List of usage examples for javax.servlet.http Cookie setHttpOnly
public void setHttpOnly(boolean isHttpOnly)
From source file:com.microsoft.azure.oidc.filter.helper.impl.SimpleAuthenticationHelper.java
private String addCookie(final HttpServletRequest httpRequest, final HttpServletResponse httpResponse, final String cookieName, final String cookieValue) { if (httpRequest == null || httpResponse == null || cookieName == null || cookieValue == null) { throw new PreconditionException("Required parameter is null"); }/*from w w w.java 2 s .c o m*/ final Cookie cookie = new Cookie(cookieName, ""); cookie.setValue(cookieValue); cookie.setMaxAge(-1); cookie.setSecure(true); cookie.setDomain(httpRequest.getServerName()); cookie.setPath("/"); cookie.setHttpOnly(true); httpResponse.addCookie(cookie); return cookie.getValue(); }
From source file:org.jahia.bin.Logout.java
protected void removeAuthCookie(HttpServletRequest request, HttpServletResponse response) { // now let's destroy the cookie authentication if there was one // set for this user. JahiaUser curUser = JCRSessionFactory.getInstance().getCurrentUser(); JCRPropertyWrapper cookieAuthKey = null; try {/*from ww w . j a va 2s .c om*/ if (!JahiaUserManagerService.isGuest(curUser)) { JCRUserNode userNode = userManagerService.lookupUserByPath(curUser.getLocalPath()); String userPropertyName = cookieAuthConfig.getUserPropertyName(); if (userNode != null && userNode.hasProperty(userPropertyName)) { cookieAuthKey = userNode.getProperty(userPropertyName); } } if (cookieAuthKey != null) { Cookie authCookie = new Cookie(cookieAuthConfig.getCookieName(), cookieAuthKey.getString()); authCookie .setPath(StringUtils.isNotEmpty(request.getContextPath()) ? request.getContextPath() : "/"); authCookie.setMaxAge(0); // means we want it deleted now ! authCookie.setHttpOnly(cookieAuthConfig.isHttpOnly()); authCookie.setSecure(cookieAuthConfig.isSecure()); response.addCookie(authCookie); cookieAuthKey.remove(); cookieAuthKey.getSession().save(); } } catch (RepositoryException e) { logger.error(e.getMessage(), e); } }
From source file:hudson.security.SecurityRealm.java
/** * Handles the logout processing.// w ww .j a v a2 s. c om * * <p> * The default implementation erases the session and do a few other clean up, then * redirect the user to the URL specified by {@link #getPostLogOutUrl(StaplerRequest, Authentication)}. * * @since 1.314 */ public void doLogout(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { HttpSession session = req.getSession(false); if (session != null) session.invalidate(); Authentication auth = SecurityContextHolder.getContext().getAuthentication(); SecurityContextHolder.clearContext(); // reset remember-me cookie Cookie cookie = new Cookie(ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY, ""); cookie.setMaxAge(0); cookie.setSecure(req.isSecure()); cookie.setHttpOnly(true); cookie.setPath(req.getContextPath().length() > 0 ? req.getContextPath() : "/"); rsp.addCookie(cookie); rsp.sendRedirect2(getPostLogOutUrl(req, auth)); }
From source file:com.traffitruck.web.HtmlController.java
private void setSessionCookie(HttpServletResponse response, String regid, int expiry) { Cookie cookie = new Cookie(DEVICE_REGISTRATION_COOKIE_NAME, regid); cookie.setMaxAge(expiry);/*from w w w .ja v a 2 s.com*/ cookie.setHttpOnly(true); // cookie.setSecure(true); response.addCookie(cookie); }
From source file:com.tremolosecurity.proxy.SessionManagerImpl.java
