Direct link to this page
JDK 1.6
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318
/* * %W% %E% * * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ package java.net; import java.util.Map; import java.util.List; import java.util.Collections; import java.util.Comparator; import java.io.IOException; /** * CookieManager provides a concrete implementation of {@link CookieHandler}, * which separates the storage of cookies from the policy surrounding accepting * and rejecting cookies. A CookieManager is initialized with a {@link CookieStore} * which manages storage, and a {@link CookiePolicy} object, which makes * policy decisions on cookie acceptance/rejection. * * <p> The HTTP cookie management in java.net package looks like: * <blockquote> * <pre> * use * CookieHandler <------- HttpURLConnection * ^ * | impl * | use * CookieManager -------> CookiePolicy * | use * |--------> HttpCookie * | ^ * | | use * | use | * |--------> CookieStore * ^ * | impl * | * Internal in-memory implementation * </pre> * <ul> * <li> * CookieHandler is at the core of cookie management. User can call * CookieHandler.setDefault to set a concrete CookieHanlder implementation * to be used. * </li> * <li> * CookiePolicy.shouldAccept will be called by CookieManager.put to see whether * or not one cookie should be accepted and put into cookie store. User can use * any of three pre-defined CookiePolicy, namely ACCEPT_ALL, ACCEPT_NONE and * ACCEPT_ORIGINAL_SERVER, or user can define his own CookiePolicy implementation * and tell CookieManager to use it. * </li> * <li> * CookieStore is the place where any accepted HTTP cookie is stored in. * If not specified when created, a CookieManager instance will use an internal * in-memory implementation. Or user can implements one and tell CookieManager * to use it. * </li> * <li> * Currently, only CookieStore.add(URI, HttpCookie) and CookieStore.get(URI) * are used by CookieManager. Others are for completeness and might be needed * by a more sophisticated CookieStore implementation, e.g. a NetscapeCookieSotre. * </li> * </ul> * </blockquote> * * <p>There're various ways user can hook up his own HTTP cookie management behavior, e.g. * <blockquote> * <ul> * <li>Use CookieHandler.setDefault to set a brand new {@link CookieHandler} implementation * <li>Let CookieManager be the default {@link CookieHandler} implementation, * but implement user's own {@link CookieStore} and {@link CookiePolicy} * and tell default CookieManager to use them: * <blockquote><pre> * // this should be done at the beginning of an HTTP session * CookieHandler.setDefault(new CookieManager(new MyCookieStore(), new MyCookiePolicy())); * </pre></blockquote> * <li>Let CookieManager be the default {@link CookieHandler} implementation, but * use customized {@link CookiePolicy}: * <blockquote><pre> * // this should be done at the beginning of an HTTP session * CookieHandler.setDefault(new CookieManager()); * // this can be done at any point of an HTTP session * ((CookieManager)CookieHandler.getDefault()).setCookiePolicy(new MyCookiePolicy()); * </pre></blockquote> * </ul> * </blockquote> * * <p>The implementation conforms to RFC 2965, section 3.3. * * @version %I%, %E% * @author Edward Wang * @since 1.6 */ public class CookieManager extends CookieHandler { /* ---------------- Fields -------------- */ private CookiePolicy policyCallback; private CookieStore cookieJar = null; /* ---------------- Ctors -------------- */ /** * Create a new cookie manager. * * <p>This constructor will create new cookie manager with default * cookie store and accept policy. The effect is same as * <tt>CookieManager(null, null)</tt>. */ public CookieManager() { this(null, null); } /** * Create a new cookie manager with specified cookie store and cookie policy. * * @param store a <tt>CookieStore</tt> to be used by cookie manager. * if <tt>null</tt>, cookie manager will use a default one, * which is an in-memory CookieStore implmentation. * @param cookiePolicy a <tt>CookiePolicy</tt> instance * to be used by cookie manager as policy callback. * if <tt>null</tt>, ACCEPT_ORIGINAL_SERVER will * be used. */ public CookieManager(CookieStore store, CookiePolicy cookiePolicy) { // use default cookie policy if not specify one policyCallback = (cookiePolicy == null) ? CookiePolicy.ACCEPT_ORIGINAL_SERVER : cookiePolicy; // if not specify CookieStore to use, use default one if (store == null) { cookieJar = new