Coverage Report

Coverage Report - org.apache.shiro.web.servlet.SimpleCookie

Classes in this File

Line Coverage

Branch Coverage

Complexity

SimpleCookie

86%

131/151

77%

28/36

1.583

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.shiro.web.servlet;
 
 import org.apache.shiro.util.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.text.DateFormat;
 import java.text.SimpleDateFormat;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.Locale;
 import java.util.TimeZone;
 
 /**
  * Default {@link Cookie Cookie} implementation.  'HttpOnly' is supported out of the box, even on
  * Servlet {@code 2.4} and {@code 2.5} container implementations, using raw header writing logic and not
  * {@link javax.servlet.http.Cookie javax.servlet.http.Cookie} objects (which only has 'HttpOnly' support in Servlet
  * {@code 2.6} specifications and above).
  *
  * @since 1.0
  */
 public class SimpleCookie implements Cookie {
 
     /**
      * {@code -1}, indicating the cookie should expire when the browser closes.
      */
     public static final int DEFAULT_MAX_AGE = -1;
 
     /**
      * {@code -1} indicating that no version property should be set on the cookie.
      */
     public static final int DEFAULT_VERSION = -1;
 
     //These constants are protected on purpose so that the test case can use them
     protected static final String NAME_VALUE_DELIMITER = "=";
     protected static final String ATTRIBUTE_DELIMITER = "; ";
     protected static final long DAY_MILLIS = 86400000; //1 day = 86,400,000 milliseconds
     protected static final String GMT_TIME_ZONE_ID = "GMT";
     protected static final String COOKIE_DATE_FORMAT_STRING = "EEE, dd-MMM-yyyy HH:mm:ss z";
 
     protected static final String COOKIE_HEADER_NAME = "Set-Cookie";
     protected static final String PATH_ATTRIBUTE_NAME = "Path";
     protected static final String EXPIRES_ATTRIBUTE_NAME = "Expires";
     protected static final String MAXAGE_ATTRIBUTE_NAME = "Max-Age";
     protected static final String DOMAIN_ATTRIBUTE_NAME = "Domain";
     protected static final String VERSION_ATTRIBUTE_NAME = "Version";
     protected static final String COMMENT_ATTRIBUTE_NAME = "Comment";
     protected static final String SECURE_ATTRIBUTE_NAME = "Secure";
     protected static final String HTTP_ONLY_ATTRIBUTE_NAME = "HttpOnly";
 
     private static final transient Logger log = LoggerFactory.getLogger(SimpleCookie.class);
 
     private String name;
     private String value;
     private String comment;
     private String domain;
     private String path;
     private int maxAge;
     private int version;
     private boolean secure;
     private boolean httpOnly;
 
     public SimpleCookie() {
         this.maxAge = DEFAULT_MAX_AGE;
         this.version = DEFAULT_VERSION;
         this.httpOnly = true; //most of the cookies ever used by Shiro should be as secure as possible.
     }
 
     public SimpleCookie(String name) {
         this();
         this.name = name;
     }
 
     public SimpleCookie(Cookie cookie) {
         this.name = cookie.getName();
         this.value = cookie.getValue();
         this.comment = cookie.getComment();
         this.domain = cookie.getDomain();
         this.path = cookie.getPath();
         this.maxAge = Math.max(DEFAULT_MAX_AGE, cookie.getMaxAge());
         this.version = Math.max(DEFAULT_VERSION, cookie.getVersion());
         this.secure = cookie.isSecure();
         this.httpOnly = cookie.isHttpOnly();
     }
 
     public String getName() {
         return name;
     }
 
     public void setName(String name) {
         if (!StringUtils.hasText(name)) {
             throw new IllegalArgumentException("Name cannot be null/empty.");
         }
         this.name = name;
     }
 
     public String getValue() {
         return value;
     }
 
     public void setValue(String value) {
         this.value = value;
     }
 
     public String getComment() {
         return comment;
     }
 
     public void setComment(String comment) {
         this.comment = comment;
     }
 
     public String getDomain() {
         return domain;
     }
 
     public void setDomain(String domain) {
         this.domain = domain;
     }
 
     public String getPath() {
         return path;
     }
 
     public void setPath(String path) {
         this.path = path;
     }
 
     public int getMaxAge() {
         return maxAge;
     }
 
     public void setMaxAge(int maxAge) {
         this.maxAge = Math.max(DEFAULT_MAX_AGE, maxAge);
     }
 
