Example usage for javax.servlet.http Cookie setHttpOnly

List of usage examples for javax.servlet.http Cookie setHttpOnly

  1. HOME
  2. Java
  3. javax
  4. javax.servlet.http.*
  5. Cookie
  6. setHttpOnly

Introduction

In this page you can find the example usage for javax.servlet.http Cookie setHttpOnly.

Prototype

public void setHttpOnly(boolean isHttpOnly)

Source Link

Document

Marks or unmarks this Cookie as <i>HttpOnly</i>.

Usage

From source file:com.byd.test.actions.OrderAction.java

License:asdf

@RequestMapping("createCookie")
public void createCookie(HttpServletResponse response) {
    System.out.println("cookie start");
    Cookie cookie = new Cookie("cookie_name", "whatisthis");
    cookie.setHttpOnly(Boolean.TRUE);
    cookie.setDomain("chengangxiong");
    cookie.setVersion(1);/*from  www  . ja va2s .c o m*/
    cookie.setMaxAge(15);//15
    response.addCookie(cookie);

}

From source file:au.gov.dto.springframework.security.web.context.CookieSecurityContextRepository.java

private Cookie createExpireAuthenticationCookie(HttpServletRequest request) {
    Cookie removeSessionCookie = new Cookie(authenticationCookieName, "");
    removeSessionCookie.setPath(authenticationCookiePath);
    removeSessionCookie.setMaxAge(0);// w w w  .j a  v a  2s.  c o m
    removeSessionCookie.setHttpOnly(true);
    removeSessionCookie.setSecure(request.isSecure());
    return removeSessionCookie;
}

From source file:org.orcid.core.manager.impl.InternalSSOManagerImpl.java

private void populateCookie(String orcid, String token, HttpServletRequest request,
        HttpServletResponse response) {//w ww  .  j ava 2 s .c  o m
    HashMap<String, String> cookieValues = new HashMap<String, String>();
    cookieValues.put(COOKIE_KEY_ORCID, orcid);
    cookieValues.put(COOKIE_KEY_TOKEN, token);

    String jsonCookie = JsonUtils.convertToJsonString(cookieValues);

    // Return it as a cookie in the response
    Cookie tokenCookie = new Cookie(COOKIE_NAME, jsonCookie);
    tokenCookie.setMaxAge(maxAgeMinutes * 60);
    tokenCookie.setPath("/");
    tokenCookie.setSecure(true);
    tokenCookie.setHttpOnly(true);
    tokenCookie.setDomain(allowedDomain.trim());
    response.addCookie(tokenCookie);
}

From source file:com.vmware.identity.openidconnect.server.LogoutRequestProcessor.java

private Cookie loggedOutSessionCookie() {
    Cookie cookie = new Cookie(SessionManager.getSessionCookieName(this.tenant), "");
    cookie.setPath("/openidconnect");
    cookie.setSecure(true);/* w  w  w.j  a v  a  2s  .com*/
    cookie.setHttpOnly(true);
    cookie.setMaxAge(0);
    return cookie;
}

From source file:com.erudika.para.security.CachedCsrfTokenRepository.java

private void storeTokenAsCookie(CsrfToken token, HttpServletRequest request, HttpServletResponse response) {
    if (isValidButNotInCookie(token, request)) {
        Cookie c = new Cookie(cookieName, token.getToken());
        c.setMaxAge(Config.SESSION_TIMEOUT_SEC.intValue());
        // don't enable HttpOnly - javascript can't access the cookie if enabled
        c.setHttpOnly(false);
        c.setPath("/");
        response.addCookie(c);/*w  w  w . j  a v a  2s  . com*/
    }
}

From source file:au.gov.dto.dibp.appointments.security.csrf.CookieBasedCsrfTokenRepository.java

