List of usage examples for javax.servlet.http Cookie getValue
public String getValue()
From source file:com.demandware.vulnapp.challenge.impl.XSSChallenge.java
/** * true if the given request is an admin session, false otherwise *//* ww w.j a v a 2 s . com*/ public boolean isAdminSession(DIVAServletRequestWrapper req) { Cookie[] cs = req.getCookies(); if (cs != null) { for (Cookie c : cs) { if (c.getName().equals(DIVA_ADMIN_NAME) && c.getValue().equals(this.adminCookieValue)) { return true; } } } return false; }
From source file:eu.supersede.fe.security.SecurityConfiguration.java
private Filter csrfHeaderFilter() { return new OncePerRequestFilter() { @Override/*from www .j ava2 s.co m*/ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrf != null) { Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN"); String token = csrf.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie); } } try { filterChain.doFilter(request, response); } catch (IOException e) { if (!csrf_error) { log.warn("Unable to apply the CSRF filter. This message will not be displayed again"); } else { csrf_error = true; } } } }; }
From source file:de.appsolve.padelcampus.filter.LoginFilter.java
/** * @param request//from w w w . j a va 2 s.c o m * @param response * @param chain * @throws java.io.IOException * @throws javax.servlet.ServletException * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (request instanceof HttpServletRequest && response instanceof HttpServletResponse) { HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; String requestURI = httpRequest.getRequestURI(); for (Pattern pattern : NO_FILTER_LIST) { if (pattern.matcher(requestURI).matches()) { sessionUtil.setCustomer(httpRequest, null); chain.doFilter(request, response); return; } } CustomerI customer = sessionUtil.getCustomer(httpRequest); if (customer == null) { String hostHeader = httpRequest.getHeader("host"); if (!StringUtils.isEmpty(hostHeader)) { String[] hostHeaderSplit = hostHeader.split(":"); customer = customerDAO.findByDomainName(hostHeaderSplit[0]); } if (customer == null) { String url = ""; String serverName = httpRequest.getServerName(); if (!StringUtils.isEmpty(serverName)) { String[] domainParts = serverName.split("\\."); if (domainParts.length > 2) { url = httpRequest.getScheme() + "://" + domainParts[domainParts.length - 2] + "." + domainParts[domainParts.length - 1]; if (httpRequest.getScheme().equals("http") && httpRequest.getServerPort() != 80) { url += ":" + httpRequest.getServerPort(); } } } url += PATH_START_PAGE; httpResponse.setStatus(HttpStatus.PERMANENT_REDIRECT.value()); httpResponse.sendRedirect(url); return; } sessionUtil.setCustomer(httpRequest, customer); } //login user in case of valid login cookie Player user = sessionUtil.getUser(httpRequest); if (user == null) { Cookie[] cookies = httpRequest.getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { if (cookie.getName() != null && cookie.getName().equals(COOKIE_LOGIN_TOKEN)) { String cookieValue = cookie.getValue(); if (StringUtils.isEmpty(cookieValue)) { loginUtil.deleteLoginCookie(httpRequest, httpResponse); } else { String[] cookieValueSplit = cookieValue.split(":"); if (cookieValueSplit.length != 2) { loginUtil.deleteLoginCookie(httpRequest, httpResponse); } else { String uuid = cookieValueSplit[0]; String loginCookieRandomValue = cookieValueSplit[1]; LoginCookie loginCookie = loginUtil.isValidLoginCookie(uuid, loginCookieRandomValue); if (loginCookie == null) { loginUtil.deleteLoginCookie(httpRequest, httpResponse); } else { Player player = playerDAO.findByUUID(loginCookie.getPlayerUUID()); if (player == null) { loginUtil.deleteLoginCookie(httpRequest, httpResponse); } else { //log user in sessionUtil.setUser(httpRequest, player); //update loginCookieHash loginUtil.updateLoginCookie(httpRequest, httpResponse); } } break; } } } } } } moduleUtil.initModules(httpRequest); } chain.doFilter(request, response); }
From source file:com.demandware.vulnapp.challenge.impl.XSSChallenge.java
/** * checks if a request's cookie list contains the xss admin's cookie * //from w ww .j a va 2 s .c o m * @param cs * cookie list * @return true if the cookie list has a valid xss admin cookie */ public boolean hasXSSAdminCookie(javax.servlet.http.Cookie[] cs) { for (javax.servlet.http.Cookie c : cs) { if (c.getName().equals(DIVA_ADMIN_NAME) && c.getValue().equals(this.adminCookieValue)) { return true; } } return false; }
From source file:au.gov.dto.springframework.security.web.context.CookieSecurityContextRepository.java
