List of usage examples for javax.servlet.http HttpServletRequest getRequestedSessionId
public String getRequestedSessionId();
From source file:org.apereo.portal.spring.security.preauth.PortalPreAuthenticatedProcessingFilter.java
private void doPortalAuthentication(final HttpServletRequest request, final org.springframework.security.core.Authentication originalAuthentication) { IdentitySwapHelper identitySwapHelper = null; final String requestedSessionId = request.getRequestedSessionId(); if (request.isRequestedSessionIdValid()) { if (logger.isDebugEnabled()) { logger.debug("doPortalAuthentication for valid requested session id " + requestedSessionId); }/*from w ww .j ava 2 s .c om*/ identitySwapHelper = getIdentitySwapDataAndInvalidateSession(request, originalAuthentication); } else { if (logger.isTraceEnabled()) { logger.trace("Requested session id " + requestedSessionId + " was not valid " + "so no attempt to apply swapping rules."); } } HttpSession s = request.getSession(true); IPerson person = null; try { final HashMap<String, String> principals; final HashMap<String, String> credentials; person = personManager.getPerson(request); if (identitySwapHelper != null && identitySwapHelper.isSwapOrUnswapRequest()) { this.handleIdentitySwap(person, s, identitySwapHelper); principals = new HashMap<String, String>(); credentials = new HashMap<String, String>(); } //Norm authN path else { // WE grab all of the principals and credentials from the request and load // them into their respective HashMaps. principals = getPropertyFromRequest(principalTokens, request); credentials = getPropertyFromRequest(credentialTokens, request); } // Attempt to authenticate using the incoming request authenticationService.authenticate(request, principals, credentials, person); } catch (Exception e) { // Log the exception logger.error("Exception authenticating the request", e); // Reset everything request.getSession(false).invalidate(); // Add the authentication failure request.getSession(true).setAttribute(LoginController.AUTH_ERROR_KEY, Boolean.TRUE); } this.publishProfileSelectionEvent(person, request, identitySwapHelper); }
From source file:org.browsermob.proxy.jetty.jetty.servlet.AbstractSessionManager.java
private String newSessionId(HttpServletRequest request, long created) { synchronized (__allSessions) { // A requested session ID can only be used if it is in the global map of // ID but not in this contexts map. Ie it is an ID in use by another context // in this server and thus we are doing a cross context dispatch. if (_crossContextSessionIDs) { String requested_id = (String) request.getAttribute(__NEW_SESSION_ID); if (requested_id == null) requested_id = request.getRequestedSessionId(); if (requested_id != null && requested_id != null && __allSessions.containsKey(requested_id) && !_sessions.containsKey(requested_id)) return requested_id; }/*from w w w. j ava 2 s . co m*/ // pick a new unique ID! String id = null; while (id == null || id.length() == 0 || __allSessions.containsKey(id)) { long r = _weakRandom ? (hashCode() ^ Runtime.getRuntime().freeMemory() ^ _random.nextInt() ^ (((long) request.hashCode()) << 32)) : _random.nextLong(); r ^= created; if (request != null && request.getRemoteAddr() != null) r ^= request.getRemoteAddr().hashCode(); if (r < 0) r = -r; id = Long.toString(r, 36); String worker = (String) request.getAttribute("org.browsermob.proxy.jetty.http.ajp.JVMRoute"); if (worker != null) id += "." + worker; else if (_workerName != null) id += "." + _workerName; } return id; } }
From source file:org.codelabor.system.security.web.filter.SessionValidationFilter.java
@Override public void preprocessFilterChain(ServletRequest request, ServletResponse response) throws IOException, ServletException { HttpServletRequest httpServletRequest = (HttpServletRequest) request; String requestURI = httpServletRequest.getRequestURI(); String requestedSessionId = httpServletRequest.getRequestedSessionId(); boolean isRequestedSessionIdValid = httpServletRequest.isRequestedSessionIdValid(); logger.debug("requestURI: {}", requestURI); logger.debug("requestedSessionId: {}", requestedSessionId); logger.debug("isRequestedSessionIdValid: {}", isRequestedSessionIdValid); if (StringUtils.isNotBlank(requestedSessionId) && isRequestedSessionIdValid && isSessionValid(request)) { logger.debug("session