List of usage examples for javax.servlet.http Cookie setSecure
public void setSecure(boolean flag)
From source file:org.owasp.benchmark.testcode.BenchmarkTest01801.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest( request);//from w w w . java 2s . c o m String param = scr.getTheValue("BenchmarkTest01801"); String bar = new Test().doSomething(request, param); try { int randNumber = java.security.SecureRandom.getInstance("SHA1PRNG").nextInt(99); String rememberMeKey = Integer.toString(randNumber); String user = "SafeInga"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); if (cookies != null) { for (int i = 0; !foundUser && i < cookies.length; i++) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); // rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName()); rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet // e.g., /benchmark/sql-01/BenchmarkTest01001 request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } } catch (java.security.NoSuchAlgorithmException e) { System.out.println("Problem executing SecureRandom.nextInt(int) - TestCase"); throw new ServletException(e); } response.getWriter().println("Weak Randomness Test java.security.SecureRandom.nextInt(int) executed"); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest01951.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); String param = ""; if (request.getHeader("BenchmarkTest01951") != null) { param = request.getHeader("BenchmarkTest01951"); }/*from w ww . ja v a 2s. c o m*/ // URL Decode the header value since req.getHeader() doesn't. Unlike req.getParameter(). param = java.net.URLDecoder.decode(param, "UTF-8"); String bar = doSomething(request, param); try { float rand = java.security.SecureRandom.getInstance("SHA1PRNG").nextFloat(); String rememberMeKey = Float.toString(rand).substring(2); // Trim off the 0. at the front. String user = "SafeFloyd"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); if (cookies != null) { for (int i = 0; !foundUser && i < cookies.length; i++) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); // rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName()); rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet // e.g., /benchmark/sql-01/BenchmarkTest01001 request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } } catch (java.security.NoSuchAlgorithmException e) { System.out.println("Problem executing SecureRandom.nextFloat() - TestCase"); throw new ServletException(e); } response.getWriter().println("Weak Randomness Test java.security.SecureRandom.nextFloat() executed"); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest00264.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = ""; boolean flag = true; java.util.Enumeration<String> names = request.getHeaderNames(); while (names.hasMoreElements() && flag) { String name = (String) names.nextElement(); java.util.Enumeration<String> values = request.getHeaders(name); if (values != null) { while (values.hasMoreElements() && flag) { String value = (String) values.nextElement(); if (value.equals("vector")) { param = name;// ww w . java 2s . c om flag = false; } } } } String bar = org.apache.commons.lang.StringEscapeUtils.escapeHtml(param); try { int randNumber = java.security.SecureRandom.getInstance("SHA1PRNG").nextInt(99); String rememberMeKey = Integer.toString(randNumber); String user = "SafeInga"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); for (int i = 0; cookies != null && ++i < cookies.length && !foundUser;) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } } catch (java.security.NoSuchAlgorithmException e) { System.out.println("Problem executing SecureRandom.nextInt(int) - TestCase"); throw new ServletException(e); } response.getWriter().println("Weak Randomness Test java.security.SecureRandom.nextInt(int) executed"); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest01728.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String queryString = request.getQueryString(); String paramval = "vector" + "="; int paramLoc = -1; if (queryString != null) paramLoc = queryString.indexOf(paramval); if (paramLoc == -1) { response.getWriter().println(/* w w w.j a v a2 s . c om*/ "getQueryString() couldn't find expected parameter '" + "vector" + "' in query string."); return; } String param = queryString.substring(paramLoc + paramval.length()); // 1st assume "vector" param is last parameter in query string. // And then check to see if its in the middle of the query string and if so, trim off what comes after. int ampersandLoc = queryString.indexOf("&", paramLoc); if (ampersandLoc != -1) { param = queryString.substring(paramLoc + paramval.length(), ampersandLoc); } param = java.net.URLDecoder.decode(param, "UTF-8"); String bar = new Test().doSomething(param); int randNumber = new java.util.Random().nextInt(99); String rememberMeKey = Integer.toString(randNumber); String user = "Inga"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); for (int i = 0; cookies != null && ++i < cookies.length && !foundUser;) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } response.getWriter().println("Weak Randomness Test java.util.Random.nextInt(int) executed"); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest00745.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); String[] values = request.getParameterValues("BenchmarkTest00745"); String param;//from w ww . j av a 2s . co m if (values != null && values.length > 0) param = values[0]; else param = ""; String bar = org.apache.commons.lang.StringEscapeUtils.escapeHtml(param); try { java.security.SecureRandom secureRandomGenerator = java.security.SecureRandom.getInstance("SHA1PRNG"); // Get 40 random bytes byte[] randomBytes = new byte[40]; secureRandomGenerator.nextBytes(randomBytes); String rememberMeKey = org.owasp.esapi.ESAPI.encoder().encodeForBase64(randomBytes, true); String user = "SafeByron"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); if (cookies != null) { for (int i = 0; !foundUser && i < cookies.length; i++) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); // rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName()); rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet // e.g., /benchmark/sql-01/BenchmarkTest01001 request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } } catch (java.security.NoSuchAlgorithmException e) { System.out.println("Problem executing SecureRandom.nextBytes() - TestCase"); throw new ServletException(e); } finally { response.getWriter().println("Randomness Test java.security.SecureRandom.nextBytes(byte[]) executed"); } }
