1. /*

  2.  * The Apache Software License, Version 1.1

  3.  *

  4.  * Copyright (c) 1999 The Apache Software Foundation.  All rights 

  5.  * reserved.

  6.  *

  7.  * Redistribution and use in source and binary forms, with or without

  8.  * modification, are permitted provided that the following conditions

  9.  * are met:

  10.  *

  11.  * 1. Redistributions of source code must retain the above copyright

  12.  *    notice, this list of conditions and the following disclaimer. 

  13.  *

  14.  * 2. Redistributions in binary form must reproduce the above copyright

  15.  *    notice, this list of conditions and the following disclaimer in

  16.  *    the documentation and/or other materials provided with the

  17.  *    distribution.

  18.  *

  19.  * 3. The end-user documentation included with the redistribution, if

  20.  *    any, must include the following acknowlegement:  

  21.  *       "This product includes software developed by the 

  22.  *        Apache Software Foundation (http://www.apache.org/)."

  23.  *    Alternately, this acknowlegement may appear in the software itself,

  24.  *    if and wherever such third-party acknowlegements normally appear.

  25.  *

  26.  * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software

  27.  *    Foundation" must not be used to endorse or promote products derived

  28.  *    from this software without prior written permission. For written 

  29.  *    permission, please contact apache@apache.org.

  30.  *

  31.  * 5. Products derived from this software may not be called "Apache"

  32.  *    nor may "Apache" appear in their names without prior written

  33.  *    permission of the Apache Group.

  34.  *

  35.  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED

  36.  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

  37.  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

  38.  * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR

  39.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  40.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

  41.  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF

  42.  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND

  43.  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

  44.  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT

  45.  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  46.  * SUCH DAMAGE.

  47.  * ====================================================================

  48.  *

  49.  * This software consists of voluntary contributions made by many

  50.  * individuals on behalf of the Apache Software Foundation.  For more

  51.  * information on the Apache Software Foundation, please see

  52.  * <http://www.apache.org/>.

  53.  *

  54.  * ====================================================================

  55.  *

  56.  * This source code implements specifications defined by the Java

  57.  * Community Process. In order to remain compliant with the specification

  58.  * DO NOT add / change / or delete method signatures!

  59.  */ 

  60. 

  61. package javax.servlet.http;

  62. 

  63. import java.io.IOException;

  64. import java.text.MessageFormat;

  65. import java.util.ResourceBundle;

  66. 

  67. /**

  68.  *

  69.  * Creates a cookie, a small amount of information sent by a servlet to 

  70.  * a Web browser, saved by the browser, and later sent back to the server.

  71.  * A cookie's value can uniquely 

  72.  * identify a client, so cookies are commonly used for session management.

  73.  * 

  74.  * <p>A cookie has a name, a single value, and optional attributes

  75.  * such as a comment, path and domain qualifiers, a maximum age, and a

  76.  * version number. Some Web browsers have bugs in how they handle the 

  77.  * optional attributes, so use them sparingly to improve the interoperability 

  78.  * of your servlets.

  79.  *

  80.  * <p>The servlet sends cookies to the browser by using the

  81.  * {@link HttpServletResponse#addCookie} method, which adds

  82.  * fields to HTTP response headers to send cookies to the 

  83.  * browser, one at a time. The browser is expected to 

  84.  * support 20 cookies for each Web server, 300 cookies total, and

  85.  * may limit cookie size to 4 KB each.

  86.  * 

  87.  * <p>The browser returns cookies to the servlet by adding 

  88.  * fields to HTTP request headers. Cookies can be retrieved

  89.  * from a request by using the {@link HttpServletRequest#getCookies} method.

  90.  * Several cookies might have the same name but different path attributes.

  91.  * 

  92.  * <p>Cookies affect the caching of the Web pages that use them. 

  93.  * HTTP 1.0 does not cache pages that use cookies created with

  94.  * this class. This class does not support the cache control

  95.  * defined with HTTP 1.1.