     public int getVersion() {
         return version;
     }
 
     public void setVersion(int version) {
         this.version = Math.max(DEFAULT_VERSION, version);
     }
 
     public boolean isSecure() {
         return secure;
     }
 
     public void setSecure(boolean secure) {
         this.secure = secure;
     }
 
     public boolean isHttpOnly() {
         return httpOnly;
     }
 
     public void setHttpOnly(boolean httpOnly) {
         this.httpOnly = httpOnly;
     }
 
     /**
      * Returns the Cookie's calculated path setting.  If the {@link javax.servlet.http.Cookie#getPath() path} is {@code null}, then the
      * {@code request}'s {@link javax.servlet.http.HttpServletRequest#getContextPath() context path}
      * will be returned. If getContextPath() is the empty string or null then the ROOT_PATH constant is returned.
      *
      * @param request the incoming HttpServletRequest
      * @return the path to be used as the path when the cookie is created or removed
      */
     private String calculatePath(HttpServletRequest request) {
         String path = StringUtils.clean(getPath());
         if (!StringUtils.hasText(path)) {
             path = StringUtils.clean(request.getContextPath());
         }
 
         //fix for http://issues.apache.org/jira/browse/SHIRO-9:
         if (path == null) {
             path = ROOT_PATH;
         }
         log.trace("calculated path: {}", path);
         return path;
     }
 
     public void saveTo(HttpServletRequest request, HttpServletResponse response) {
 
         String name = getName();
         String value = getValue();
         String comment = getComment();
         String domain = getDomain();
         String path = calculatePath(request);
         int maxAge = getMaxAge();
         int version = getVersion();
         boolean secure = isSecure();
         boolean httpOnly = isHttpOnly();
 
         addCookieHeader(response, name, value, comment, domain, path, maxAge, version, secure, httpOnly);
     }
 
     private void addCookieHeader(HttpServletResponse response, String name, String value, String comment,
                                  String domain, String path, int maxAge, int version,
                                  boolean secure, boolean httpOnly) {
 
         String headerValue = buildHeaderValue(name, value, comment, domain, path, maxAge, version, secure, httpOnly);
         response.addHeader(COOKIE_HEADER_NAME, headerValue);
 
         if (log.isDebugEnabled()) {
             log.debug("Added HttpServletResponse Cookie [{}]", headerValue);
         }
     }
 
     /*
      * This implementation followed the grammar defined here for convenience:
      * <a href="http://github.com/abarth/http-state/blob/master/notes/2009-11-07-Yui-Naruse.txt">Cookie grammar</a>.
      *
      * @return the 'Set-Cookie' header value for this cookie instance.
      */
 
     protected String buildHeaderValue(String name, String value, String comment,
                                       String domain, String path, int maxAge, int version,
                                       boolean secure, boolean httpOnly) {
 
         if (!StringUtils.hasText(name)) {
             throw new IllegalStateException("Cookie name cannot be null/empty.");
         }
 
         StringBuilder sb = new StringBuilder(name).append(NAME_VALUE_DELIMITER);
 
         if (StringUtils.hasText(value)) {
             sb.append(value);
         }
 
         appendComment(sb, comment);
         appendDomain(sb, domain);
         appendPath(sb, path);
         appendExpires(sb, maxAge);
         appendVersion(sb, version);
         appendSecure(sb, secure);
         appendHttpOnly(sb, httpOnly);
 
         return sb.toString();
 
