Example usage for javax.servlet.http Cookie setHttpOnly

List of usage examples for javax.servlet.http Cookie setHttpOnly

  1. HOME
  2. Java
  3. javax
  4. javax.servlet.http.*
  5. Cookie
  6. setHttpOnly

Introduction

In this page you can find the example usage for javax.servlet.http Cookie setHttpOnly.

Prototype

public void setHttpOnly(boolean isHttpOnly)

Source Link

Document

Marks or unmarks this Cookie as <i>HttpOnly</i>.

Usage

From source file:org.b3log.solo.util.Solos.java

/**
 * Logins the specified user from the specified request.
 *
 * @param response the specified response
 * @param user     the specified user, for example,
 *                 {// w  w  w .j a v  a  2  s .c  om
 *                 "userEmail": "",
 *                 "userPassword": ""
 *                 }
 */
public static void login(final JSONObject user, final HttpServletResponse response) {
    try {
        final String userId = user.optString(Keys.OBJECT_ID);
        final JSONObject cookieJSONObject = new JSONObject();
        cookieJSONObject.put(Keys.OBJECT_ID, userId);
        cookieJSONObject.put(User.USER_PASSWORD, user.optString(User.USER_PASSWORD));

        final String random = RandomStringUtils.randomAlphanumeric(16);
        cookieJSONObject.put(Keys.TOKEN, user.optString(User.USER_PASSWORD) + ":" + random);

        final String cookieValue = Crypts.encryptByAES(cookieJSONObject.toString(), COOKIE_SECRET);
        final Cookie cookie = new Cookie(COOKIE_NAME, cookieValue);
        cookie.setPath("/");
        cookie.setMaxAge(COOKIE_EXPIRY);
        cookie.setHttpOnly(COOKIE_HTTP_ONLY);
        response.addCookie(cookie);
    } catch (final Exception e) {
        LOGGER.log(Level.WARN, "Can not write cookie", e);
    }
}

From source file:org.projectforge.business.user.filter.UserFilter.java

/**
 * Adds or refresh the given cookie./*from w w w .j  av a2  s .co  m*/
 *
 * @param request
 * @param response
 * @param stayLoggedInCookie
 */
public static void addStayLoggedInCookie(final HttpServletRequest request, final HttpServletResponse response,
        final Cookie stayLoggedInCookie) {
    stayLoggedInCookie.setMaxAge(COOKIE_MAX_AGE);
    stayLoggedInCookie.setPath("/");
    if (request.isSecure() == true) {
        log.debug("Set secure cookie");
        stayLoggedInCookie.setSecure(true);
    } else {
        log.debug("Set unsecure cookie");
    }
    stayLoggedInCookie.setHttpOnly(true);
    response.addCookie(stayLoggedInCookie); // Refresh cookie.
}

From source file:com.vmware.identity.openidconnect.sample.RelyingPartyController.java

private static Cookie logoutSessionCookie() {
    Cookie sessionCookie = new Cookie(SESSION_COOKIE_NAME, "");
    sessionCookie.setPath("/openidconnect-sample-rp");
    sessionCookie.setSecure(true);/*from w  ww. j a  v  a2  s  .  co m*/
    sessionCookie.setHttpOnly(true);
    sessionCookie.setMaxAge(0);
    return sessionCookie;
}

From source file:com.vmware.identity.openidconnect.sample.RelyingPartyController.java

private static Cookie loginSessionCookie(SessionID sessionId) {
    Cookie sessionCookie = new Cookie(SESSION_COOKIE_NAME, sessionId.getValue());
    sessionCookie.setPath("/openidconnect-sample-rp");
    sessionCookie.setSecure(true);/*from   w w  w  . j a va 2 s .c  om*/
    sessionCookie.setHttpOnly(true);
    return sessionCookie;
}

From source file:com.erudika.para.utils.Utils.java

/**
 * Sets a cookie.//from  w w w  . j ava  2s  .c o m
 * @param name the name
 * @param value the value
 * @param req HTTP request
 * @param res HTTP response
 * @param httpOnly HTTP only flag
 * @param maxAge max age
 */
public static void setRawCookie(String name, String value, HttpServletRequest req, HttpServletResponse res,
        boolean httpOnly, int maxAge) {
    if (StringUtils.isBlank(name) || StringUtils.isBlank(value) || req == null || res == null) {
        return;
    }
    Cookie cookie = new Cookie(name, value);
    cookie.setHttpOnly(httpOnly);
    cookie.setMaxAge(maxAge < 0 ? Config.SESSION_TIMEOUT_SEC.intValue() : maxAge);
    cookie.setPath("/");
    cookie.setSecure(req.isSecure());
    res.addCookie(cookie);
}