  96.  *

  97.  * <p>This class supports both the Version 0 (by Netscape) and Version 1 

  98.  * (by RFC 2109) cookie specifications. By default, cookies are

  99.  * created using Version 0 to ensure the best interoperability.

  100.  *

  101.  *

  102.  * @author	Various

  103.  * @version	$Version$

  104.  *

  105.  */

  106. 

  107. // XXX would implement java.io.Serializable too, but can't do that

  108. // so long as sun.servlet.* must run on older JDK 1.02 JVMs which

  109. // don't include that support.

  110. 

  111. public class Cookie implements Cloneable {

  112. 

  113.     private static final String LSTRING_FILE =

  114. 	"javax.servlet.http.LocalStrings";

  115.     private static ResourceBundle lStrings =

  116. 	ResourceBundle.getBundle(LSTRING_FILE);

  117.     

  118.     //

  119.     // The value of the cookie itself.

  120.     //

  121.     

  122.     private String name;	// NAME= ... "$Name" style is reserved

  123.     private String value;	// value of NAME

  124. 

  125.     //

  126.     // Attributes encoded in the header's cookie fields.

  127.     //

  128.     

  129.     private String comment;	// ;Comment=VALUE ... describes cookie's use

  130. 				// ;Discard ... implied by maxAge < 0

  131.     private String domain;	// ;Domain=VALUE ... domain that sees cookie

  132.     private int maxAge = -1;	// ;Max-Age=VALUE ... cookies auto-expire

  133.     private String path;	// ;Path=VALUE ... URLs that see the cookie

  134.     private boolean secure;	// ;Secure ... e.g. use SSL

  135.     private int version = 0;	// ;Version=1 ... means RFC 2109++ style

  136.     

  137.     

  138. 

  139.     /**

  140.      * Constructs a cookie with a specified name and value.

  141.      *

  142.      * <p>The name must conform to RFC 2109. That means it can contain 

  143.      * only ASCII alphanumeric characters and cannot contain commas, 

  144.      * semicolons, or white space or begin with a $ character. The cookie's

  145.      * name cannot be changed after creation.

  146.      *

  147.      * <p>The value can be anything the server chooses to send. Its

  148.      * value is probably of interest only to the server. The cookie's

  149.      * value can be changed after creation with the

  150.      * <code>setValue</code> method.

  151.      *

  152.      * <p>By default, cookies are created according to the Netscape

  153.      * cookie specification. The version can be changed with the 

  154.      * <code>setVersion</code> method.

  155.      *

  156.      *

  157.      * @param name 			a <code>String</code> specifying the name of the cookie

  158.      *

  159.      * @param value			a <code>String</code> specifying the value of the cookie

  160.      *

  161.      * @throws IllegalArgumentException	if the cookie name contains illegal characters

  162.      *					(for example, a comma, space, or semicolon)

  163.      *					or it is one of the tokens reserved for use

  164.      *					by the cookie protocol

  165.      * @see #setValue

  166.      * @see #setVersion

  167.      *

  168.      */

  169. 

  170.     public Cookie(String name, String value) {

  171. 	if (!isToken(name)

  172. 		|| name.equalsIgnoreCase("Comment")	// rfc2019

  173. 		|| name.equalsIgnoreCase("Discard")	// 2019++

  174. 		|| name.equalsIgnoreCase("Domain")

  175. 		|| name.equalsIgnoreCase("Expires")	// (old cookies)

  176. 		|| name.equalsIgnoreCase("Max-Age")	// rfc2019

  177. 		|| name.equalsIgnoreCase("Path")

  178. 		|| name.equalsIgnoreCase("Secure")

  179. 		|| name.equalsIgnoreCase("Version")

  180. 	    ) {

  181. 	    String errMsg = lStrings.getString("err.cookie_name_is_token");

  182. 	    Object[] errArgs = new Object[1];

  183. 	    errArgs[0] = name;

  184. 	    errMsg = MessageFormat.format(errMsg, errArgs);

  185. 	    throw new IllegalArgumentException(errMsg);

  186. 	}

  187. 