     }
 
     private void appendComment(StringBuilder sb, String comment) {
         if (StringUtils.hasText(comment)) {
             sb.append(ATTRIBUTE_DELIMITER);
             sb.append(COMMENT_ATTRIBUTE_NAME).append(NAME_VALUE_DELIMITER).append(comment);
         }
     }
 
     private void appendDomain(StringBuilder sb, String domain) {
         if (StringUtils.hasText(domain)) {
             sb.append(ATTRIBUTE_DELIMITER);
             sb.append(DOMAIN_ATTRIBUTE_NAME).append(NAME_VALUE_DELIMITER).append(domain);
         }
     }
 
     private void appendPath(StringBuilder sb, String path) {
         if (StringUtils.hasText(path)) {
             sb.append(ATTRIBUTE_DELIMITER);
             sb.append(PATH_ATTRIBUTE_NAME).append(NAME_VALUE_DELIMITER).append(path);
         }
     }
 
     private void appendExpires(StringBuilder sb, int maxAge) {
         // if maxAge is negative, cookie should should expire when browser closes
         // Don't write the maxAge cookie value if it's negative - at least on Firefox it'll cause the 
         // cookie to be deleted immediately
         // Write the expires header used by older browsers, but may be unnecessary
         // and it is not by the spec, see http://www.faqs.org/rfcs/rfc2965.html
         // TODO consider completely removing the following 
         if (maxAge >= 0) {
             sb.append(ATTRIBUTE_DELIMITER);
             sb.append(MAXAGE_ATTRIBUTE_NAME).append(NAME_VALUE_DELIMITER).append(maxAge);
             sb.append(ATTRIBUTE_DELIMITER);
             Date expires;
             if (maxAge == 0) {
                 //delete the cookie by specifying a time in the past (1 day ago):
                 expires = new Date(System.currentTimeMillis() - DAY_MILLIS);
             } else {
                 //Value is in seconds.  So take 'now' and add that many seconds, and that's our expiration date:
                 Calendar cal = Calendar.getInstance();
                 cal.add(Calendar.SECOND, maxAge);
                 expires = cal.getTime();
             }
             String formatted = toCookieDate(expires);
             sb.append(EXPIRES_ATTRIBUTE_NAME).append(NAME_VALUE_DELIMITER).append(formatted);
         }
     }
 
     private void appendVersion(StringBuilder sb, int version) {
         if (version > DEFAULT_VERSION) {
             sb.append(ATTRIBUTE_DELIMITER);
             sb.append(VERSION_ATTRIBUTE_NAME).append(NAME_VALUE_DELIMITER).append(version);
         }
     }
 
     private void appendSecure(StringBuilder sb, boolean secure) {
         if (secure) {
             sb.append(ATTRIBUTE_DELIMITER);
             sb.append(SECURE_ATTRIBUTE_NAME); //No value for this attribute
         }
     }
 
     private void appendHttpOnly(StringBuilder sb, boolean httpOnly) {
         if (httpOnly) {
             sb.append(ATTRIBUTE_DELIMITER);
             sb.append(HTTP_ONLY_ATTRIBUTE_NAME); //No value for this attribute
         }
     }
 
     /**
      * Formats a date into a cookie date compatible string (Netscape's specification).
      *
      * @param date the date to format
      * @return an HTTP 1.0/1.1 Cookie compatible date string (GMT-based).
      */
     private static String toCookieDate(Date date) {
         TimeZone tz = TimeZone.getTimeZone(GMT_TIME_ZONE_ID);
         DateFormat fmt = new SimpleDateFormat(COOKIE_DATE_FORMAT_STRING, Locale.US);
         fmt.setTimeZone(tz);
         return fmt.format(date);
     }
 
     public void removeFrom(HttpServletRequest request, HttpServletResponse response) {
         String name = getName();
         String value = DELETED_COOKIE_VALUE;
         String comment = null; //don't need to add extra size to the response - comments are irrelevant for deletions
         String domain = getDomain();
         String path = calculatePath(request);
         int maxAge = 0; //always zero for deletion
         int version = getVersion();
         boolean secure = isSecure();
         boolean httpOnly = false; //no need to add the extra text, plus the value 'deleteMe' is not sensitive at all
 
         addCookieHeader(response, name, value, comment, domain, path, maxAge, version, secure, httpOnly);
 
         log.trace("Removed '{}' cookie by setting maxAge=0", name);
     }
 
     public String readValue(HttpServletRequest request, HttpServletResponse ignored) {
         String name = getName();
         String value = null;
         javax.servlet.http.Cookie cookie = getCookie(request, name);
         if (cookie != null) {
             value = cookie.getValue();
             log.debug("Found '{}' cookie value [{}]", name, value);
         } else {
             log.trace("No '{}' cookie value", name);
         }
 
