Client request implementations enforce RFC 6265 (cookies in a single header)

Issue: SPR-12196
(cherry picked from commit 26a93b6)

Author: jhoeller

spring-web/src/main/java/org/springframework/http/client/HttpComponentsClientHttpRequest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2012 the original author or authors.
+ * Copyright 2002-2014 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,9 +21,6 @@
 import java.util.List;
 import java.util.Map;
 
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.HttpMethod;
-
 import org.apache.http.HttpEntity;
 import org.apache.http.HttpEntityEnclosingRequest;
 import org.apache.http.HttpResponse;
@@ -33,6 +30,10 @@
 import org.apache.http.protocol.HTTP;
 import org.apache.http.protocol.HttpContext;
 
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.util.StringUtils;
+
 /**
  * {@link org.springframework.http.client.ClientHttpRequest} implementation that uses
  * Apache HttpComponents HttpClient to execute requests.
@@ -53,7 +54,7 @@ final class HttpComponentsClientHttpRequest extends AbstractBufferingClientHttpR
 	private final HttpContext httpContext;
 
 
-	public HttpComponentsClientHttpRequest(HttpClient httpClient, HttpUriRequest httpRequest, HttpContext httpContext) {
+	HttpComponentsClientHttpRequest(HttpClient httpClient, HttpUriRequest httpRequest, HttpContext httpContext) {
 		this.httpClient = httpClient;
 		this.httpRequest = httpRequest;
 		this.httpContext = httpContext;
@@ -71,15 +72,8 @@ public URI getURI() {
 
 	@Override
 	protected ClientHttpResponse executeInternal(HttpHeaders headers, byte[] bufferedOutput) throws IOException {
-		for (Map.Entry<String, List<String>> entry : headers.entrySet()) {
-			String headerName = entry.getKey();
-			if (!headerName.equalsIgnoreCase(HTTP.CONTENT_LEN) &&
-					!headerName.equalsIgnoreCase(HTTP.TRANSFER_ENCODING)) {
-				for (String headerValue : entry.getValue()) {
-					this.httpRequest.addHeader(headerName, headerValue);
-				}
-			}
-		}
+		addHeaders(this.httpRequest, headers);
+
 		if (this.httpRequest instanceof HttpEntityEnclosingRequest) {
 			HttpEntityEnclosingRequest entityEnclosingRequest = (HttpEntityEnclosingRequest) this.httpRequest;
 			HttpEntity requestEntity = new ByteArrayEntity(bufferedOutput);
@@ -89,4 +83,26 @@ protected ClientHttpResponse executeInternal(HttpHeaders headers, byte[] buffere
 		return new HttpComponentsClientHttpResponse(httpResponse);
 	}
 
+
+	/**
+	 * Add the given headers to the given HTTP request.
+	 * @param httpRequest the request to add the headers to
+	 * @param headers the headers to add
+	 */
+	static void addHeaders(HttpUriRequest httpRequest, HttpHeaders headers) {
+		for (Map.Entry<String, List<String>> entry : headers.entrySet()) {
+			String headerName = entry.getKey();
+			if ("Cookie".equalsIgnoreCase(headerName)) {  // RFC 6265
+				String headerValue = StringUtils.collectionToDelimitedString(entry.getValue(), "; ");
+				httpRequest.addHeader(headerName, headerValue);
+			}
+			else if (!HTTP.CONTENT_LEN.equalsIgnoreCase(headerName) &&
+					!HTTP.TRANSFER_ENCODING.equalsIgnoreCase(headerName)) {
+				for (String headerValue : entry.getValue()) {
+					httpRequest.addHeader(headerName, headerValue);
+				}
+			}
+		}
+	}
+
 }

spring-web/src/main/java/org/springframework/http/client/SimpleBufferingClientHttpRequest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2014 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,12 +26,14 @@
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.util.FileCopyUtils;
+import org.springframework.util.StringUtils;
 
