org.broadleafcommerce.common.security.util

Class GenericCookieUtilsImpl

java.lang.Object

org.broadleafcommerce.common.security.util.GenericCookieUtilsImpl

All Implemented Interfaces:

CookieUtils

@Component(value="blCookieUtils")
public class GenericCookieUtilsImpl
extends Object
implements CookieUtils

Field Summary

Fields

Modifier and Type	Field and Description
protected String	COOKIE_INVALIDATION_PLACEHOLDER_VALUE

Fields inherited from interface org.broadleafcommerce.common.security.util.CookieUtils

CUSTOMER_COOKIE_NAME

Constructor Summary

Constructors

Constructor and Description
GenericCookieUtilsImpl()

Method Summary

Modifier and Type	Method and Description
String	getCookieValue(javax.servlet.http.HttpServletRequest request, String cookieName)
void	invalidateCookie(javax.servlet.http.HttpServletResponse response, String cookieName)
void	setCookieValue(javax.servlet.http.HttpServletResponse response, String cookieName, String cookieValue)
void	setCookieValue(javax.servlet.http.HttpServletResponse response, String cookieName, String cookieValue, String path, Integer maxAge, Boolean isSecure) Uses a cookie value of "CookieInvalidationPlaceholderValue" because the later call to ESAPI#httpUtilities()#addHeader(HttpServletResponse, String, String) fails if the value is null or an empty String.
Boolean	shouldUseSecureCookieIfApplicable() Checks cookies.use.secure System Property, which determines whether to use HTTPS cookie over HTTPS connection or HTTP only.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

COOKIE_INVALIDATION_PLACEHOLDER_VALUE

protected final String COOKIE_INVALIDATION_PLACEHOLDER_VALUE

See Also:

Constant Field Values

Constructor Detail

GenericCookieUtilsImpl

public GenericCookieUtilsImpl()

Method Detail

shouldUseSecureCookieIfApplicable

public Boolean shouldUseSecureCookieIfApplicable()

Description copied from interface: CookieUtils

Checks cookies.use.secure System Property, which determines whether to use HTTPS cookie over HTTPS connection or HTTP only.

Specified by:

shouldUseSecureCookieIfApplicable in interface CookieUtils

Returns:

value of cookies.use.secure

getCookieValue

public String getCookieValue(javax.servlet.http.HttpServletRequest request,
                             String cookieName)

Specified by:

getCookieValue in interface CookieUtils

setCookieValue

public void setCookieValue(javax.servlet.http.HttpServletResponse response,
                           String cookieName,
                           String cookieValue,
                           String path,
                           Integer maxAge,
                           Boolean isSecure)

Description copied from interface: CookieUtils

Uses a cookie value of "CookieInvalidationPlaceholderValue" because the later call to ESAPI#httpUtilities()#addHeader(HttpServletResponse, String, String) fails if the value is null or an empty String. If an empty cookie value is passed, this is considered a request to remove the cookie and maxAge is set to 0 to force the removal. In addition, calls to ESAPI#httpUtilities()#killCookie(HttpServletRequest, HttpServletResponse, String) have shown to be ineffective while this approach for removing cookies works.

Specified by:

setCookieValue in interface CookieUtils

setCookieValue

public void setCookieValue(javax.servlet.http.HttpServletResponse response,
                           String cookieName,
                           String cookieValue)

Specified by:

setCookieValue in interface CookieUtils

invalidateCookie

public void invalidateCookie(javax.servlet.http.HttpServletResponse response,
                             String cookieName)

Specified by:

invalidateCookie in interface CookieUtils