id is valid: {}", requestedSessionId); } else {//from w w w . j a va 2 s .c om logger.error("session id is invalid: {}", requestedSessionId); logger.error("forward to expiredURL: {}", expiredURL); RequestDispatcher dispatcher = request.getRequestDispatcher(expiredURL); HttpSession httpSession = httpServletRequest.getSession(); httpSession.setAttribute(RequestConstants.REQUEST_URI, requestURI); httpSession.setAttribute(RequestConstants.REQUEST_ATTRIBUTE_MAP, RequestUtils.getAttributeMap(httpServletRequest)); httpSession.setAttribute(RequestConstants.REQUEST_PARAMETER_MAP, RequestUtils.getParameterMap(httpServletRequest)); logger.debug("current session id: {}", httpSession.getId()); dispatcher.forward(request, response); } }
From source file:org.dbflute.saflute.web.servlet.filter.RequestLoggingFilter.java
protected void buildRequestInfo(StringBuilder sb, HttpServletRequest request, HttpServletResponse response, boolean showResponse) { sb.append("Request class=" + request.getClass().getName()); sb.append(", RequestedSessionId=").append(request.getRequestedSessionId()); sb.append(LF).append(IND);//from w ww. ja va 2s . c o m sb.append(", REQUEST_URI=").append(request.getRequestURI()); sb.append(", SERVLET_PATH=").append(request.getServletPath()); sb.append(", CharacterEncoding=" + request.getCharacterEncoding()); sb.append(", ContentLength=").append(request.getContentLength()); sb.append(LF).append(IND); sb.append(", ContentType=").append(request.getContentType()); sb.append(", Locale=").append(request.getLocale()); sb.append(", Locales="); final Enumeration<?> locales = request.getLocales(); boolean first = true; while (locales.hasMoreElements()) { final Locale locale = (Locale) locales.nextElement(); if (first) { first = false; } else { sb.append(", "); } sb.append(locale.toString()); } sb.append(", Scheme=").append(request.getScheme()); sb.append(", isSecure=").append(request.isSecure()); sb.append(LF).append(IND); sb.append(", SERVER_PROTOCOL=").append(request.getProtocol()); sb.append(", REMOTE_ADDR=").append(request.getRemoteAddr()); sb.append(", REMOTE_HOST=").append(request.getRemoteHost()); sb.append(", SERVER_NAME=").append(request.getServerName()); sb.append(", SERVER_PORT=").append(request.getServerPort()); sb.append(LF).append(IND); sb.append(", ContextPath=").append(request.getContextPath()); sb.append(", REQUEST_METHOD=").append(request.getMethod()); sb.append(", PathInfo=").append(request.getPathInfo()); sb.append(", RemoteUser=").append(request.getRemoteUser()); sb.append(LF).append(IND); sb.append(", REQUEST_URL=").append(request.getRequestURL()); sb.append(LF).append(IND); sb.append(", QUERY_STRING=").append(request.getQueryString()); if (showResponse) { sb.append(LF).append(IND); buildResponseInfo(sb, request, response); } sb.append(LF); buildRequestHeaders(sb, request); buildRequestParameters(sb, request); buildCookies(sb, request); buildRequestAttributes(sb, request); buildSessionAttributes(sb, request); }
From source file:org.directwebremoting.dwrp.PollHandler.java
/** * Check that this request is not subject to a CSRF attack * @param request The original browser's request * @param bodySessionId The session id /*from w w w.j av a 2s .com*/ */ private void checkNotCsrfAttack(HttpServletRequest request, String bodySessionId) { // A check to see that this isn't a csrf attack // http://en.wikipedia.org/wiki/Cross-site_request_forgery // http://www.tux.org/~peterw/csrf.txt if (request.isRequestedSessionIdValid() && request.isRequestedSessionIdFromCookie()) { String headerSessionId = request.getRequestedSessionId(); if (headerSessionId.length() > 0) { // Normal case; if same session cookie is supplied by DWR and // in HTTP header then all is ok if (headerSessionId.equals(bodySessionId)) { return; } // Weblogic adds creation time to the end of the incoming // session cookie string (even for request.getRequestedSessionId()). // Use the raw cookie instead Cookie[] cookies = request.getCookies(); for (int i = 0; i < cookies.length; i++) { Cookie cookie = cookies[i]; if (cookie.getName().equals(sessionCookieName) && cookie.getValue().equals(bodySessionId)) { return; } } // Otherwise error log.error("A request has been denied as a potential CSRF attack."); throw new SecurityException("Session Error"); } } }