 /**
- * {@link ClientHttpRequest} implementation that uses standard J2SE facilities to execute buffered requests.
- * Created via the {@link SimpleClientHttpRequestFactory}.
+ * {@link ClientHttpRequest} implementation that uses standard JDK facilities to
+ * execute buffered requests. Created via the {@link SimpleClientHttpRequestFactory}.
  *
  * @author Arjen Poutsma
+ * @author Juergen Hoeller
  * @since 3.0
  * @see SimpleClientHttpRequestFactory#createRequest(java.net.URI, HttpMethod)
  */
@@ -63,12 +65,7 @@ public URI getURI() {
 
 	@Override
 	protected ClientHttpResponse executeInternal(HttpHeaders headers, byte[] bufferedOutput) throws IOException {
-		for (Map.Entry<String, List<String>> entry : headers.entrySet()) {
-			String headerName = entry.getKey();
-			for (String headerValue : entry.getValue()) {
-				this.connection.addRequestProperty(headerName, headerValue);
-			}
-		}
+		addHeaders(this.connection, headers);
 
 		if (this.connection.getDoOutput() && this.outputStreaming) {
 			this.connection.setFixedLengthStreamingMode(bufferedOutput.length);
@@ -81,4 +78,25 @@ protected ClientHttpResponse executeInternal(HttpHeaders headers, byte[] buffere
 		return new SimpleClientHttpResponse(this.connection);
 	}
 
+
+	/**
+	 * Add the given headers to the given HTTP connection.
+	 * @param connection the connection to add the headers to
+	 * @param headers the headers to add
+	 */
+	static void addHeaders(HttpURLConnection connection, HttpHeaders headers) {
+		for (Map.Entry<String, List<String>> entry : headers.entrySet()) {
+			String headerName = entry.getKey();
+			if ("Cookie".equalsIgnoreCase(headerName)) {  // RFC 6265
+				String headerValue = StringUtils.collectionToDelimitedString(entry.getValue(), "; ");
+				connection.setRequestProperty(headerName, headerValue);
+			}
+			else {
+				for (String headerValue : entry.getValue()) {
+					connection.addRequestProperty(headerName, headerValue);
+				}
+			}
+		}
+	}
+
 }

spring-web/src/main/java/org/springframework/http/client/SimpleStreamingClientHttpRequest.java

@@ -21,16 +21,14 @@
 import java.net.HttpURLConnection;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.util.List;
-import java.util.Map;
 
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.util.StreamUtils;
 
 /**
- * {@link ClientHttpRequest} implementation that uses standard J2SE facilities to execute streaming requests.
- * Created via the {@link SimpleClientHttpRequestFactory}.
+ * {@link ClientHttpRequest} implementation that uses standard JDK facilities to
+ * execute streaming requests. Created via the {@link SimpleClientHttpRequestFactory}.
  *
  * @author Arjen Poutsma
  * @since 3.0
@@ -79,30 +77,21 @@ protected OutputStream getBodyInternal(HttpHeaders headers) throws IOException {
 					this.connection.setChunkedStreamingMode(this.chunkSize);
 				}
 			}
-			writeHeaders(headers);
+			SimpleBufferingClientHttpRequest.addHeaders(this.connection, headers);
 			this.connection.connect();
 			this.body = this.connection.getOutputStream();
 		}
 		return StreamUtils.nonClosing(this.body);
 	}
 
-	private void writeHeaders(HttpHeaders headers) {
-		for (Map.Entry<String, List<String>> entry : headers.entrySet()) {
-			String headerName = entry.getKey();
-			for (String headerValue : entry.getValue()) {
-				this.connection.addRequestProperty(headerName, headerValue);
-			}
-		}
-	}
-
 	@Override
 	protected ClientHttpResponse executeInternal(HttpHeaders headers) throws IOException {
 		try {
 			if (this.body != null) {
 				this.body.close();
 			}
 			else {
-				writeHeaders(headers);
+				SimpleBufferingClientHttpRequest.addHeaders(this.connection, headers);
 				this.connection.connect();
 			}
 		}