@Override
public void saveToken(CsrfToken token, HttpServletRequest request, HttpServletResponse response) {
    Cookie csrfCookie;
    if (token == null) {
        csrfCookie = new Cookie(CSRF_COOKIE_AND_PARAMETER_NAME, "");
        csrfCookie.setMaxAge(0);/*  w w  w.j av  a 2s.com*/
    } else {
        csrfCookie = new Cookie(token.getParameterName(), token.getToken());
        csrfCookie.setMaxAge(COOKIE_MAX_AGE_SECONDS);
    }
    csrfCookie.setHttpOnly(true);
    csrfCookie.setSecure(request.isSecure());
    response.addCookie(csrfCookie);
}

From source file:org.orcid.core.manager.impl.InternalSSOManagerImpl.java

@Override
public void getAndUpdateCookie(String orcid, HttpServletRequest request, HttpServletResponse response) {
    InternalSSOEntity existingCookie = internalSSODao.find(orcid);
    if (existingCookie != null) {
        internalSSODao.update(existingCookie.getId(), existingCookie.getToken());
        HashMap<String, String> cookieValues = new HashMap<String, String>();
        cookieValues.put(COOKIE_KEY_ORCID, orcid);
        cookieValues.put(COOKIE_KEY_TOKEN, existingCookie.getToken());

        String jsonCookie = JsonUtils.convertToJsonString(cookieValues);
        Cookie tokenCookie = new Cookie(COOKIE_NAME, jsonCookie);
        tokenCookie.setMaxAge(maxAgeMinutes * 60);
        tokenCookie.setPath("/");
        tokenCookie.setSecure(true);/*from www .  ja v  a2  s. c  o m*/
        tokenCookie.setHttpOnly(true);
        tokenCookie.setDomain(allowedDomain.trim());
        //Add new cookie to response
        response.addCookie(tokenCookie);
    }
}

From source file:au.gov.dto.springframework.security.web.csrf.CookieCsrfTokenRepository.java

@Override
public void saveToken(CsrfToken token, HttpServletRequest request, HttpServletResponse response) {
    Cookie csrfCookie;
    if (token == null) {
        csrfCookie = new Cookie(csrfCookieName, "");
        csrfCookie.setMaxAge(0);/*from   w w  w.  j a v a 2  s  .  co  m*/
    } else {
        csrfCookie = new Cookie(csrfCookieName, token.getToken());
        csrfCookie.setMaxAge(csrfCookieMaxAgeSeconds);
    }
    csrfCookie.setHttpOnly(true);
    csrfCookie.setSecure(request.isSecure());
    csrfCookie.setPath(csrfCookiePath);
    response.addCookie(csrfCookie);
}

From source file:com.vmware.identity.openidconnect.server.LogoutRequestProcessor.java

private Cookie personUserCertificateLoggedOutCookie() {
    Cookie cookie = new Cookie(SessionManager.getPersonUserCertificateLoggedOutCookieName(this.tenant), "");
    cookie.setPath("/openidconnect");
    cookie.setSecure(true);// www.j av a  2 s  . c o m
    cookie.setHttpOnly(true);
    return cookie;
}

From source file:org.springframework.web.util.CookieGenerator.java

/**
 * Remove the cookie that this generator describes from the response.
 * Will generate a cookie with empty value and max age 0.
 * <p>Delegates to {@link #createCookie} for cookie creation.
 * @param response the HTTP response to remove the cookie from
 * @see #setCookieName// w  w w.  j  av  a 2s  .  co m
 * @see #setCookieDomain
 * @see #setCookiePath
 */
public void removeCookie(HttpServletResponse response) {
    Assert.notNull(response, "HttpServletResponse must not be null");
    Cookie cookie = createCookie("");
    cookie.setMaxAge(0);
    if (isCookieSecure()) {
        cookie.setSecure(true);
    }
    if (isCookieHttpOnly()) {
        cookie.setHttpOnly(true);
    }
    response.addCookie(cookie);
    if (logger.isDebugEnabled()) {
        logger.debug("Removed cookie with name [" + getCookieName() + "]");
    }
}