         return value;
     }
 
     /**
      * Returns the cookie with the given name from the request or {@code null} if no cookie
      * with that name could be found.
      *
      * @param request    the current executing http request.
      * @param cookieName the name of the cookie to find and return.
      * @return the cookie with the given name from the request or {@code null} if no cookie
      *         with that name could be found.
      */
     private static javax.servlet.http.Cookie getCookie(HttpServletRequest request, String cookieName) {
         javax.servlet.http.Cookie cookies[] = request.getCookies();
         if (cookies != null) {
             for (javax.servlet.http.Cookie cookie : cookies) {
                 if (cookie.getName().equals(cookieName)) {
                     return cookie;
                 }
             }
         }
         return null;
     }
 }

1		/*
2		* Licensed to the Apache Software Foundation (ASF) under one
3		* or more contributor license agreements. See the NOTICE file
4		* distributed with this work for additional information
5		* regarding copyright ownership. The ASF licenses this file
6		* to you under the Apache License, Version 2.0 (the
7		* "License"); you may not use this file except in compliance
8		* with the License. You may obtain a copy of the License at
9		*
10		* http://www.apache.org/licenses/LICENSE-2.0
11		*
12		* Unless required by applicable law or agreed to in writing,
13		* software distributed under the License is distributed on an
14		* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15		* KIND, either express or implied. See the License for the
16		* specific language governing permissions and limitations
17		* under the License.
18		*/
19		package org.apache.shiro.web.servlet;
20
21		import org.apache.shiro.util.StringUtils;
22		import org.slf4j.Logger;
23		import org.slf4j.LoggerFactory;
24
25		import javax.servlet.http.HttpServletRequest;
26		import javax.servlet.http.HttpServletResponse;
27		import java.text.DateFormat;
28		import java.text.SimpleDateFormat;
29		import java.util.Calendar;
30		import java.util.Date;
31		import java.util.Locale;
32		import java.util.TimeZone;
33
34		/**
35		* Default {@link Cookie Cookie} implementation. 'HttpOnly' is supported out of the box, even on
36		* Servlet {@code 2.4} and {@code 2.5} container implementations, using raw header writing logic and not
37		* {@link javax.servlet.http.Cookie javax.servlet.http.Cookie} objects (which only has 'HttpOnly' support in Servlet
38		* {@code 2.6} specifications and above).
39		*
40		* @since 1.0
41		*/
42		public class SimpleCookie implements Cookie {
43
44		/**
45		* {@code -1}, indicating the cookie should expire when the browser closes.
46		*/
47		public static final int DEFAULT_MAX_AGE = -1;
48
49		/**
50		* {@code -1} indicating that no version property should be set on the cookie.
51		*/
52		public static final int DEFAULT_VERSION = -1;
53
54		//These constants are protected on purpose so that the test case can use them
55		protected static final String NAME_VALUE_DELIMITER = "=";
56		protected static final String ATTRIBUTE_DELIMITER = "; ";
57		protected static final long DAY_MILLIS = 86400000; //1 day = 86,400,000 milliseconds
58		protected static final String GMT_TIME_ZONE_ID = "GMT";
59		protected static final String COOKIE_DATE_FORMAT_STRING = "EEE, dd-MMM-yyyy HH:mm:ss z";
60
61		protected static final String COOKIE_HEADER_NAME = "Set-Cookie";
62		protected static final String PATH_ATTRIBUTE_NAME = "Path";
63		protected static final String EXPIRES_ATTRIBUTE_NAME = "Expires";
64		protected static final String MAXAGE_ATTRIBUTE_NAME = "Max-Age";
65		protected static final String DOMAIN_ATTRIBUTE_NAME = "Domain";
