Security adapter

Stian Thorgersen

Commit: 5aa9024

Tree: 01516d5

Parents: 224f85b
4d32ac8

Changes

integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletResponse.java 19(+18 -1)

integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletResponseTest.java 1(+1 -0)

Details

integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletResponse.java 19(+18 -1)

diff --git a/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletResponse.java b/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletResponse.java
index c0b5759..ade1b21 100644
--- a/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletResponse.java
+++ b/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletResponse.java
@@ -1,11 +1,15 @@
 package org.keycloak.adapters.springsecurity.facade;
 
 import org.keycloak.adapters.HttpFacade.Response;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.OutputStream;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
 
 /**
  * Concrete Keycloak {@link Response response} implementation wrapping an {@link HttpServletResponse}.
@@ -15,6 +19,7 @@ import java.io.OutputStream;
  */
 class WrappedHttpServletResponse implements Response {
 
+    private static final Logger log = LoggerFactory.getLogger(WrappedHttpServletResponse.class);
     private final HttpServletResponse response;
 
     /**
@@ -50,11 +55,23 @@ class WrappedHttpServletResponse implements Response {
 
         cookie.setMaxAge(maxAge);
         cookie.setSecure(secure);
-        cookie.setHttpOnly(httpOnly);
+        this.setHttpOnly(cookie, httpOnly);
 
         response.addCookie(cookie);
     }
 
+    private void setHttpOnly(Cookie cookie, boolean httpOnly) {
+        Method method;
+        try {
+            method = Cookie.class.getMethod("setHttpOnly", boolean.class);
+            method.invoke(cookie, httpOnly);
+        } catch (NoSuchMethodException e) {
+            log.warn("Unable to set httpOnly on cookie [{}]; no such method on javax.servlet.http.Cookie", cookie.getName());
+        } catch (ReflectiveOperationException e) {
+            log.error("Unable to set httpOnly on cookie [{}]", cookie.getName(), e);
+        }
+    }
+
     @Override
     public void setStatus(int status) {
         response.setStatus(status);

integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletResponseTest.java 1(+1 -0)

diff --git a/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletResponseTest.java b/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletResponseTest.java
index 408d9c5..2dd3a8c 100644
--- a/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletResponseTest.java
+++ b/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/facade/WrappedHttpServletResponseTest.java
@@ -48,6 +48,7 @@ public class WrappedHttpServletResponseTest {
         assertEquals(COOKIE_DOMAIN, mockResponse.getCookie(COOKIE_NAME).getDomain());
         assertEquals(maxAge, mockResponse.getCookie(COOKIE_NAME).getMaxAge());
         assertEquals(COOKIE_VALUE, mockResponse.getCookie(COOKIE_NAME).getValue());
+        assertEquals(true, mockResponse.getCookie(COOKIE_NAME).isHttpOnly());
     }
 
     @Test