1 package com.atlassian.seraph.util;
2
3 import com.atlassian.seraph.cookie.CookieEncoder;
4 import com.atlassian.seraph.cookie.CookieFactory;
5 import com.atlassian.seraph.cookie.InsecureCookieEncoder;
6
7 import javax.servlet.http.Cookie;
8 import javax.servlet.http.HttpServletRequest;
9 import javax.servlet.http.HttpServletResponse;
10
11 /**
12 * Seraph utility class for dealing with cookies.
13 * <p>
14 * Includes code from Jive 1.2.4 (released under the Apache license)
15 * <p>
16 *
17 * @deprecated use a {@link CookieHandler}, {@link CookieEncoder} or {@link CookieDecoder} instead.
18 */
19 public class CookieUtils
20 {
21 // the key which represents the list of cookies to add for this request (in case of redirect)
22 public static final String COOKIES_TO_SEND = "atlassian.core.web.cookies.unsent";
23
24 /**
25 * for backwards compatibility we use the insecure version
26 */
27 private static final InsecureCookieEncoder cookieEncoder = new InsecureCookieEncoder();
28
29 /**
30 * Invalidate the specified cookie and delete it from the response object.
31 *
32 * @param response
33 * The HttpServletResponse object, known as "response" in a JSP page.
34 * @param cookieName
35 * The name of the cookie you want to delete.
36 * @param path
37 * of the path the cookie you want to delete.
38 * @deprecated Since 0.10, use {@link com.atlassian.seraph.cookie.CookieHandler} instead
39 */
40 public static void invalidateCookie(final HttpServletRequest request, final HttpServletResponse response, final String cookieName, final String path)
41 {
42 CookieFactory.getCookieHandler().invalidateCookie(request, response, cookieName, path);
43 }
44
45 /**
46 * Invalidate the specified cookie and delete it from the response object. Deletes only cookies mapped against the root "/" path. Otherwise use
47 * {@link #invalidateCookie(HttpServletRequest, HttpServletResponse, String, String)}
48 *
49 * @param response
50 * The HttpServletResponse object, known as "response" in a JSP page.
51 * @param cookieName
52 * The name of the cookie you want to delete.
53 * @see #invalidateCookie(HttpServletRequest, HttpServletResponse, String, String)
54 * @deprecated Since 0.10, use {@link com.atlassian.seraph.cookie.CookieHandler} instead
55 */
56 public static void invalidateCookie(final HttpServletRequest request, final HttpServletResponse response, final String cookieName)
57 {
58 CookieFactory.getCookieHandler().invalidateCookie(request, response, cookieName, "/");
59 }
60
61 /**
62 * Returns the specified Cookie object, or null if the cookie does not exist.
63 *
64 * @param request
65 * The HttpServletRequest object, known as "request" in a JSP page.
66 * @param name
67 * the name of the cookie.
68 * @return the Cookie object if it exists, otherwise null.
69 * @deprecated Since 0.10, use {@link com.atlassian.seraph.cookie.CookieHandler} instead
70 */
71 public static Cookie getCookie(final HttpServletRequest request, final String name)
72 {
73 return CookieFactory.getCookieHandler().getCookie(request, name);
74 }
75
76 /**
77 * Sets a cookie This will also put the cookie in a list of cookies to send with this request's response (so that in case of a redirect occurring
78 * down the chain, the first filter will always try to set this cookie again) The cookie secure flag is set if the request is secure.
79 *
80 * @deprecated Since 0.10, use {@link com.atlassian.seraph.cookie.CookieHandler} instead
81 */
82 public static Cookie setCookie(final HttpServletRequest request, final HttpServletResponse response, final String name, final String value, final int maxAge, final String path)
83 {
84 return CookieFactory.getCookieHandler().setCookie(request, response, name, value, maxAge, path);
85 }
86
87 /**
88 * Returns the value of the specified cookie as a String. If the cookie does not exist, the method returns null.
89 *
90 * @param request
91 * the HttpServletRequest object, known as "request" in a JSP page.
92 * @param name
93 * the name of the cookie
94 * @return the value of the cookie, or null if the cookie does not exist.
95 * @deprecated Since 0.10, use {@link com.atlassian.seraph.cookie.CookieHandler} instead
96 */
97 public static String getCookieValue(final HttpServletRequest request, final String name)
98 {
99 return CookieFactory.getCookieHandler().getCookieValue(request, name);
100 }
101
102 /**
103 * Builds a cookie string containing a username and password.
104 * <p>
105 * Note: with open source this is not really secure, but it prevents users from snooping the cookie file of others and by changing the XOR mask
106 * and character offsets, you can easily tweak results.
107 *
108 * @param username
109 * The username.
110 * @param password
111 * The password.
112 * @return String encoding the input parameters, an empty string if one of the arguments equals <code>null</code>.
113 * @deprecated Since 0.10, use {@link com.atlassian.seraph.cookie.CookieEncoder} instead
114 */
115 public static String encodePasswordCookie(final String username, final String password)
116 {
117 return encodePasswordCookie(username, password);
118 }
119
120 /**
121 * Builds a cookie string containing a username and password, using offsets to customise the encoding.
122 * <p>
123 * Note: with open source this is not really secure, but it prevents users from snooping the cookie file of others and by changing the XOR mask
124 * and character offsets, you can easily tweak results.
125 *
126 * @param username
127 * The username.
128 * @param password
129 * The password.
130 * @param encoding
131 * A String used to customise cookie encoding (only the first 3 characters are used)
132 * @return String encoding the input parameters, an empty string if one of the arguments equals <code>null</code>.
133 * @deprecated Since 0.10, use {@link com.atlassian.seraph.cookie.CookieEncoder} instead
134 */
135 public static String encodePasswordCookie(final String username, final String password, final String encoding)
136 {
137 return CookieUtils.cookieEncoder.encodePasswordCookie(username, password, encoding);
138 }
139
140 /**
141 * Decodes a cookie string containing a username and password.
142 *
143 * @param cookieVal
144 * The cookie value.
145 * @return String[] containing the username at index 0 and the password at index 1, or <code>{ null, null }</code> if cookieVal equals
146 * <code>null</code> or the empty string.
147 * @deprecated Since 0.10, use {@link com.atlassian.seraph.cookie.CookieEncoder} instead
148 */
149 public static String[] decodePasswordCookie(final String cookieVal)
150 {
151 return CookieUtils.cookieEncoder.decodePasswordCookie(cookieVal);
152 }
153
154 /**
155 * Decodes a cookie string containing a username and password.
156 *
157 * @param cookieVal
158 * The cookie value.
159 * @param encoding
160 * A String used to customise cookie encoding (only the first 3 characters are used) - should be the same string you used to encode the
161 * cookie!
162 * @return String[] containing the username at index 0 and the password at index 1, or <code>{ null, null }</code> if cookieVal equals
163 * <code>null</code> or the empty string.
164 * @deprecated Since 0.10, use {@link com.atlassian.seraph.cookie.CookieEncoder} instead
165 */
166 public static String[] decodePasswordCookie(final String cookieVal, final String encoding)
167 {
168 return CookieUtils.cookieEncoder.decodePasswordCookie(cookieVal, encoding);
169 }
170 }