66		protected static final String VERSION_ATTRIBUTE_NAME = "Version";
67		protected static final String COMMENT_ATTRIBUTE_NAME = "Comment";
68		protected static final String SECURE_ATTRIBUTE_NAME = "Secure";
69		protected static final String HTTP_ONLY_ATTRIBUTE_NAME = "HttpOnly";
70
71	1	private static final transient Logger log = LoggerFactory.getLogger(SimpleCookie.class);
72
73		private String name;
74		private String value;
75		private String comment;
76		private String domain;
77		private String path;
78		private int maxAge;
79		private int version;
80		private boolean secure;
81		private boolean httpOnly;
82
83	41	public SimpleCookie() {
84	41	this.maxAge = DEFAULT_MAX_AGE;
85	41	this.version = DEFAULT_VERSION;
86	41	this.httpOnly = true; //most of the cookies ever used by Shiro should be as secure as possible.
87	41	}
88
89		public SimpleCookie(String name) {
90	40	this();
91	40	this.name = name;
92	40	}
93
94	5	public SimpleCookie(Cookie cookie) {
95	5	this.name = cookie.getName();
96	5	this.value = cookie.getValue();
97	5	this.comment = cookie.getComment();
98	5	this.domain = cookie.getDomain();
99	5	this.path = cookie.getPath();
100	5	this.maxAge = Math.max(DEFAULT_MAX_AGE, cookie.getMaxAge());
101	5	this.version = Math.max(DEFAULT_VERSION, cookie.getVersion());
102	5	this.secure = cookie.isSecure();
103	5	this.httpOnly = cookie.isHttpOnly();
104	5	}
105
106		public String getName() {
107	31	return name;
108		}
109
110		public void setName(String name) {
111	0	if (!StringUtils.hasText(name)) {
112	0	throw new IllegalArgumentException("Name cannot be null/empty.");
113		}
114	0	this.name = name;
115	0	}
116
117		public String getValue() {
118	10	return value;
119		}
120
121		public void setValue(String value) {
122	7	this.value = value;
123	7	}
124
125		public String getComment() {
126	10	return comment;
127		}
128
129		public void setComment(String comment) {
130	0	this.comment = comment;
131	0	}
132
133		public String getDomain() {
134	14	return domain;
135		}
136
137		public void setDomain(String domain) {
138	0	this.domain = domain;
139	0	}
140
141		public String getPath() {
142	14	return path;
143		}
144
145		public void setPath(String path) {
146	0	this.path = path;
147	0	}
148
149		public int getMaxAge() {
150	10	return maxAge;
151		}
152
153		public void setMaxAge(int maxAge) {
154	19	this.maxAge = Math.max(DEFAULT_MAX_AGE, maxAge);
155	19	}
156
157		public int getVersion() {
158	14	return version;
159		}
160
161		public void setVersion(int version) {
162	0	this.version = Math.max(DEFAULT_VERSION, version);
163	0	}
164
165		public boolean isSecure() {
166	14	return secure;
167		}
168
169		public void setSecure(boolean secure) {
170	0	this.secure = secure;
171	0	}
172
173		public boolean isHttpOnly() {
174	10	return httpOnly;
175		}
176
177		public void setHttpOnly(boolean httpOnly) {
178	37	this.httpOnly = httpOnly;
179	37	}
180
181		/**
182		* Returns the Cookie's calculated path setting. If the {@link javax.servlet.http.Cookie#getPath() path} is {@code null}, then the
183		* {@code request}'s {@link javax.servlet.http.HttpServletRequest#getContextPath() context path}
184		* will be returned. If getContextPath() is the empty string or null then the ROOT_PATH constant is returned.
185		*
186		* @param request the incoming HttpServletRequest
187		* @return the path to be used as the path when the cookie is created or removed
188		*/
189		private String calculatePath(HttpServletRequest request) {
190	11	String path = StringUtils.clean(getPath());
191	11	if (!StringUtils.hasText(path)) {
192	10	path = StringUtils.clean(request.getContextPath());
193		}
194
195		//fix for http://issues.apache.org/jira/browse/SHIRO-9:
196	11	if (path == null) {
197	7	path = ROOT_PATH;
198		}
199	11	log.trace("calculated path: {}", path);
200	11	return path;
201		}
202
203		public void saveTo(HttpServletRequest request, HttpServletResponse response) {
204
205	7	String name = getName();
206	7	String value = getValue();
207	7	String comment = getComment();
208	7	String domain = getDomain();
209	7	String path = calculatePath(request);
210	7	int maxAge = getMaxAge();
211	7	int version = getVersion();
212	7	boolean secure = isSecure();
213	7	boolean httpOnly = isHttpOnly();
214
215	7	addCookieHeader(response, name, value, comment, domain, path, maxAge, version, secure, httpOnly);
216	7	}
217
218		private void addCookieHeader(HttpServletResponse response, String name, String value, String comment,
219		String domain, String path, int maxAge, int version,
220		boolean secure, boolean httpOnly) {
221
222	11	String headerValue = buildHeaderValue(name, value, comment, domain, path, maxAge, version, secure, httpOnly);
223	11	response.addHeader(COOKIE_HEADER_NAME, headerValue);
224
225	11	if (log.isDebugEnabled()) {
226	11	log.debug("Added HttpServletResponse Cookie [{}]", headerValue);
227		}
228	11	}
229
230		/*
231		* This implementation followed the grammar defined here for convenience:
232		* <a href="http://github.com/abarth/http-state/blob/master/notes/2009-11-07-Yui-Naruse.txt">Cookie grammar</a>.
233		*
234		* @return the 'Set-Cookie' header value for this cookie instance.
235		*/
236
237		protected String buildHeaderValue(String name, String value, String comment,
238		String domain, String path, int maxAge, int version,
239		boolean secure, boolean httpOnly) {
240
241	12	if (!StringUtils.hasText(name)) {
242	0	throw new IllegalStateException("Cookie name cannot be null/empty.");
243		}
244
245	12	StringBuilder sb = new StringBuilder(name).append(NAME_VALUE_DELIMITER);
246
247	12	if (StringUtils.hasText(value)) {
248	12	sb.append(value);
249		}
250
251	12	appendComment(sb, comment);
252	12	appendDomain(sb, domain);
253	12	appendPath(sb, path);
254	12	appendExpires(sb, maxAge);
255	12	appendVersion(sb, version);
256	12	appendSecure(sb, secure);
257	12	appendHttpOnly(sb, httpOnly);
258
259	12	return sb.toString();
260
261		}
262
263		private void appendComment(StringBuilder sb, String comment) {
264	12	if (StringUtils.hasText(comment)) {
265	1	sb.append(ATTRIBUTE_DELIMITER);
266	1	sb.append(COMMENT_ATTRIBUTE_NAME).append(NAME_VALUE_DELIMITER).append(comment);
267		}
268	12	}
269
270		private void appendDomain(StringBuilder sb, String domain) {
271	12	if (StringUtils.hasText(domain)) {
272	1	sb.append(ATTRIBUTE_DELIMITER);
273	1	sb.append(DOMAIN_ATTRIBUTE_NAME).append(NAME_VALUE_DELIMITER).append(domain);
274		}
275	12	}
276
277		private void appendPath(StringBuilder sb, String path) {
278	12	if (StringUtils.hasText(path)) {
279	12	sb.append(ATTRIBUTE_DELIMITER);
280	12	sb.append(PATH_ATTRIBUTE_NAME).append(NAME_VALUE_DELIMITER).append(path);
281		}
282	12	}
283
284		private void appendExpires(StringBuilder sb, int maxAge) {
285		// if maxAge is negative, cookie should should expire when browser closes
286		// Don't write the maxAge cookie value if it's negative - at least on Firefox it'll cause the
287		// cookie to be deleted immediately
288		// Write the expires header used by older browsers, but may be unnecessary
289		// and it is not by the spec, see http://www.faqs.org/rfcs/rfc2965.html
290		// TODO consider completely removing the following
291	12	if (maxAge >= 0) {
292	5	sb.append(ATTRIBUTE_DELIMITER);
293	5	sb.append(MAXAGE_ATTRIBUTE_NAME).append(NAME_VALUE_DELIMITER).append(maxAge);
294	5	sb.append(ATTRIBUTE_DELIMITER);
295		Date expires;
296	5	if (maxAge == 0) {