  188. 	this.name = name;

  189. 	this.value = value;

  190.     }

  191. 

  192. 

  193. 

  194. 

  195. 

  196.     /**

  197.      *

  198.      * Specifies a comment that describes a cookie's purpose.

  199.      * The comment is useful if the browser presents the cookie 

  200.      * to the user. Comments

  201.      * are not supported by Netscape Version 0 cookies.

  202.      *

  203.      * @param purpose		a <code>String</code> specifying the comment 

  204.      *				to display to the user

  205.      *

  206.      * @see #getComment

  207.      *

  208.      */

  209. 

  210.     public void setComment(String purpose) {

  211. 	comment = purpose;

  212.     }

  213.     

  214.     

  215.     

  216. 

  217.     /**

  218.      * Returns the comment describing the purpose of this cookie, or

  219.      * <code>null</code> if the cookie has no comment.

  220.      *

  221.      * @return			a <code>String</code> containing the comment,

  222.      *				or <code>null</code> if none

  223.      *

  224.      * @see #setComment

  225.      *

  226.      */ 

  227. 

  228.     public String getComment() {

  229. 	return comment;

  230.     }

  231.     

  232.     

  233.     

  234. 

  235. 

  236.     /**

  237.      *

  238.      * Specifies the domain within which this cookie should be presented.

  239.      *

  240.      * <p>The form of the domain name is specified by RFC 2109. A domain

  241.      * name begins with a dot (<code>.foo.com</code>) and means that

  242.      * the cookie is visible to servers in a specified Domain Name System

  243.      * (DNS) zone (for example, <code>www.foo.com</code>, but not 

  244.      * <code>a.b.foo.com</code>). By default, cookies are only returned

  245.      * to the server that sent them.

  246.      *

  247.      *

  248.      * @param pattern		a <code>String</code> containing the domain name

  249.      *				within which this cookie is visible;

  250.      *				form is according to RFC 2109

  251.      *

  252.      * @see #getDomain

  253.      *

  254.      */

  255. 

  256.     public void setDomain(String pattern) {

  257. 	domain = pattern.toLowerCase();	// IE allegedly needs this

  258.     }

  259.     

  260.     

  261.     

  262.     

  263. 

  264.     /**

  265.      * Returns the domain name set for this cookie. The form of 

  266.      * the domain name is set by RFC 2109.

  267.      *

  268.      * @return			a <code>String</code> containing the domain name

  269.      *

  270.      * @see #setDomain

  271.      *

  272.      */ 

  273. 

  274.     public String getDomain() {

  275. 	return domain;

  276.     }

  277. 

  278. 

  279. 

  280. 

  281.     /**

  282.      * Sets the maximum age of the cookie in seconds.

  283.      *

  284.      * <p>A positive value indicates that the cookie will expire

  285.      * after that many seconds have passed. Note that the value is

  286.      * the <i>maximum</i> age when the cookie will expire, not the cookie's

  287.      * current age.

  288.      *

  289.      * <p>A negative value means

  290.      * that the cookie is not stored persistently and will be deleted

  291.      * when the Web browser exits. A zero value causes the cookie

  292.      * to be deleted.

  293.      *

  294.      * @param expiry		an integer specifying the maximum age of the

  295.      * 				cookie in seconds; if negative, means

  296.      *				the cookie is not stored; if zero, deletes

  297.      *				the cookie

  298.      *

  299.      *

  300.      * @see #getMaxAge

  301.      *

  302.      */

  303. 

  304.     public void setMaxAge(int expiry) {

  305. 	maxAge = expiry;

  306.     }

  307. 

  308. 

  309. 

  310. 

  311.     /**

  312.      * Returns the maximum age of the cookie, specified in seconds,

  313.      * By default, <code>-1</code> indicating the cookie will persist

  314.      * until browser shutdown.

