CookieManager.java revision 1929
381N/A * Copyright 2005-2008 Sun Microsystems, Inc. All Rights Reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 0N/A * published by the Free Software Foundation. Sun designates this 0N/A * particular file as subject to the "Classpath" exception as provided 0N/A * by Sun in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 0N/A * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, 0N/A * CA 95054 USA or visit www.sun.com if you need additional information or 0N/A * have any questions. 0N/A * CookieManager provides a concrete implementation of {@link CookieHandler}, 0N/A * which separates the storage of cookies from the policy surrounding accepting 0N/A * and rejecting cookies. A CookieManager is initialized with a {@link CookieStore} 0N/A * which manages storage, and a {@link CookiePolicy} object, which makes 0N/A * <p> The HTTP cookie management in java.net package looks like: 0N/A * CookieHandler <------- HttpURLConnection 0N/A * CookieManager -------> CookiePolicy 0N/A * |--------> HttpCookie 0N/A * |--------> CookieStore 0N/A * Internal in-memory implementation 0N/A * CookieHandler is at the core of cookie management. User can call 0N/A * CookieHandler.setDefault to set a concrete CookieHanlder implementation 0N/A * CookiePolicy.shouldAccept will be called by CookieManager.put to see whether 0N/A * or not one cookie should be accepted and put into cookie store. User can use 0N/A * any of three pre-defined CookiePolicy, namely ACCEPT_ALL, ACCEPT_NONE and 0N/A * ACCEPT_ORIGINAL_SERVER, or user can define his own CookiePolicy implementation 0N/A * and tell CookieManager to use it. 0N/A * CookieStore is the place where any accepted HTTP cookie is stored in. 0N/A * If not specified when created, a CookieManager instance will use an internal 0N/A * in-memory implementation. Or user can implements one and tell CookieManager 0N/A * Currently, only CookieStore.add(URI, HttpCookie) and CookieStore.get(URI) 0N/A * are used by CookieManager. Others are for completeness and might be needed 0N/A * by a more sophisticated CookieStore implementation, e.g. a NetscapeCookieSotre. 0N/A * <p>There're various ways user can hook up his own HTTP cookie management behavior, e.g. 0N/A * <li>Use CookieHandler.setDefault to set a brand new {@link CookieHandler} implementation 0N/A * <li>Let CookieManager be the default {@link CookieHandler} implementation, 0N/A * but implement user's own {@link CookieStore} and {@link CookiePolicy} 0N/A * and tell default CookieManager to use them: 0N/A * // this should be done at the beginning of an HTTP session 0N/A * CookieHandler.setDefault(new CookieManager(new MyCookieStore(), new MyCookiePolicy())); 0N/A * </pre></blockquote> 0N/A * <li>Let CookieManager be the default {@link CookieHandler} implementation, but 0N/A * use customized {@link CookiePolicy}: 0N/A * // this should be done at the beginning of an HTTP session 0N/A * CookieHandler.setDefault(new CookieManager()); 0N/A * // this can be done at any point of an HTTP session 0N/A * ((CookieManager)CookieHandler.getDefault()).setCookiePolicy(new MyCookiePolicy()); 0N/A * </pre></blockquote> 0N/A * @author Edward Wang 0N/A /* ---------------- Fields -------------- */ 0N/A /* ---------------- Ctors -------------- */ 0N/A * Create a new cookie manager. 0N/A * <p>This constructor will create new cookie manager with default 0N/A * cookie store and accept policy. The effect is same as 0N/A * <tt>CookieManager(null, null)</tt>. 0N/A * Create a new cookie manager with specified cookie store and cookie policy. 0N/A * @param store a <tt>CookieStore</tt> to be used by cookie manager. 0N/A * if <tt>null</tt>, cookie manager will use a default one, 0N/A * which is an in-memory CookieStore implmentation. 0N/A * @param cookiePolicy a <tt>CookiePolicy</tt> instance 0N/A * to be used by cookie manager as policy callback. 0N/A * if <tt>null</tt>, ACCEPT_ORIGINAL_SERVER will 0N/A // use default cookie policy if not specify one 0N/A // if not specify CookieStore to use, use default one 0N/A /* ---------------- Public operations -------------- */ 0N/A * To set the cookie policy of this cookie manager. 0N/A * <p> A instance of <tt>CookieManager</tt> will have 0N/A * cookie policy ACCEPT_ORIGINAL_SERVER by default. Users always 0N/A * can call this method to set another cookie policy. 0N/A * @param cookiePolicy the cookie policy. Can be <tt>null</tt>, which 0N/A * has no effects on current cookie policy. 0N/A * To retrieve current cookie store. 0N/A * @return the cookie store currently used by cookie manager. 0N/A // pre-condition check 0N/A // if there's no default CookieStore, no way for us to get any cookie 0N/A // apply path-matches rule (RFC 2965 sec. 3.3.4) 257N/A // and check for the possible "secure" tag (i.e. don't send 257N/A // 'secure' cookies over unsecure links) 1788N/A // Enforce httponly attribute 257N/A // Let's check the authorize port list if it exists 0N/A // apply sort rule (RFC 2965 sec. 3.3.4) 0N/A // pre-condition check 0N/A // if there's no default CookieStore, no need to remember any cookie 0N/A // RFC 2965 3.2.2, key must be 'Set-Cookie2' 0N/A // we also accept 'Set-Cookie' here for backward compatibility 1929N/A // Bogus header, make an empty list and log the error 257N/A // If no path is specified, then by default 1248N/A // As per RFC 2965, section 3.3.1: 1248N/A // Domain Defaults to the effective request-host. (Note that because 1248N/A // there is no dot at the beginning of effective request-host, 1248N/A // the default Domain can only domain-match itself.) 257N/A // Empty port list means this should be restricted 257N/A // to the incoming URI port 257N/A // Only store cookies with a port list 257N/A // IF the URI port is in that list, as per 257N/A // RFC 2965 section 3.3.2 0N/A // invalid set-cookie header string 0N/A /* ---------------- Private operations -------------- */ 0N/A // to determine whether or not accept this cookie 0N/A * path-matches algorithm, as defined by RFC 2965 0N/A * sort cookies with respect to their path: those with more specific Path attributes 0N/A * precede those with less specific, as defined in RFC 2965 sec. 3.3.4 0N/A // Netscape cookie spec and RFC 2965 have different format of Cookie 0N/A // header; RFC 2965 requires a leading $Version="1" string while Netscape 0N/A // The workaround here is to add a $Version="1" string in advance 0N/A // path rule only applies to the cookies with same name 0N/A // those with more specific Path attributes precede those with less specific