private HttpSession createOpenSession(HttpServletRequest req, HttpServletResponse resp, ServletContext ctx) throws Exception { byte[] idBytes = new byte[20]; random.nextBytes(idBytes);// ww w . j a v a2s.co m StringBuffer b = new StringBuffer(); b.append('f').append(Hex.encodeHexString(idBytes)); String id = b.toString(); // HttpSession session = req.getSession(true); TremoloHttpSession tsession = new TremoloHttpSession(id); tsession.setOpen(true); tsession.refresh(this.ctx, this); this.anonMech.createSession(tsession, this.anonChainType); AuthController actl = (AuthController) tsession.getAttribute(ProxyConstants.AUTH_CTL); AuthInfo auInfo = actl.getAuthInfo(); auInfo.setAuthComplete(true); // session.setAttribute(app.getCookieConfig().getSessionCookieName(), // tsession); tsession.setAttribute(OpenUnisonConstants.TREMOLO_SESSION_ID, id); // TODO add global session timeout // tsession.setMaxInactiveInterval(app.getCookieConfig().getTimeout()); // TODO add global open session name Cookie sessionCookie = new Cookie(cfg.getCfg().getApplications().getOpenSessionCookieName(), id); sessionCookie.setPath("/"); sessionCookie.setSecure(cfg.getCfg().getApplications().isOpenSessionSecure()); sessionCookie.setHttpOnly(cfg.getCfg().getApplications().isOpenSessionHttpOnly()); sessionCookie.setMaxAge(-1); // TODO add secure? // sessionCookie.setSecure(app.getCookieConfig().isSecure()); resp.addCookie(sessionCookie); sessions.put(id, tsession); return tsession; }
From source file:org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.java
/** * Sets the cookie on the response.//from w w w .j a v a2 s. co m * * By default a secure cookie will be used if the connection is secure. You can set * the {@code useSecureCookie} property to {@code false} to override this. If you set * it to {@code true}, the cookie will always be flagged as secure. By default the cookie * will be marked as HttpOnly. * * @param tokens the tokens which will be encoded to make the cookie value. * @param maxAge the value passed to {@link Cookie#setMaxAge(int)} * @param request the request * @param response the response to add the cookie to. */ protected void setCookie(String[] tokens, int maxAge, HttpServletRequest request, HttpServletResponse response) { String cookieValue = encodeCookie(tokens); Cookie cookie = new Cookie(cookieName, cookieValue); cookie.setMaxAge(maxAge); cookie.setPath(getCookiePath(request)); if (cookieDomain != null) { cookie.setDomain(cookieDomain); } if (maxAge < 1) { cookie.setVersion(1); } if (useSecureCookie == null) { cookie.setSecure(request.isSecure()); } else { cookie.setSecure(useSecureCookie); } cookie.setHttpOnly(true); response.addCookie(cookie); }
From source file:uk.ac.cam.cl.dtg.segue.api.managers.UserAuthenticationManager.java
/** * Destroy a session attached to the request. * /*from ww w . j a v a 2s . c o m*/ * @param request * containing the tomcat session to destroy * @param response * to destroy the segue cookie. */ public void destroyUserSession(final HttpServletRequest request, final HttpServletResponse response) { Validate.notNull(request); try { request.getSession().invalidate(); Cookie logoutCookie = new Cookie(SEGUE_AUTH_COOKIE, ""); logoutCookie.setPath("/"); logoutCookie.setMaxAge(0); logoutCookie.setHttpOnly(true); response.addCookie(logoutCookie); } catch (IllegalStateException e) { log.info("The session has already been invalidated. " + "Unable to logout again...", e); } }
From source file:org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.java
/** * @param sessionId//from w w w . jav a2s .c o m * @param req * @param resp */ private void storeTokenIdCookie(String sessionId, HttpServletRequest req, HttpServletResponse resp, String tenantDomain) { Cookie samlssoTokenIdCookie = new Cookie("samlssoTokenId", sessionId); samlssoTokenIdCookie.setMaxAge(IdPManagementUtil.getIdleSessionTimeOut(tenantDomain) * 60); samlssoTokenIdCookie.setSecure(true); samlssoTokenIdCookie.setHttpOnly(true); resp.addCookie(samlssoTokenIdCookie); }
From source file:com.vmware.identity.samlservice.LogoutState.java
private void removeSessionCookie(String cookieName, HttpServletResponse response) { Validate.notNull(response);// w w w . j a v a2 s .c om if (cookieName == null || cookieName.isEmpty()) { log.warn("Cookie name is null or empty. Ignoring."); return; } log.debug("Removing cookie " + cookieName); Cookie sessionCookie = new Cookie(cookieName, ""); sessionCookie.setPath("/"); sessionCookie.setSecure(true); sessionCookie.setHttpOnly(true); sessionCookie.setMaxAge(0); response.addCookie(sessionCookie); }