  315.      *

  316.      *

  317.      * @return			an integer specifying the maximum age of the

  318.      *				cookie in seconds; if negative, means

  319.      *				the cookie persists until browser shutdown

  320.      *

  321.      *

  322.      * @see #setMaxAge

  323.      *

  324.      */

  325. 

  326.     public int getMaxAge() {

  327. 	return maxAge;

  328.     }

  329.     

  330.     

  331.     

  332. 

  333.     /**

  334.      * Specifies a path for the cookie

  335.      * to which the client should return the cookie.

  336.      *

  337.      * <p>The cookie is visible to all the pages in the directory

  338.      * you specify, and all the pages in that directory's subdirectories. 

  339.      * A cookie's path must include the servlet that set the cookie,

  340.      * for example, <i>/catalog</i>, which makes the cookie

  341.      * visible to all directories on the server under <i>/catalog</i>.

  342.      *

  343.      * <p>Consult RFC 2109 (available on the Internet) for more

  344.      * information on setting path names for cookies.

  345.      *

  346.      *

  347.      * @param uri		a <code>String</code> specifying a path

  348.      *

  349.      *

  350.      * @see #getPath

  351.      *

  352.      */

  353. 

  354.     public void setPath(String uri) {

  355. 	path = uri;

  356.     }

  357. 

  358. 

  359. 

  360. 

  361.     /**

  362.      * Returns the path on the server 

  363.      * to which the browser returns this cookie. The

  364.      * cookie is visible to all subpaths on the server.

  365.      *

  366.      *

  367.      * @return		a <code>String</code> specifying a path that contains

  368.      *			a servlet name, for example, <i>/catalog</i>

  369.      *

  370.      * @see #setPath

  371.      *

  372.      */ 

  373. 

  374.     public String getPath() {

  375. 	return path;

  376.     }

  377. 

  378. 

  379. 

  380. 

  381. 

  382.     /**

  383.      * Indicates to the browser whether the cookie should only be sent

  384.      * using a secure protocol, such as HTTPS or SSL.

  385.      *

  386.      * <p>The default value is <code>false</code>.

  387.      *

  388.      * @param flag	if <code>true</code>, sends the cookie from the browser

  389.      *			to the server using only when using a secure protocol;

  390.      *			if <code>false</code>, sent on any protocol

  391.      *

  392.      * @see #getSecure

  393.      *

  394.      */

  395.  

  396.     public void setSecure(boolean flag) {

  397. 	secure = flag;

  398.     }

  399. 

  400. 

  401. 

  402. 

  403.     /**

  404.      * Returns <code>true</code> if the browser is sending cookies

  405.      * only over a secure protocol, or <code>false</code> if the

  406.      * browser can send cookies using any protocol.

  407.      *

  408.      * @return		<code>true</code> if the browser uses a secure protocol;

  409.      * 			 otherwise, <code>true</code>

  410.      *

  411.      * @see #setSecure

  412.      *

  413.      */

  414. 

  415.     public boolean getSecure() {

  416. 	return secure;

  417.     }

  418. 

  419. 

  420. 

  421. 

  422. 

  423.     /**

  424.      * Returns the name of the cookie. The name cannot be changed after

  425.      * creation.

  426.      *

  427.      * @return		a <code>String</code> specifying the cookie's name

  428.      *

  429.      */

  430. 

  431.     public String getName() {

  432. 	return name;

  433.     }

  434. 

  435. 

  436. 

  437. 

  438. 

  439.     /**

  440.      *

  441.      * Assigns a new value to a cookie after the cookie is created.

  442.      * If you use a binary value, you may want to use BASE64 encoding.

  443.      *

  444.      * <p>With Version 0 cookies, values should not contain white 

  445.      * space, brackets, parentheses, equals signs, commas,

  446.      * double quotes, slashes, question marks, at signs, colons,

  447.      * and semicolons. Empty values may not behave the same way

  448.      * on all browsers.

