001
014
015 package com.liferay.portal.kernel.servlet;
016
017 import com.liferay.portal.kernel.util.PropsKeys;
018 import com.liferay.portal.kernel.util.PropsUtil;
019 import com.liferay.portal.kernel.util.SetUtil;
020
021 import java.util.Set;
022
023 import javax.servlet.http.Cookie;
024 import javax.servlet.http.HttpServletResponse;
025 import javax.servlet.http.HttpServletResponseWrapper;
026
027
030 public class HttpOnlyCookieServletResponse extends HttpServletResponseWrapper {
031
032 public HttpOnlyCookieServletResponse(HttpServletResponse response) {
033 super(response);
034 }
035
036 @Override
037 public void addCookie(Cookie cookie) {
038 if (!_cookieHttpOnlyCookieNamesExcludes.contains(cookie.getName())) {
039 cookie.setHttpOnly(true);
040 }
041
042 super.addCookie(cookie);
043 }
044
045 private static Set<String> _cookieHttpOnlyCookieNamesExcludes =
046 SetUtil.fromArray(
047 PropsUtil.getArray(PropsKeys.COOKIE_HTTP_ONLY_NAMES_EXCLUDES));
048
049 }