List of usage examples for javax.servlet.http Cookie setPath
public void setPath(String uri)
From source file:com.boylesoftware.web.impl.auth.SessionlessAuthenticationService.java
/** * Create authentication token cookie./*from ww w . j a va 2 s .c o m*/ * * @param request The request. * @param value Value for the cookie. * * @return The cookie. */ Cookie createAuthCookie(final HttpServletRequest request, final String value) { final Cookie authCookie = new Cookie(AUTH_COOKIE_NAME, value); authCookie.setPath(StringUtils.emptyIfNull(request.getContextPath()) + "/"); return authCookie; }
From source file:iddb.web.security.service.CommonUserService.java
protected void createUserSession(HttpServletRequest request, HttpServletResponse response, Subject subject, boolean persistent) { HttpSession session = request.getSession(true); session.setAttribute(UserService.SUBJECT, subject); saveLocal(subject);// w w w . jav a 2 s.co m String sessionKey = HashUtils.generate(subject.getLoginId()); session.setAttribute(UserService.SESSION_KEY, sessionKey); Cookie cookieKey = new Cookie("iddb-k", sessionKey); Cookie cookieUser = new Cookie("iddb-u", subject.getKey().toString()); cookieKey.setPath(request.getContextPath() + "/"); cookieUser.setPath(request.getContextPath() + "/"); if (persistent) { cookieKey.setMaxAge(COOKIE_EXPIRE_REMEMBER); cookieUser.setMaxAge(COOKIE_EXPIRE_REMEMBER); } else { cookieKey.setMaxAge(-1); cookieUser.setMaxAge(-1); } response.addCookie(cookieKey); response.addCookie(cookieUser); log.trace("Create new session {}, {}, {}", new String[] { sessionKey, subject.getKey().toString(), request.getRemoteAddr() }); createSession(sessionKey, subject.getKey(), request.getRemoteAddr()); }
From source file:uk.co.caprica.bootlace.security.web.filter.AngularJsCsrfHeaderFilter.java
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { logger.debug("doFilterInternal()"); CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrf != null) { Cookie cookie = WebUtils.getCookie(request, CSRF_COOKIE_NAME); String token = csrf.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { logger.debug("Setting new CSRF cookie"); cookie = new Cookie(CSRF_COOKIE_NAME, token); cookie.setPath(request.getServletContext().getContextPath() + "/"); response.addCookie(cookie);/*from ww w. j a v a 2 s . c o m*/ } } filterChain.doFilter(request, response); }
From source file:com.xpn.xwiki.web.XWikiServletResponse.java
/** * Remove a cookie.// w ww . j a v a 2s . c om * * @param request The servlet request needed to find the cookie to remove * @param cookieName The name of the cookie that must be removed. */ @Override public void removeCookie(String cookieName, XWikiRequest request) { Cookie cookie = request.getCookie(cookieName); if (cookie != null) { cookie.setMaxAge(0); cookie.setPath(cookie.getPath()); addCookie(cookie); } }
From source file:com.codename1.corsproxy.CORSProxy.java
@Override protected void copyProxyCookie(HttpServletRequest servletRequest, HttpServletResponse servletResponse, Header header) {//w w w . ja va 2 s. c om List<HttpCookie> cookies = HttpCookie.parse(header.getValue()); String path = servletRequest.getContextPath(); // path starts with / or is empty string path += servletRequest.getServletPath(); // servlet path starts with / or is empty string for (HttpCookie cookie : cookies) { //set cookie name prefixed w/ a proxy value so it won't collide w/ other cookies String proxyCookieName = getCookieNamePrefix() + cookie.getName(); Cookie servletCookie = new Cookie(proxyCookieName, cookie.getValue()); servletCookie.setComment(cookie.getComment()); servletCookie.setMaxAge((int) cookie.getMaxAge()); servletCookie.setPath(path); //set to the path of the proxy servlet // don't set cookie domain //servletCookie.setSecure(cookie.getSecure()); servletCookie.setSecure(false); servletCookie.setVersion(cookie.getVersion()); servletResponse.addCookie(servletCookie); } }
From source file:com.streamsets.lib.security.http.SSOUserAuthenticator.java
Cookie createAuthCookie(HttpServletRequest httpReq, String authToken, long expiresMillis) { Cookie authCookie = new Cookie(getAuthCookieName(httpReq), authToken); authCookie.setPath("/"); // if positive it is a persistent session, else a transient one and we don't have to set the cookie age if (expiresMillis > 0) { int secondsToLive = (int) ((expiresMillis - System.currentTimeMillis()) / 1000); authCookie.setMaxAge(secondsToLive); } else if (expiresMillis == 0) { // to delete the cookie authCookie.setMaxAge(0);//from w w w .j a va 2s .c o m } if (isDataCollector) { // When an SDC is accessing SCH, set the cookie based on the SDC's scheme authCookie.setSecure(httpReq.isSecure()); } else { // When a browser accesses SCH, set the cookie based on the SCH endpoint authCookie.setSecure(dpmBaseUrl.startsWith("https")); } return authCookie; }
