List of usage examples for javax.servlet.http Cookie setSecure
public void setSecure(boolean flag)
From source file:org.owasp.benchmark.testcode.BenchmarkTest01359.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); java.util.Map<String, String[]> map = request.getParameterMap(); String param = ""; if (!map.isEmpty()) { String[] values = map.get("BenchmarkTest01359"); if (values != null) param = values[0];//from w ww . ja va 2 s . c o m } String bar = new Test().doSomething(request, param); byte[] input = new byte[1000]; String str = "?"; Object inputParam = param; if (inputParam instanceof String) str = ((String) inputParam); if (inputParam instanceof java.io.InputStream) { int i = ((java.io.InputStream) inputParam).read(input); if (i == -1) { response.getWriter().println( "This input source requires a POST, not a GET. Incompatible UI for the InputStream source."); return; } str = new String(input, 0, i); } if ("".equals(str)) str = "No cookie value supplied"; javax.servlet.http.Cookie cookie = new javax.servlet.http.Cookie("SomeCookie", str); cookie.setSecure(true); // cookie.setPath("/benchmark/" + this.getClass().getSimpleName()); cookie.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet // e.g., /benchmark/sql-01/BenchmarkTest01001 response.addCookie(cookie); response.getWriter().println("Created cookie: 'SomeCookie': with value: '" + org.owasp.esapi.ESAPI.encoder().encodeForHTML(str) + "' and secure flag set to: true"); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest02066.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); String param = ""; java.util.Enumeration<String> headers = request.getHeaders("BenchmarkTest02066"); if (headers != null && headers.hasMoreElements()) { param = headers.nextElement(); // just grab first element }/* w ww. ja va 2 s . c o m*/ // URL Decode the header value since req.getHeaders() doesn't. Unlike req.getParameters(). param = java.net.URLDecoder.decode(param, "UTF-8"); String bar = doSomething(request, param); byte[] input = new byte[1000]; String str = "?"; Object inputParam = param; if (inputParam instanceof String) str = ((String) inputParam); if (inputParam instanceof java.io.InputStream) { int i = ((java.io.InputStream) inputParam).read(input); if (i == -1) { response.getWriter().println( "This input source requires a POST, not a GET. Incompatible UI for the InputStream source."); return; } str = new String(input, 0, i); } if ("".equals(str)) str = "No cookie value supplied"; javax.servlet.http.Cookie cookie = new javax.servlet.http.Cookie("SomeCookie", str); cookie.setSecure(true); // cookie.setPath("/benchmark/" + this.getClass().getSimpleName()); cookie.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet // e.g., /benchmark/sql-01/BenchmarkTest01001 response.addCookie(cookie); response.getWriter().println("Created cookie: 'SomeCookie': with value: '" + org.owasp.esapi.ESAPI.encoder().encodeForHTML(str) + "' and secure flag set to: true"); }
From source file:de.sainth.recipe.backend.security.AuthFilter.java
private Cookie createCookie(RecipeManagerAuthenticationToken authentication, boolean secure) { String newToken = Jwts.builder() // .compressWith(new GzipCompressionCodec()) .setSubject(authentication.getPrincipal().toString()) .setExpiration(/*from w w w . j a va2 s. c om*/ Date.from(LocalDateTime.now().plusMinutes(30).atZone(ZoneId.systemDefault()).toInstant())) .claim(TOKEN_ROLE, authentication.getAuthorities().get(0).getAuthority()).setIssuedAt(new Date()) .signWith(SignatureAlgorithm.HS256, key).compact(); Cookie cookie = new Cookie(COOKIE_NAME, newToken); cookie.setSecure(secure); cookie.setHttpOnly(true); cookie.setMaxAge(30 * 60); return cookie; }
From source file:org.owasp.benchmark.testcode.BenchmarkTest01187.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); String param = ""; java.util.Enumeration<String> headers = request.getHeaders("BenchmarkTest01187"); if (headers != null && headers.hasMoreElements()) { param = headers.nextElement(); // just grab first element }/* ww w.j a v a 2s. c om*/ // URL Decode the header value since req.getHeaders() doesn't. Unlike req.getParameters(). param = java.net.URLDecoder.decode(param, "UTF-8"); String bar = new Test().doSomething(request, param); byte[] input = new byte[1000]; String str = "?"; Object inputParam = param; if (inputParam instanceof String) str = ((String) inputParam); if (inputParam instanceof java.io.InputStream) { int i = ((java.io.InputStream) inputParam).read(input); if (i == -1) { response.getWriter().println( "This input source requires a POST, not a GET. Incompatible UI for the InputStream source."); return; } str = new String(input, 0, i); } if ("".equals(str)) str = "No cookie value supplied"; javax.servlet.http.Cookie cookie = new javax.servlet.http.Cookie("SomeCookie", str); cookie.setSecure(false); // cookie.setPath("/benchmark/" + this.getClass().getSimpleName()); cookie.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet // e.g., /benchmark/sql-01/BenchmarkTest01001 response.addCookie(cookie); response.getWriter().println("Created cookie: 'SomeCookie': with value: '" + org.owasp.esapi.ESAPI.encoder().encodeForHTML(str) + "' and secure flag set to: false"); }