From source file:org.owasp.benchmark.testcode.BenchmarkTest02575.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String[] values = request.getParameterValues("vector"); String param;// w w w . java 2 s. c o m if (values != null && values.length > 0) param = values[0]; else param = ""; String bar = doSomething(param); try { java.util.Random numGen = java.security.SecureRandom.getInstance("SHA1PRNG"); // Get 40 random bytes byte[] randomBytes = new byte[40]; getNextNumber(numGen, randomBytes); String rememberMeKey = org.owasp.esapi.ESAPI.encoder().encodeForBase64(randomBytes, true); String user = "SafeBystander"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); for (int i = 0; cookies != null && ++i < cookies.length && !foundUser;) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } } catch (java.security.NoSuchAlgorithmException e) { System.out.println("Problem executing SecureRandom.nextBytes() - TestCase"); throw new ServletException(e); } finally { response.getWriter().println("Randomness Test java.security.SecureRandom.nextBytes(byte[]) executed"); } }
From source file:org.owasp.benchmark.testcode.BenchmarkTest01860.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); javax.servlet.http.Cookie[] theCookies = request.getCookies(); String param = "noCookieValueSupplied"; if (theCookies != null) { for (javax.servlet.http.Cookie theCookie : theCookies) { if (theCookie.getName().equals("BenchmarkTest01860")) { param = java.net.URLDecoder.decode(theCookie.getValue(), "UTF-8"); break; }// w w w .j a v a 2 s.co m } } String bar = doSomething(request, param); long l = new java.util.Random().nextLong(); String rememberMeKey = Long.toString(l); String user = "Logan"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); if (cookies != null) { for (int i = 0; !foundUser && i < cookies.length; i++) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); // rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName()); rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet // e.g., /benchmark/sql-01/BenchmarkTest01001 request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } response.getWriter().println("Weak Randomness Test java.util.Random.nextLong() executed"); }
From source file:com.google.acre.script.AcreCookie.java
public Cookie toServletCookie() { Cookie c = new Cookie(name, value); c.setPath(path);//from www.j av a 2 s . c om c.setMaxAge(max_age); if (domain != null) c.setDomain(domain); c.setSecure(secure); return c; }
From source file:org.owasp.benchmark.testcode.BenchmarkTest01370.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); java.util.Map<String, String[]> map = request.getParameterMap(); String param = ""; if (!map.isEmpty()) { String[] values = map.get("BenchmarkTest01370"); if (values != null) param = values[0];// w w w.jav a 2 s .com } String bar = new Test().doSomething(request, param); try { double rand = java.security.SecureRandom.getInstance("SHA1PRNG").nextDouble(); String rememberMeKey = Double.toString(rand).substring(2); // Trim off the 0. at the front. String user = "SafeDonna"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); if (cookies != null) { for (int i = 0; !foundUser && i < cookies.length; i++) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); // rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName()); rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet // e.g., /benchmark/sql-01/BenchmarkTest01001 request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } } catch (java.security.NoSuchAlgorithmException e) { System.out.println("Problem executing SecureRandom.nextDouble() - TestCase"); throw new ServletException(e); } response.getWriter().println("Weak Randomness Test java.security.SecureRandom.nextDouble() executed"); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest02001.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); String param = ""; java.util.Enumeration<String> names = request.getHeaderNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); if (org.owasp.benchmark.helpers.Utils.commonHeaders.contains(name)) { continue; }/*from w w w.j a va2 s . com*/ java.util.Enumeration<String> values = request.getHeaders(name); if (values != null && values.hasMoreElements()) { param = name; break; } } // Note: We don't URL decode header names because people don't normally do that String bar = doSomething(request, param); float rand = new java.util.Random().nextFloat(); String rememberMeKey = Float.toString(rand).substring(2); // Trim off the 0. at the front. String user = "Floyd"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); if (cookies != null) { for (int i = 0; !foundUser && i < cookies.length; i++) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); // rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName()); rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet // e.g., /benchmark/sql-01/BenchmarkTest01001 request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } response.getWriter().println("Weak Randomness Test java.util.Random.nextFloat() executed"); }