From source file:io.gravitee.management.security.JWTCookieGenerator.java

public Cookie generate(final String value) {
    final Cookie cookie = new Cookie(HttpHeaders.AUTHORIZATION, value);
    cookie.setHttpOnly(true);
    cookie.setSecure(environment.getProperty("jwt.cookie-secure", Boolean.class, DEFAULT_JWT_COOKIE_SECURE));
    cookie.setPath(environment.getProperty("jwt.cookie-path", DEFAULT_JWT_COOKIE_PATH));
    cookie.setDomain(environment.getProperty("jwt.cookie-domain", DEFAULT_JWT_COOKIE_DOMAIN));
    return cookie;
}

From source file:io.cfp.auth.service.CookieService.java

public Cookie getTokenCookie(String tokenValue) {
    Cookie tokenCookie = new Cookie("token", tokenValue);
    tokenCookie.setPath("/");
    tokenCookie.setHttpOnly(true); // secure Token to be invisible from
    // javascript in the browser
    tokenCookie.setDomain(cookieDomain);
    tokenCookie.setMaxAge((int) Duration.ofHours(TokenService.TOKEN_EXPIRATION).getSeconds());
    return tokenCookie;
}

From source file:org.craftercms.commons.http.CookieManager.java

/**
 * Add a "delete" cookie to the response to indicate the that the stored cookie should be deleted.
 *
 * @param name the name of the cookie/* w  w  w .j  a v a  2s .  com*/
 */
public void deleteCookie(String name, HttpServletResponse response) {
    Cookie cookie = new Cookie(name, null);
    cookie.setHttpOnly(httpOnly);
    cookie.setSecure(secure);
    if (StringUtils.isNotEmpty(domain)) {
        cookie.setDomain(domain);
    }
    if (StringUtils.isNotEmpty(path)) {
        cookie.setPath(path);
    }

    cookie.setMaxAge(0);

    response.addCookie(cookie);

    logger.debug(LOG_KEY_DELETED_COOKIE, name);
}

From source file:org.craftercms.commons.http.CookieManager.java

/**
 * Add a new cookie, using the configured domain, path and max age, to the response.
 *
 * @param name  the name of the cookie/*from ww  w.  ja v a2 s.  c o m*/
 * @param value the value of the cookie
 */
public void addCookie(String name, String value, HttpServletResponse response) {
    Cookie cookie = new Cookie(name, value);
    cookie.setHttpOnly(httpOnly);
    cookie.setSecure(secure);
    if (StringUtils.isNotEmpty(domain)) {
        cookie.setDomain(domain);
    }
    if (StringUtils.isNotEmpty(path)) {
        cookie.setPath(path);
    }
    if (maxAge != null) {
        cookie.setMaxAge(maxAge);
    }

    response.addCookie(cookie);

    logger.debug(LOG_KEY_ADDED_COOKIE, name);
}

From source file:net.prasenjit.auth.config.CsrfCookieGeneratorFilter.java

/**
 * {@inheritDoc}//from ww  w  .jav a 2 s .  c o m
 */
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
        FilterChain filterChain) throws ServletException, IOException {
    // Spring put the CSRF token in session attribute "_csrf"
    CsrfToken csrfToken = (CsrfToken) request.getAttribute("_csrf");

    // Send the cookie only if the token has changed
    String actualToken = request.getHeader("X-XSRF-TOKEN");
    if (actualToken == null || !actualToken.equals(csrfToken.getToken())) {
        // Session cookie that will be used by AngularJS
        String pCookieName = "XSRF-TOKEN";
        Cookie cookie = new Cookie(pCookieName, csrfToken.getToken());
        cookie.setMaxAge(-1);
        cookie.setHttpOnly(false);
        cookie.setPath("/");
        response.addCookie(cookie);
    }
    filterChain.doFilter(request, response);
}