From source file:org.zaizi.sensefy.auth.LoginConfig.java
private Filter csrfHeaderFilter() { return new OncePerRequestFilter() { @Override//from w ww .j av a 2 s. c o m protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrf != null) { Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN"); String token = csrf.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie); // response.setHeader("Access-Control-Allow-Origin", // "*"); // response.setHeader("Access-Control-Allow-Methods", // "POST, GET, OPTIONS, DELETE"); // response.setHeader("Access-Control-Max-Age", // "3600"); // response.setHeader("Access-Control-Allow-Headers", // "x-requested-with"); } } filterChain.doFilter(request, response); } }; }
From source file:org.infoglue.deliver.applications.actions.ExtranetLoginAction.java
/** * This command invalidates the current session and then calls the authentication module logout method so it can * do it's stuff. Sometimes it involves redirecting the user somewhere and then we returns nothing in this method. *//* w ww . j av a 2 s. co m*/ public String doLogout() throws Exception { getHttpSession().invalidate(); Cookie cookie_iguserid = new Cookie("iguserid", "none"); cookie_iguserid.setPath("/"); cookie_iguserid.setMaxAge(0); getResponse().addCookie(cookie_iguserid); Cookie cookie_igpassword = new Cookie("igpassword", "none"); cookie_igpassword.setPath("/"); cookie_igpassword.setMaxAge(0); getResponse().addCookie(cookie_igpassword); AuthenticationModule authenticationModule = AuthenticationModule.getAuthenticationModule(null, null, getRequest(), false); boolean redirected = authenticationModule.logoutUser(getRequest(), getResponse()); if (redirected) { return NONE; } else { this.getResponse().sendRedirect(this.returnAddress); return NONE; } }
From source file:org.gatein.sso.agent.opensso.OpenSSOAgentImpl.java
/** * This method is useful only for Cross-Domain (CD) authentication scenario when GateIn and OpenSSO are in different DNS domains and they can't share cookie. * * It performs://from w ww . j a v a 2 s. c o m * <li>Parse and validate message from OpenSSO CDCServlet.</li> * <li>Use ssoToken from parsed message and establish OpenSSO cookie iPlanetDirectoryPro</li> * <li>Redirects to InitiateLoginFilter but with cookie established. So in next request, we can perform agent validation against OpenSSO server</li> * * @param httpRequest * @param httpResponse * @return true if parameter LARES with message from CDC is present in HttpServletRequest * @throws IOException */ protected boolean tryMessageFromCDC(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws IOException { String encodedCDCMessage = httpRequest.getParameter("LARES"); if (encodedCDCMessage == null) { if (log.isTraceEnabled()) { log.trace("Message from CDC not found in this HttpServletRequest"); } return false; } CDMessageContext messageContext = cdcMessageParser.parseMessage(encodedCDCMessage); if (log.isTraceEnabled()) { log.trace("Successfully parsed messageContext " + messageContext); } // Validate received messageContext validateCDMessageContext(httpRequest, messageContext); // Establish cookie with ssoToken String ssoToken = messageContext.getSsoToken(); Cookie cookie = new Cookie(cookieName, "\"" + ssoToken + "\""); cookie.setPath(httpRequest.getContextPath()); httpResponse.addCookie(cookie); if (log.isTraceEnabled()) { log.trace("Cookie " + cookieName + " with value " + ssoToken + " added to HttpResponse"); } // Redirect again this request to be processed by OpenSSOAgent. Now we have cookie established String urlToRedirect = httpResponse.encodeRedirectURL(httpRequest.getRequestURI()); httpResponse.sendRedirect(urlToRedirect); return true; }
From source file:com.mmj.app.common.checkcode.CheckCodeManager.java
public byte[] create(CookieManager cookieManager, CookieNameEnum maimaijunCheckcode, HttpServletResponse response) {/*ww w .ja v a2s . com*/ if (initException != null) {// ?? setup(); } CheckCodeInfo createCheckCodeInfo = CheckCodeTools.createCheckCodeInfo(); if (createCheckCodeInfo != null) { Cookie cookie = new Cookie("_cc_", EncryptBuilder.getInstance().encrypt(createCheckCodeInfo.getCode())); cookie.setMaxAge(CookieMaxAge.FOREVER); cookie.setDomain(CookieDomain.DOT_MAIMAIJUN_COM.getDomain()); cookie.setPath("/"); response.addCookie(cookie); return createCheckCodeInfo.getBytes(); } return null; }