001
014
015 package com.liferay.portal.kernel.servlet;
016
017 import com.liferay.portal.kernel.util.SetUtil;
018 import com.liferay.portal.kernel.util.SystemProperties;
019
020 import java.util.Set;
021
022 import javax.servlet.http.Cookie;
023 import javax.servlet.http.HttpServletResponse;
024 import javax.servlet.http.HttpServletResponseWrapper;
025
026
029 public class HttpOnlyCookieServletResponse extends HttpServletResponseWrapper {
030
031 public static HttpServletResponse getHttpOnlyCookieServletResponse(
032 HttpServletResponse response) {
033
034 HttpServletResponse wrappedResponse = response;
035
036 while (wrappedResponse instanceof HttpServletResponseWrapper) {
037 if (wrappedResponse instanceof HttpOnlyCookieServletResponse) {
038 return response;
039 }
040
041 HttpServletResponseWrapper httpServletResponseWrapper =
042 (HttpServletResponseWrapper)wrappedResponse;
043
044 wrappedResponse =
045 (HttpServletResponse)httpServletResponseWrapper.getResponse();
046 }
047
048 return new HttpOnlyCookieServletResponse(response);
049 }
050
051 public HttpOnlyCookieServletResponse(HttpServletResponse response) {
052 super(response);
053 }
054
055 @Override
056 public void addCookie(Cookie cookie) {
057 if (!_cookieHttpOnlyCookieNamesExcludes.contains(cookie.getName())) {
058 cookie.setHttpOnly(true);
059 }
060
061 super.addCookie(cookie);
062 }
063
064 private static final Set<String> _cookieHttpOnlyCookieNamesExcludes =
065 SetUtil.fromArray(
066 SystemProperties.getArray("cookie.http.only.names.excludes"));
067
068 }