From source file:org.impalaframework.web.utils.WebPathUtils.java
public static void maybeLogRequest(HttpServletRequest request, Log logger) { if (logger.isDebugEnabled()) { logger.debug("Request context path: " + request.getContextPath()); logger.debug("Request local address: " + request.getLocalAddr()); logger.debug("Request local name: " + request.getLocalName()); logger.debug("Request path info: " + request.getPathInfo()); logger.debug("Request path translated: " + request.getPathTranslated()); logger.debug("Request query string: " + request.getQueryString()); logger.debug("Request servlet path: " + request.getServletPath()); logger.debug("Request request URI: " + request.getRequestURI()); logger.debug("Request request URL: " + request.getRequestURL()); logger.debug("Request session ID: " + request.getRequestedSessionId()); }// www. j av a 2 s.c o m }
From source file:org.jahia.bin.errors.ErrorLoggingFilter.java
/** * Returns the request information for logging purposes. * * @param request the http request object * @return the request information for logging purposes *///from w w w . ja v a2 s . c om private static String getRequestInfo(HttpServletRequest request) { StringBuilder info = new StringBuilder(512); if (request != null) { String uri = (String) request.getAttribute("javax.servlet.error.request_uri"); String queryString = (String) request.getAttribute("javax.servlet.forward.query_string"); if (StringUtils.isNotEmpty(queryString)) { uri = uri + "?" + queryString; } info.append("Request information:").append("\nURL: ").append(uri).append("\nMethod: ") .append(request.getMethod()).append("\nProtocol: ").append(request.getProtocol()) .append("\nRemote host: ").append(request.getRemoteHost()).append("\nRemote address: ") .append(request.getRemoteAddr()).append("\nRemote port: ").append(request.getRemotePort()) .append("\nRemote user: ").append(request.getRemoteUser()).append("\nSession ID: ") .append(request.getRequestedSessionId()).append("\nSession user: ").append(getUserInfo(request)) .append("\nRequest headers: "); @SuppressWarnings("unchecked") Iterator<String> headerNames = new EnumerationIterator(request.getHeaderNames()); while (headerNames.hasNext()) { String headerName = headerNames.next(); String headerValue = request.getHeader(headerName); info.append("\n ").append(headerName).append(": ").append(headerValue); } } return info.toString(); }
From source file:org.jahia.services.content.files.FileServlet.java
protected void logAccess(FileKey fileKey, HttpServletRequest req, String status) { if (loggingService == null || !loggingService.isEnabled()) { return;//from ww w . ja va 2s . c o m } HttpSession httpSession = req.getSession(false); String sessionID = httpSession != null ? httpSession.getId() : req.getRequestedSessionId(); loggingService.logContentEvent(sessionFactory.getCurrentUser().getName(), req.getRemoteAddr(), sessionID, "", fileKey.getPath(), "", "fileAccessed", status); }
From source file:org.jboss.dashboard.ui.controller.requestChain.SessionInitializer.java
public boolean processRequest() throws Exception { RequestContext requestContext = getRequestContext(); HttpServletRequest request = getHttpRequest(); HttpServletResponse response = getHttpResponse(); HttpSession session = request.getSession(true); // Catch new sessions if (isNewSession(request)) { initSession(request, response);//from w ww . ja v a 2 s . c o m return true; } // Check session expiration if (request.getRequestedSessionId() != null && !request.getRequestedSessionId().equals(session.getId())) { log.debug("Session expiration detected."); requestContext.setResponse(new RedirectToURLResponse(getExpirationRecoveryURL(request))); requestContext.consumeURIPart(requestContext.getURIToBeConsumed()); return false; } return true; }
From source file:org.kuali.coeus.sys.framework.controller.interceptor.SessionExpiredFilter.java
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest hrequest = (HttpServletRequest) request; if (hrequest.getRequestedSessionId() != null && hrequest.isRequestedSessionIdValid() == false) { hrequest.getSession().setAttribute(KeyConstants.SESSION_EXPIRED_IND, new Boolean(true)); } else {//from w w w . j a v a 2s . c om if (hrequest.getSession() != null) { hrequest.getSession().removeAttribute(KeyConstants.SESSION_EXPIRED_IND); } } chain.doFilter(request, response); }