SEC-2569: SavedRequestAwareWrapper no longer overrides getCookies()
Previously SavedRequestAwareWrapper overrode the getCookies() method. This meant that the cookies from the original request were used instead of the new request. In general, this does not make sense since cookies are automatically submitted in every request by a client. Additionally, this caused problems with using a locale cookie that was specified after the secured page was requested. Now SavedRequestAwareWrapper uses the new incoming request for determining the cookies.
This commit is contained in:
@@ -23,13 +23,16 @@ public class SavedRequestAwareWrapperTests {
|
||||
return new SavedRequestAwareWrapper(saved, requestToWrap);
|
||||
}
|
||||
|
||||
// SEC-2569
|
||||
@Test
|
||||
public void savedRequestCookiesAreReturnedIfSavedRequestIsSet() throws Exception {
|
||||
public void savedRequestCookiesAreIgnored() throws Exception {
|
||||
MockHttpServletRequest newRequest = new MockHttpServletRequest();
|
||||
newRequest.setCookies(new Cookie[] {new Cookie("cookie", "fromnew")});
|
||||
MockHttpServletRequest savedRequest = new MockHttpServletRequest();
|
||||
savedRequest.setCookies(new Cookie[] {new Cookie("cookie", "fromsaved")});
|
||||
SavedRequestAwareWrapper wrapper = createWrapper(savedRequest, new MockHttpServletRequest());
|
||||
SavedRequestAwareWrapper wrapper = createWrapper(savedRequest, newRequest);
|
||||
assertEquals(1, wrapper.getCookies().length);
|
||||
assertEquals("fromsaved", wrapper.getCookies()[0].getValue());
|
||||
assertEquals("fromnew", wrapper.getCookies()[0].getValue());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
Reference in New Issue
Block a user