297		//delete the cookie by specifying a time in the past (1 day ago):
298	5	expires = new Date(System.currentTimeMillis() - DAY_MILLIS);
299		} else {
300		//Value is in seconds. So take 'now' and add that many seconds, and that's our expiration date:
301	0	Calendar cal = Calendar.getInstance();
302	0	cal.add(Calendar.SECOND, maxAge);
303	0	expires = cal.getTime();
304		}
305	5	String formatted = toCookieDate(expires);
306	5	sb.append(EXPIRES_ATTRIBUTE_NAME).append(NAME_VALUE_DELIMITER).append(formatted);
307		}
308	12	}
309
310		private void appendVersion(StringBuilder sb, int version) {
311	12	if (version > DEFAULT_VERSION) {
312	0	sb.append(ATTRIBUTE_DELIMITER);
313	0	sb.append(VERSION_ATTRIBUTE_NAME).append(NAME_VALUE_DELIMITER).append(version);
314		}
315	12	}
316
317		private void appendSecure(StringBuilder sb, boolean secure) {
318	12	if (secure) {
319	1	sb.append(ATTRIBUTE_DELIMITER);
320	1	sb.append(SECURE_ATTRIBUTE_NAME); //No value for this attribute
321		}
322	12	}
323
324		private void appendHttpOnly(StringBuilder sb, boolean httpOnly) {
325	12	if (httpOnly) {
326	7	sb.append(ATTRIBUTE_DELIMITER);
327	7	sb.append(HTTP_ONLY_ATTRIBUTE_NAME); //No value for this attribute
328		}
329	12	}
330
331		/**
332		* Formats a date into a cookie date compatible string (Netscape's specification).
333		*
334		* @param date the date to format
335		* @return an HTTP 1.0/1.1 Cookie compatible date string (GMT-based).
336		*/
337		private static String toCookieDate(Date date) {
338	5	TimeZone tz = TimeZone.getTimeZone(GMT_TIME_ZONE_ID);
339	5	DateFormat fmt = new SimpleDateFormat(COOKIE_DATE_FORMAT_STRING, Locale.US);
340	5	fmt.setTimeZone(tz);
341	5	return fmt.format(date);
342		}
343
344		public void removeFrom(HttpServletRequest request, HttpServletResponse response) {
345	4	String name = getName();
346	4	String value = DELETED_COOKIE_VALUE;
347	4	String comment = null; //don't need to add extra size to the response - comments are irrelevant for deletions
348	4	String domain = getDomain();
349	4	String path = calculatePath(request);
350	4	int maxAge = 0; //always zero for deletion
351	4	int version = getVersion();
352	4	boolean secure = isSecure();
353	4	boolean httpOnly = false; //no need to add the extra text, plus the value 'deleteMe' is not sensitive at all
354
355	4	addCookieHeader(response, name, value, comment, domain, path, maxAge, version, secure, httpOnly);
356
357	4	log.trace("Removed '{}' cookie by setting maxAge=0", name);
358	4	}
359
360		public String readValue(HttpServletRequest request, HttpServletResponse ignored) {
361	13	String name = getName();
362	13	String value = null;
363	13	javax.servlet.http.Cookie cookie = getCookie(request, name);
364	13	if (cookie != null) {
365	4	value = cookie.getValue();
366	4	log.debug("Found '{}' cookie value [{}]", name, value);
367		} else {
368	9	log.trace("No '{}' cookie value", name);
369		}
370
371	13	return value;
372		}
373
374		/**
375		* Returns the cookie with the given name from the request or {@code null} if no cookie
376		* with that name could be found.
377		*
378		* @param request the current executing http request.
379		* @param cookieName the name of the cookie to find and return.
380		* @return the cookie with the given name from the request or {@code null} if no cookie
381		* with that name could be found.
382		*/
383		private static javax.servlet.http.Cookie getCookie(HttpServletRequest request, String cookieName) {
384	13	javax.servlet.http.Cookie cookies[] = request.getCookies();
385	13	if (cookies != null) {
386	6	for (javax.servlet.http.Cookie cookie : cookies) {
387	5	if (cookie.getName().equals(cookieName)) {
388	4	return cookie;
389		}
390		}
391		}
392	9	return null;
393		}
394		}