4.0.0 org.apache.tomcat Tomcat8.5 Tomcat8.5 8.5 Tomcat8.5 java test java test org.apache.maven.plugins maven-compiler-plugin 2.3 UTF-8 1.8 1.8 junit junit 4.12 test ant ant 1.7.0 wsdl4j wsdl4j 1.6.2 javax.xml jaxrpc 1.1 org.easymock easymock 3.3 org.eclipse.jdt.core.compiler ecj 4.6.1
添加CookieFilter.java
在tomcat/test/util下新增CookieFilter.java
/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */package util;import java.util.Locale;import java.util.StringTokenizer;/** * Processes a cookie header and attempts to obfuscate any cookie values that * represent session IDs from other web applications. Since session cookie names * are configurable, as are session ID lengths, this filter is not expected to * be 100% effective. * * It is required that the examples web application is removed in security * conscious environments as documented in the Security How-To. This filter is * intended to reduce the impact of failing to follow that advice. A failure by * this filter to obfuscate a session ID or similar value is not a security * vulnerability. In such instances the vulnerability is the failure to remove * the examples web application. */public class CookieFilter { private static final String OBFUSCATED = "[obfuscated]"; private CookieFilter() { // Hide default constructor } public static String filter(String cookieHeader, String sessionId) { StringBuilder sb = new StringBuilder(cookieHeader.length()); // Cookie name value pairs are ';' separated. // Session IDs don't use ; in the value so don't worry about quoted // values that contain ; StringTokenizer st = new StringTokenizer(cookieHeader, ";"); boolean first = true; while (st.hasMoreTokens()) { if (first) { first = false; } else { sb.append(';'); } sb.append(filterNameValuePair(st.nextToken(), sessionId)); } return sb.toString(); } private static String filterNameValuePair(String input, String sessionId) { int i = input.indexOf('='); if (i == -1) { return input; } String name = input.substring(0, i); String value = input.substring(i + 1, input.length()); return name + "=" + filter(name, value, sessionId); } public static String filter(String cookieName, String cookieValue, String sessionId) { if (cookieName.toLowerCase(Locale.ENGLISH).contains("jsessionid") && (sessionId == null || !cookieValue.contains(sessionId))) { cookieValue = OBFUSCATED; } return cookieValue; }}
修改MANIFEST.MF文件
错误:
Error:osgi: [tomcat] Invalid value for Bundle-Version, @VERSION@ does not match [0-9]{1,9}(\.[0-9]{1,9}(\.[0-9]{1,9}(\.[0-9A-Za-z_-]+)?)?)?