001
014
015 package com.liferay.portal.kernel.servlet;
016
017 import com.liferay.portal.kernel.util.SetUtil;
018 import com.liferay.portal.kernel.util.StringUtil;
019 import com.liferay.portal.kernel.util.SystemProperties;
020
021 import java.util.Set;
022
023 import javax.servlet.http.Cookie;
024 import javax.servlet.http.HttpServletResponse;
025 import javax.servlet.http.HttpServletResponseWrapper;
026
027
030 public class HttpOnlyCookieServletResponse extends HttpServletResponseWrapper {
031
032 public static HttpServletResponse getHttpOnlyCookieServletResponse(
033 HttpServletResponse response) {
034
035 HttpServletResponse wrappedResponse = response;
036
037 while (wrappedResponse instanceof HttpServletResponseWrapper) {
038 if (wrappedResponse instanceof HttpOnlyCookieServletResponse) {
039 return response;
040 }
041
042 HttpServletResponseWrapper httpServletResponseWrapper =
043 (HttpServletResponseWrapper)wrappedResponse;
044
045 wrappedResponse =
046 (HttpServletResponse)httpServletResponseWrapper.getResponse();
047 }
048
049 return new HttpOnlyCookieServletResponse(response);
050 }
051
052 public HttpOnlyCookieServletResponse(HttpServletResponse response) {
053 super(response);
054 }
055
056 @Override
057 public void addCookie(Cookie cookie) {
058 if (!_cookieHttpOnlyCookieNamesExcludes.contains(cookie.getName())) {
059 cookie.setHttpOnly(true);
060 }
061
062 super.addCookie(cookie);
063 }
064
065 private static Set<String> _cookieHttpOnlyCookieNamesExcludes =
066 SetUtil.fromArray(
067 StringUtil.split(
068 SystemProperties.get("cookie.http.only.names.excludes")));
069
070 }