List of usage examples for javax.servlet.http Cookie setSecure
public void setSecure(boolean flag)
From source file:com.liferay.portal.util.CookieKeys.java
public static void addCookie(HttpServletRequest request, HttpServletResponse response, Cookie cookie, boolean secure) { if (!PropsValues.SESSION_ENABLE_PERSISTENT_COOKIES || PropsValues.TCK_URL) { return;/*from w w w . j a v a 2s.c o m*/ } // LEP-5175 String name = cookie.getName(); String originalValue = cookie.getValue(); String encodedValue = originalValue; if (isEncodedCookie(name)) { encodedValue = new String(Hex.encodeHex(originalValue.getBytes())); if (_log.isDebugEnabled()) { _log.debug("Add encoded cookie " + name); _log.debug("Original value " + originalValue); _log.debug("Hex encoded value " + encodedValue); } } cookie.setSecure(secure); cookie.setValue(encodedValue); cookie.setVersion(VERSION); // Setting a cookie will cause the TCK to lose its ability to track // sessions response.addCookie(cookie); }
From source file:gr.abiss.calipso.userDetails.util.SecurityUtil.java
/** * Writes a cookie to the response. In case of a blank value the method will * set the max age to zero, effectively marking the cookie for immediate * deletion by the client if the <code>allowClear</code> is true or throw an exception if false. * Blank value strings mark cookie deletion. If * @param response//from w w w .jav a2s . c om * @param cookieName * @param cookieValue * @param allowClear */ private static void addCookie(HttpServletRequest request, HttpServletResponse response, String cookieName, String cookieValue, boolean allowClear, UserDetailsConfig userDetailsConfig) { if (StringUtils.isBlank(cookieValue) && !allowClear) { throw new RuntimeException( "Was given a blank cookie value but allowClear is false for cookie name: " + cookieName); } if (LOGGER.isDebugEnabled()) { LOGGER.debug("addCookie, cookieName: " + cookieName + ", cookie value: " + cookieValue + ", domain: " + userDetailsConfig.getCookiesDomain() + ", secure: " + userDetailsConfig.isCookiesSecure() + ", http-only: " + userDetailsConfig.isCookiesHttpOnly() + ", path: " + userDetailsConfig.getCookiesContextPath()); } Cookie cookie = new Cookie(cookieName, cookieValue); // set the cookie domain if (StringUtils.isNotBlank(userDetailsConfig.getCookiesDomain())) { cookie.setDomain('.' + userDetailsConfig.getCookiesDomain()); } // maybe not a good idea unless you can trust the proxy // else if (StringUtils.isNotBlank(request.getHeader("X-Forwarded-Host"))) { // cookie.setDomain('.' + request.getHeader("X-Forwarded-Host")); // } // else{ // cookie.setDomain('.' + request.getLocalName()); // // } // set the cookie path if (StringUtils.isNotBlank(userDetailsConfig.getCookiesContextPath())) { cookie.setPath(userDetailsConfig.getCookiesContextPath()); } // else { // cookie.setPath("/"); // } cookie.setSecure(userDetailsConfig.isCookiesSecure()); cookie.setHttpOnly(userDetailsConfig.isCookiesHttpOnly()); if (StringUtils.isBlank(cookieValue)) { if (LOGGER.isDebugEnabled()) { LOGGER.debug("addCookie, setting max-age to 0 to clear cookie: " + cookieName); } cookie.setMaxAge(0); } response.addCookie(cookie); }
From source file:com.erudika.para.utils.Utils.java
/** * Sets a cookie./*from w w w. j av a2s . c o m*/ * @param name the name * @param value the value * @param req HTTP request * @param res HTTP response * @param httpOnly HTTP only flag * @param maxAge max age */ public static void setRawCookie(String name, String value, HttpServletRequest req, HttpServletResponse res, boolean httpOnly, int maxAge) { if (StringUtils.isBlank(name) || StringUtils.isBlank(value) || req == null || res == null) { return; } Cookie cookie = new Cookie(name, value); cookie.setHttpOnly(httpOnly); cookie.setMaxAge(maxAge < 0 ? Config.SESSION_TIMEOUT_SEC.intValue() : maxAge); cookie.setPath("/"); cookie.setSecure(req.isSecure()); res.addCookie(cookie); }
From source file:io.gravitee.management.security.JWTCookieGenerator.java
public Cookie generate(final String value) { final Cookie cookie = new Cookie(HttpHeaders.AUTHORIZATION, value); cookie.setHttpOnly(true);/* www . j a v a 2s .c om*/ cookie.setSecure(environment.getProperty("jwt.cookie-secure", Boolean.class, DEFAULT_JWT_COOKIE_SECURE)); cookie.setPath(environment.getProperty("jwt.cookie-path", DEFAULT_JWT_COOKIE_PATH)); cookie.setDomain(environment.getProperty("jwt.cookie-domain", DEFAULT_JWT_COOKIE_DOMAIN)); return cookie; }