From source file:org.geonetwork.http.SessionTimeoutCookieFilter.java
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain filterChain) throws IOException, ServletException { HttpServletResponse httpResp = (HttpServletResponse) resp; HttpServletRequest httpReq = (HttpServletRequest) req; HttpSession session = httpReq.getSession(false); //If we are not being accessed by a bot/crawler if (session != null) { long currTime = System.currentTimeMillis(); Cookie cookie = new Cookie("serverTime", "" + currTime); cookie.setPath("/"); cookie.setSecure(req.getServletContext().getSessionCookieConfig().isSecure()); httpResp.addCookie(cookie);//from w w w .j a v a 2s . co m UserSession userSession = null; if (session != null) { Object tmp = session.getAttribute(JeevesServlet.USER_SESSION_ATTRIBUTE_KEY); if (tmp instanceof UserSession) { userSession = (UserSession) tmp; } } // If user is authenticated, then set expiration time if (userSession != null && StringUtils.isNotEmpty(userSession.getName())) { long expiryTime = currTime + session.getMaxInactiveInterval() * 1000; cookie = new Cookie("sessionExpiry", "" + expiryTime); } else { cookie = new Cookie("sessionExpiry", "" + currTime); } cookie.setPath("/"); cookie.setSecure(req.getServletContext().getSessionCookieConfig().isSecure()); httpResp.addCookie(cookie); } filterChain.doFilter(req, resp); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest00888.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest( request);// w w w . j a v a 2s . c om String param = scr.getTheValue("vector"); String bar = org.apache.commons.lang.StringEscapeUtils.escapeHtml(param); double value = java.lang.Math.random(); String rememberMeKey = Double.toString(value).substring(2); // Trim off the 0. at the front. String user = "Doug"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); for (int i = 0; cookies != null && ++i < cookies.length && !foundUser;) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } response.getWriter().println("Weak Randomness Test java.lang.Math.random() executed"); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest00422.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = request.getParameter("vector"); if (param == null) param = ""; String bar = org.apache.commons.lang.StringEscapeUtils.escapeHtml(param); int r = new java.util.Random().nextInt(); String rememberMeKey = Integer.toString(r); String user = "Ingrid"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber;/*from w ww . j av a2s . co m*/ String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); for (int i = 0; cookies != null && ++i < cookies.length && !foundUser;) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } response.getWriter().println("Weak Randomness Test java.util.Random.nextInt() executed"); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest00320.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = ""; java.util.Enumeration<String> headers = request.getHeaders("vector"); if (headers.hasMoreElements()) { param = headers.nextElement(); // just grab first element }/*from www.ja v a2 s. co m*/ String bar = org.apache.commons.lang.StringEscapeUtils.escapeHtml(param); long l = new java.util.Random().nextLong(); String rememberMeKey = Long.toString(l); String user = "Logan"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); for (int i = 0; cookies != null && ++i < cookies.length && !foundUser;) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } response.getWriter().println("Weak Randomness Test java.util.Random.nextLong() executed"); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest00665.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest( request);/* w w w. j av a 2s . co m*/ String param = scr.getTheParameter("vector"); if (param == null) param = ""; String bar = org.apache.commons.lang.StringEscapeUtils.escapeHtml(param); double stuff = new java.util.Random().nextGaussian(); String rememberMeKey = Double.toString(stuff).substring(2); // Trim off the 0. at the front. String user = "Gayle"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); for (int i = 0; cookies != null && ++i < cookies.length && !foundUser;) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } response.getWriter().println("Weak Randomness Test java.util.Random.nextGaussian() executed"); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest00667.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest( request);/* w w w .ja v a 2 s .c o m*/ String param = scr.getTheParameter("vector"); if (param == null) param = ""; String bar = org.apache.commons.lang.StringEscapeUtils.escapeHtml(param); int randNumber = new java.util.Random().nextInt(99); String rememberMeKey = Integer.toString(randNumber); String user = "Inga"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); for (int i = 0; cookies != null && ++i < cookies.length && !foundUser;) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } response.getWriter().println("Weak Randomness Test java.util.Random.nextInt(int) executed"); }