List of usage examples for javax.servlet.http Cookie getName
public String getName()
From source file:com.streamsets.lib.security.http.SSOUserAuthenticator.java
Cookie getAuthCookie(HttpServletRequest httpReq) {
Cookie[] cookies = httpReq.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if (cookie.getName().equals(getAuthCookieName(httpReq))) {
return cookie;
}//w ww . ja v a2 s . co m
}
}
return null;
}
From source file:com.demandware.vulnapp.challenge.impl.XSSChallenge.java
/** * true if the given request is an admin session, false otherwise */// w ww. jav a 2 s.co m public boolean isAdminSession(DIVAServletRequestWrapper req) { Cookie[] cs = req.getCookies(); if (cs != null) { for (Cookie c : cs) { if (c.getName().equals(DIVA_ADMIN_NAME) && c.getValue().equals(this.adminCookieValue)) { return true; } } } return false; }
From source file:eionet.webq.service.CDREnvelopeServiceImpl.java
@Override public HttpHeaders getAuthorizationHeader(UserFile file) { HttpHeaders authorization = new HttpHeaders(); if (file.isAuthorized()) { String authorizationInfo = file.getAuthorization(); if (StringUtils.isNotEmpty(authorizationInfo)) { authorization.add("Authorization", authorizationInfo); LOGGER.info("Use basic auth for file: " + file.getId()); }//from w ww . ja v a 2s. c o m String cookiesInfo = file.getCookies(); if (StringUtils.isNotEmpty(cookiesInfo)) { Cookie[] cookies = cookiesConverter.convertStringToCookies(cookiesInfo); for (Cookie cookie : cookies) { authorization.add("Cookie", cookie.getName() + "=" + cookie.getValue()); LOGGER.info("User cookie auth for file: " + file.getId()); } } } return authorization; }
From source file:com.versatus.jwebshield.filter.SecurityTokenFilter.java
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpReq = (HttpServletRequest) request; HttpServletResponse httpRes = (HttpServletResponse) response; UrlExclusionList exclList = (UrlExclusionList) request.getServletContext() .getAttribute(SecurityConstant.CSRF_CHECK_URL_EXCL_LIST_ATTR_NAME); logger.debug("doFilter: request from IP address=" + httpReq.getRemoteAddr()); if (httpReq.getSession(false) == null) { chain.doFilter(request, response); return;/*from w w w. j av a 2 s . co m*/ } logger.debug("doFilter: matching " + httpReq.getRequestURI() + " to exclusions list " + exclList.getExclusionMap()); try { if (!exclList.isEmpty() && exclList.isMatch(httpReq.getRequestURI())) { chain.doFilter(request, response); return; } } catch (Exception e) { logger.error("doFilter", e); } // Check the user session for the salt cache, if none is present we // create one Cache<SecurityInfo, SecurityInfo> csrfPreventionSaltCache = (Cache<SecurityInfo, SecurityInfo>) httpReq .getSession().getAttribute(SecurityConstant.SALT_CACHE_ATTR_NAME); if (csrfPreventionSaltCache == null) { if (tokenTimeout == -1) { csrfPreventionSaltCache = CacheBuilder.newBuilder().maximumSize(1000).build(); } else { csrfPreventionSaltCache = CacheBuilder.newBuilder().maximumSize(1000) .expireAfterAccess(tokenTimeout, TimeUnit.SECONDS).build(); } httpReq.getSession().setAttribute(SecurityConstant.SALT_CACHE_ATTR_NAME, csrfPreventionSaltCache); String nameSalt = RandomStringUtils.random(10, 0, 0, true, true, null, new SecureRandom()); httpReq.getSession().setAttribute(SecurityConstant.SALT_PARAM_NAME, nameSalt); } // Generate the salt and store it in the users cache String salt = RandomStringUtils.random(20, 0, 0, true, true, null, new SecureRandom()); String saltNameAttr = (String) httpReq.getSession().getAttribute(SecurityConstant.SALT_PARAM_NAME); SecurityInfo si = new SecurityInfo(saltNameAttr, salt); if (SecurityTokenFilter.checkReferer) { String refHeader = StringUtils.defaultString(httpReq.getHeader("Referer")); logger.debug("doFilter: refHeader=" + refHeader); if (StringUtils.isNotBlank(refHeader)) { try { URL refUrl = new URL(refHeader); refHeader = refUrl.getHost(); } catch (MalformedURLException mex) { logger.debug("doFilter: parsing referer header failed", mex); } } si.setRefererHost(refHeader); } logger.debug("doFilter: si=" + si.toString()); csrfPreventionSaltCache.put(si, si); // Add the salt to the current request so it can be used // by the page rendered in this request httpReq.setAttribute(SecurityConstant.SALT_ATTR_NAME, si); // set CSRF cookie HttpSession session = httpReq.getSession(false); if (session != null && StringUtils.isNotBlank(csrfCookieName)) { if (logger.isDebugEnabled()) { Cookie[] cookies = httpReq.getCookies(); // boolean cookiePresent = false; for (Cookie c : cookies) { String name = c.getName(); logger.debug("doFilter: cookie domain=" + c.getDomain() + "|name=" + name + "|value=" + c.getValue() + "|path=" + c.getPath() + "|maxage=" + c.getMaxAge() + "|httpOnly=" + c.isHttpOnly()); // if (csrfCookieName.equals(name)) { // cookiePresent = true; // break; // } } } // if (!cookiePresent) { byte[] hashSalt = new byte[32]; SecureRandom sr = new SecureRandom(); sr.nextBytes(hashSalt); String csrfHash = RandomStringUtils.random(64, 0, 0, true, true, null, sr); Cookie c = new Cookie(csrfCookieName, csrfHash); c.setMaxAge(1800); c.setSecure(false); c.setPath(httpReq.getContextPath()); c.setHttpOnly(false); httpRes.addCookie(c); // session.setAttribute(SecurityConstant.CSRFCOOKIE_VALUE_PARAM, // hashStr); // } } chain.doFilter(request, response); }
From source file:net.sourceforge.subsonic.service.PlayerService.java
/** * Reads the player ID from the cookie in the HTTP request. * * @param request The HTTP request./*from ww w . j a va 2s . c om*/ * @param username The name of the current user. * @return The player ID embedded in the cookie, or <code>null</code> if cookie is not present. */ private String getPlayerIdFromCookie(HttpServletRequest request, String username) { Cookie[] cookies = request.getCookies(); if (cookies == null) { return null; } String cookieName = COOKIE_NAME + "-" + StringUtil.utf8HexEncode(username); for (Cookie cookie : cookies) { if (cookieName.equals(cookie.getName())) { return cookie.getValue(); } } return null; }
From source file:com.shenit.commons.utils.HttpUtils.java
/** * Cookie/*from w w w .j a va2s .c o m*/ * * @param name * ?? * @param defaultVal * * @param req * * @return */ public static String getCookieValue(String name, String defaultVal, HttpServletRequest req) { if (req.getCookies() != null) { for (Cookie cookie : req.getCookies()) { if (cookie.getName().equals(name)) return cookie.getValue(); } } // nothing found return defaultVal; }
From source file:com.demandware.vulnapp.challenge.impl.XSSChallenge.java
/** * checks if a request's cookie list contains the xss admin's cookie * // w ww.jav a 2 s. co m * @param cs * cookie list * @return true if the cookie list has a valid xss admin cookie */ public boolean hasXSSAdminCookie(javax.servlet.http.Cookie[] cs) { for (javax.servlet.http.Cookie c : cs) { if (c.getName().equals(DIVA_ADMIN_NAME) && c.getValue().equals(this.adminCookieValue)) { return true; } } return false; }
From source file:com.boylesoftware.web.impl.auth.SessionlessAuthenticationService.java
/** * Get authentication cookie value.//from w w w . j a v a2 s. c o m * * @param request The HTTP request. * * @return The cookie value, or {@code null} if not found. */ private String getAuthCookieValue(final HttpServletRequest request) { final Cookie[] cookies = request.getCookies(); if (cookies != null) for (final Cookie cookie : request.getCookies()) if (cookie.getName().equals(AUTH_COOKIE_NAME)) return cookie.getValue(); return null; }
From source file:grails.plugin.cookielayout.CookiePageLayoutFinder.java
private String getLayoutFromCookie(HttpServletRequest request, String cookieName) { if (checkRequest) { final Object requestLayout = request.getAttribute(cookieName); if (requestLayout != null) { return requestLayout.toString(); }//w w w . j ava 2s . c om } Cookie[] cookies = request.getCookies(); if (cookies != null) { for (Cookie c : cookies) { if (c.getName().equals(cookieName)) { return c.getValue(); } } } return ""; }
From source file:net.sf.j2ep.servers.ClusterContainer.java
/** * Locates any specification of which server that issued a * session. If there is no session or the session isn't mapped * to a specific server null is returned. * /*from w w w . j av a2 s .co m*/ * @param cookies The cookies so look for a session in * @return the server's ID or null if no server is found */ private String getServerIdFromCookie(Cookie[] cookies) { String serverId = null; if (cookies != null) { for (int i = 0; i < cookies.length; i++) { Cookie cookie = cookies[i]; if (isSessionCookie(cookie.getName())) { String value = cookie.getValue(); String id = value.substring(value.indexOf(".") + 1); if (id.startsWith("server")) { serverId = id; } } } } return serverId; }