From source file:org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils.java
/** * @param req/*from w w w.j av a2 s . c om*/ * @param resp * @param id * @param age */ public static void storeAuthCookie(HttpServletRequest req, HttpServletResponse resp, String id, Integer age) { Cookie authCookie = new Cookie(FrameworkConstants.COMMONAUTH_COOKIE, id); authCookie.setSecure(true); authCookie.setHttpOnly(true); if (age != null) { authCookie.setMaxAge(age.intValue() * 60); } resp.addCookie(authCookie); }
From source file:org.wso2.carbon.identity.oidc.session.DefaultOIDCSessionStateManager.java
/** * Adds the browser state cookie to the response * * @param response//from w ww.j av a 2 s . co m * @return Cookie */ public Cookie addOPBrowserStateCookie(HttpServletResponse response) { Cookie cookie = new Cookie(OIDCSessionConstants.OPBS_COOKIE_ID, UUID.randomUUID().toString()); cookie.setSecure(true); cookie.setPath("/"); response.addCookie(cookie); return cookie; }
From source file:org.craftercms.commons.http.CookieManager.java
/** * Add a "delete" cookie to the response to indicate the that the stored cookie should be deleted. * * @param name the name of the cookie/* w ww . j a v a2s . co m*/ */ public void deleteCookie(String name, HttpServletResponse response) { Cookie cookie = new Cookie(name, null); cookie.setHttpOnly(httpOnly); cookie.setSecure(secure); if (StringUtils.isNotEmpty(domain)) { cookie.setDomain(domain); } if (StringUtils.isNotEmpty(path)) { cookie.setPath(path); } cookie.setMaxAge(0); response.addCookie(cookie); logger.debug(LOG_KEY_DELETED_COOKIE, name); }
From source file:org.craftercms.commons.http.CookieManager.java
/** * Add a new cookie, using the configured domain, path and max age, to the response. * * @param name the name of the cookie//from w w w . j a v a2s. c om * @param value the value of the cookie */ public void addCookie(String name, String value, HttpServletResponse response) { Cookie cookie = new Cookie(name, value); cookie.setHttpOnly(httpOnly); cookie.setSecure(secure); if (StringUtils.isNotEmpty(domain)) { cookie.setDomain(domain); } if (StringUtils.isNotEmpty(path)) { cookie.setPath(path); } if (maxAge != null) { cookie.setMaxAge(maxAge); } response.addCookie(cookie); logger.debug(LOG_KEY_ADDED_COOKIE, name); }
From source file:org.jasig.cas.web.support.CookieRetrievingCookieGenerator.java
public void addCookie(final HttpServletRequest request, final HttpServletResponse response, final String cookieValue) { if (!StringUtils.hasText(request.getParameter(RememberMeCredentials.REQUEST_PARAMETER_REMEMBER_ME))) { super.addCookie(response, cookieValue); } else {// w ww . jav a 2 s .c o m final Cookie cookie = createCookie(cookieValue); cookie.setMaxAge(this.rememberMeMaxAge); if (isCookieSecure()) { cookie.setSecure(true); } response.addCookie(cookie); } }
From source file:org.owasp.benchmark.testcode.BenchmarkTest00260.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = ""; boolean flag = true; java.util.Enumeration<String> names = request.getHeaderNames(); while (names.hasMoreElements() && flag) { String name = (String) names.nextElement(); java.util.Enumeration<String> values = request.getHeaders(name); if (values != null) { while (values.hasMoreElements() && flag) { String value = (String) values.nextElement(); if (value.equals("vector")) { param = name;/*from w w w .ja v a2 s .c o m*/ flag = false; } } } } String bar = org.apache.commons.lang.StringEscapeUtils.escapeHtml(param); byte[] input = new byte[1000]; String str = "?"; Object inputParam = param; if (inputParam instanceof String) str = ((String) inputParam); if (inputParam instanceof java.io.InputStream) { int i = ((java.io.InputStream) inputParam).read(input); if (i == -1) { response.getWriter().println( "This input source requires a POST, not a GET. Incompatible UI for the InputStream source."); return; } str = new String(input, 0, i); } javax.servlet.http.Cookie cookie = new javax.servlet.http.Cookie("SomeCookie", str); cookie.setSecure(false); response.addCookie(cookie); response.getWriter().println("Created cookie: 'SomeCookie': with value: '" + org.owasp.esapi.ESAPI.encoder().encodeForHTML(str) + "' and secure flag set to: false"); }