  449.      *

  450.      * @param newValue		a <code>String</code> specifying the new value 

  451.      *

  452.      *

  453.      * @see #getValue

  454.      * @see Cookie

  455.      *

  456.      */

  457. 

  458.     public void setValue(String newValue) {

  459. 	value = newValue;

  460.     }

  461. 

  462. 

  463. 

  464. 

  465.     /**

  466.      * Returns the value of the cookie.

  467.      *

  468.      * @return			a <code>String</code> containing the cookie's

  469.      *				present value

  470.      *

  471.      * @see #setValue

  472.      * @see Cookie

  473.      *

  474.      */

  475. 

  476.     public String getValue() {

  477. 	return value;

  478.     }

  479. 

  480. 

  481. 

  482. 

  483.     /**

  484.      * Returns the version of the protocol this cookie complies 

  485.      * with. Version 1 complies with RFC 2109, 

  486.      * and version 0 complies with the original

  487.      * cookie specification drafted by Netscape. Cookies provided

  488.      * by a browser use and identify the browser's cookie version.

  489.      * 

  490.      *

  491.      * @return			0 if the cookie complies with the

  492.      *				original Netscape specification; 1

  493.      *				if the cookie complies with RFC 2109

  494.      *

  495.      * @see #setVersion

  496.      *

  497.      */

  498. 

  499.     public int getVersion() {

  500. 	return version;

  501.     }

  502. 

  503. 

  504. 

  505. 

  506.     /**

  507.      * Sets the version of the cookie protocol this cookie complies

  508.      * with. Version 0 complies with the original Netscape cookie

  509.      * specification. Version 1 complies with RFC 2109.

  510.      *

  511.      * <p>Since RFC 2109 is still somewhat new, consider

  512.      * version 1 as experimental; do not use it yet on production sites.

  513.      *

  514.      *

  515.      * @param v			0 if the cookie should comply with 

  516.      *				the original Netscape specification;

  517.      *				1 if the cookie should comply with RFC 2109

  518.      *

  519.      * @see #getVersion

  520.      *

  521.      */

  522. 

  523.     public void setVersion(int v) {

  524. 	version = v;

  525.     }

  526. 

  527.     // Note -- disabled for now to allow full Netscape compatibility

  528.     // from RFC 2068, token special case characters

  529.     // 

  530.     // private static final String tspecials = "()<>@,;:\\\"/[]?={} \t";

  531. 

  532.     private static final String tspecials = ",;";

  533.     

  534.     

  535.     

  536. 

  537.     /*

  538.      * Tests a string and returns true if the string counts as a 

  539.      * reserved token in the Java language.

  540.      * 

  541.      * @param value		the <code>String</code> to be tested

  542.      *

  543.      * @return			<code>true</code> if the <code>String</code> is

  544.      *				a reserved token; <code>false</code>

  545.      *				if it is not			

  546.      */

  547. 

  548.     private boolean isToken(String value) {

  549. 	int len = value.length();

  550. 

  551. 	for (int i = 0; i < len; i++) {

  552. 	    char c = value.charAt(i);

  553. 

  554. 	    if (c < 0x20 || c >= 0x7f || tspecials.indexOf(c) != -1)

  555. 		return false;

  556. 	}

  557. 	return true;

  558.     }

  559. 

  560. 

  561. 

  562. 

  563. 

  564. 

  565.     /**

  566.      *

  567.      * Overrides the standard <code>java.lang.Object.clone</code> 

  568.      * method to return a copy of this cookie.

  569.      *		

  570.      *

  571.      */

  572. 

  573.     public Object clone() {

  574. 	try {

  575. 	    return super.clone();

  576. 	} catch (CloneNotSupportedException e) {

  577. 	    throw new RuntimeException(e.getMessage());

  578. 	}

  579.     }

  580. }

  581.