sun.net.www.protocol.http.InMemoryCookieStore(); } else { cookieJar = store; } } /* ---------------- Public operations -------------- */ /** * To set the cookie policy of this cookie manager. * * <p> A instance of <tt>CookieManager</tt> will have * cookie policy ACCEPT_ORIGINAL_SERVER by default. Users always * can call this method to set another cookie policy. * * @param cookiePolicy the cookie policy. Can be <tt>null</tt>, which * has no effects on current cookie policy. */ public void setCookiePolicy(CookiePolicy cookiePolicy) { if (cookiePolicy != null) policyCallback = cookiePolicy; } /** * To retrieve current cookie store. * * @return the cookie store currently used by cookie manager. */ public CookieStore getCookieStore() { return cookieJar; } public Map<String, List<String>> get(URI uri, Map<String, List<String>> requestHeaders) throws IOException { // pre-condition check if (uri == null || requestHeaders == null) { throw new IllegalArgumentException("Argument is null"); } Map<String, List<String>> cookieMap = new java.util.HashMap<String, List<String>>(); // if there's no default CookieStore, no way for us to get any cookie if (cookieJar == null) return Collections.unmodifiableMap(cookieMap); List<HttpCookie> cookies = new java.util.ArrayList<HttpCookie>(); for (HttpCookie cookie : cookieJar.get(uri)) { // apply path-matches rule (RFC 2965 sec. 3.3.4) if (pathMatches(uri.getPath(), cookie.getPath())) { cookies.add(cookie); } } // apply sort rule (RFC 2965 sec. 3.3.4) List<String> cookieHeader = sortByPath(cookies); cookieMap.put("Cookie", cookieHeader); return Collections.unmodifiableMap(cookieMap); } public void put(URI uri, Map<String, List<String>> responseHeaders) throws IOException { // pre-condition check if (uri == null || responseHeaders == null) { throw new IllegalArgumentException("Argument is null"); } // if there's no default CookieStore, no need to remember any cookie if (cookieJar == null) return; for (String headerKey : responseHeaders.keySet()) { // RFC 2965 3.2.2, key must be 'Set-Cookie2' // we also accept 'Set-Cookie' here for backward compatibility if (headerKey == null || !(headerKey.equalsIgnoreCase("Set-Cookie2") || headerKey.equalsIgnoreCase("Set-Cookie") ) ) { continue; } for (String headerValue : responseHeaders.get(headerKey)) { try { List<HttpCookie> cookies = HttpCookie.parse(headerValue); for (HttpCookie cookie : cookies) { if (shouldAcceptInternal(uri, cookie)) { cookieJar.add(uri, cookie); } } } catch (IllegalArgumentException e) { // invalid set-cookie header string // no-op } } } } /* ---------------- Private operations -------------- */ // to determine whether or not accept this cookie private boolean shouldAcceptInternal(URI uri, HttpCookie cookie) { try { return policyCallback.shouldAccept(uri, cookie); } catch (Exception ignored) { // pretect against malicious callback return false; } } /* * path-matches algorithm, as defined by RFC 2965 */ private boolean pathMatches(String path, String pathToMatchWith) { if (path == pathToMatchWith) return true; if (path == null || pathToMatchWith == null) return false; if (path.startsWith(pathToMatchWith)) return true; return false; } /* * sort cookies with respect to their path: those with more specific Path attributes * precede those with less specific, as defined in RFC 2965 sec. 3.3.4 */ private List<String> sortByPath(List<HttpCookie> cookies) { Collections.sort(cookies, new CookiePathComparator()); List<String> cookieHeader = new java.util.ArrayList<String>(); for (HttpCookie cookie : cookies) { // Netscape cookie spec and RFC 2965 have different format of Cookie // header; RFC 2965 requires a leading $Version="1" string while Netscape // does not. // The workaround here is to add a $Version="1" string in advance if (cookies.indexOf(cookie) == 0 && cookie.getVersion() > 0) { cookieHeader.add("$Version=\"1\""); } cookieHeader.add(cookie.toString()); } return cookieHeader; } static class CookiePathComparator implements Comparator<HttpCookie> { public int compare(HttpCookie c1, HttpCookie c2) { if (c1 == c2) return 0; if (c1 == null) return -1; if (c2 == null) return 1; // path rule only applies to the cookies with same name if (!c1.getName().equals(c2.getName())) return 0; // those with more specific Path attributes precede those with less specific if (c1.getPath().startsWith(c2.getPath())) return -1; else if (c2.getPath().startsWith(c1.getPath())) return 1; else return 0; } } }