/** * Obtains the security context for the supplied request. For an unauthenticated user, an empty context * implementation should be returned. This method should not return null. * <p>//w ww .ja v a 2 s . c om * The use of the <tt>HttpRequestResponseHolder</tt> parameter allows implementations to return wrapped versions of * the request or response (or both), allowing them to access implementation-specific state for the request. * The values obtained from the holder will be passed on to the filter chain and also to the <tt>saveContext</tt> * method when it is finally called. Implementations may wish to return a subclass of * {@link SaveContextOnUpdateOrErrorResponseWrapper} as the response object, which guarantees that the context is * persisted when an error or redirect occurs. * * @param requestResponseHolder holder for the current request and response for which the context should be loaded. * * @return The security context which should be used for the current request, never null. */ @Override public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) { HttpServletRequest request = requestResponseHolder.getRequest(); HttpServletResponse response = requestResponseHolder.getResponse(); requestResponseHolder.setResponse(new SaveToCookieResponseWrapper(request, response)); Cookie authenticationCookie = getAuthenticationCookie(request); if (authenticationCookie == null) { return SecurityContextHolder.createEmptyContext(); } String serialisedAuthentication = tokenEncryption.decryptAndVerify(authenticationCookie.getValue()); if (serialisedAuthentication == null) { response.addCookie(createExpireAuthenticationCookie(request)); return SecurityContextHolder.createEmptyContext(); } Authentication authentication = authenticationSerializer.deserialize(serialisedAuthentication); SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); securityContext.setAuthentication(authentication); return securityContext; }
From source file:org.syncope.console.commons.PreferenceManager.java
public void set(final Request request, final Response response, final String key, final String value) { Cookie prefCookie = ((WebRequest) request).getCookie(Constants.PREFS_COOKIE_NAME); final Map<String, String> prefs = new HashMap<String, String>(); if (prefCookie == null || !StringUtils.hasText(prefCookie.getValue())) { prefCookie = new Cookie(Constants.PREFS_COOKIE_NAME, null); } else {/*from w ww . j av a 2 s . co m*/ prefs.putAll(getPrefs(new String(Base64.decodeBase64(prefCookie.getValue().getBytes())))); } // after retrieved previous setting in order to overwrite the key ... prefs.put(key, value); try { prefCookie.setValue(new String(Base64.encodeBase64(setPrefs(prefs).getBytes()))); } catch (IOException e) { LOG.error("Could not set preferences " + prefs, e); } prefCookie.setMaxAge(ONE_YEAR_TIME); ((WebResponse) response).addCookie(prefCookie); }
From source file:com.alfaariss.oa.util.web.CookieTool.java
/** * Returns the cookie value./*from ww w . ja v a2 s. c o m*/ * @param sCookie The cookie name. * @param oRequest The servlet request. * @return The cookie value or NULL if not available. */ public String getCookieValue(String sCookie, HttpServletRequest oRequest) { assert oRequest != null : "Supplied request == null"; String sValue = null; Cookie[] cookies = oRequest.getCookies(); if (cookies != null) //Cookies found { for (Cookie cookie : cookies) //For all cookies { if (cookie.getName().equals(sCookie)) //cookie found { sValue = cookie.getValue(); //remove '"' surrounding cookie value if applicable int iLength = sValue.length(); if (sValue.charAt(0) == '"' && sValue.charAt(iLength - 1) == '"') { sValue = sValue.substring(1, iLength - 1); } } } } return sValue; }
From source file:org.syncope.console.commons.PreferenceManager.java
public void set(final Request request, final Response response, final Map<String, List<String>> prefs) { Cookie prefCookie = ((WebRequest) request).getCookie(Constants.PREFS_COOKIE_NAME); final Map<String, String> current = new HashMap<String, String>(); if (prefCookie == null || !StringUtils.hasText(prefCookie.getValue())) { prefCookie = new Cookie(Constants.PREFS_COOKIE_NAME, null); } else {//ww w. j ava 2 s.co m current.putAll(getPrefs(new String(Base64.decodeBase64(prefCookie.getValue().getBytes())))); } // after retrieved previous setting in order to overwrite the key ... for (Entry<String, List<String>> entry : prefs.entrySet()) { current.put(entry.getKey(), StringUtils.collectionToDelimitedString(entry.getValue(), ";")); } try { prefCookie.setValue(new String(Base64.encodeBase64(setPrefs(current).getBytes()))); } catch (IOException e) { LOG.error("Could not set preferences " + current, e); } prefCookie.setMaxAge(ONE_YEAR_TIME); ((WebResponse) response).addCookie(prefCookie); }
From source file:org.syncope.console.commons.PreferenceManager.java
public String get(final Request request, final String key) { String result = null;//from w w w . java 2 s.c o m Cookie prefCookie = ((WebRequest) request).getCookie(Constants.PREFS_COOKIE_NAME); if (prefCookie != null) { final Map<String, String> prefs = getPrefs( new String(Base64.decodeBase64(prefCookie.getValue().getBytes()))); result = prefs.get(key); } else { LOG.debug("Could not find cookie []", Constants.PREFS_COOKIE_NAME); } return result; }
From source file:com.mockey.model.ResponseFromService.java
public String getResponseCookiesAsString() { StringBuffer responseCookies = new StringBuffer(); for (Cookie cookie : this.cookieList) { responseCookies.append(String.format("Cookie--->\n\n %s = %s ", cookie.getName(), cookie.getValue())); }//from ww w.j a v a 2 s . co m return responseCookies.toString(); }