List of usage examples for javax.servlet.http HttpServletRequest getRequestedSessionId
public String getRequestedSessionId();
From source file:org.unitedinternet.cosmo.dav.servlet.StandardRequestHandler.java
private void dumpRequest(HttpServletRequest req) { if (!LOG.isTraceEnabled()) { return;//from ww w.ja v a2 s. co m } StringBuffer sb = new StringBuffer("\n------------------------ Dump of request -------------------\n"); try { Enumeration<String> names = req.getHeaderNames(); sb.append("Request headers:\n"); while (names.hasMoreElements()) { String key = names.nextElement(); String val = req.getHeader(key); sb.append(" ").append(key).append(" = \"").append(val).append("\"\n"); } names = req.getParameterNames(); String title = "Request parameters"; sb.append(title).append(" - global info and uris:").append("\n"); sb.append("getMethod = ").append(req.getMethod()).append("\n"); sb.append("getRemoteAddr = ").append(req.getRemoteAddr()).append("\n"); sb.append("getRequestURI = ").append(req.getRequestURI()).append("\n"); sb.append("getRemoteUser = ").append(req.getRemoteUser()).append("\n"); sb.append("getRequestedSessionId = ").append(req.getRequestedSessionId()).append("\n"); sb.append("HttpUtils.getRequestURL(req) = ").append(req.getRequestURL()).append("\n"); sb.append("contextPath=").append(req.getContextPath()).append("\n"); sb.append("query=").append(req.getQueryString()).append("\n"); sb.append("contentlen=").append(req.getContentLength()).append("\n"); sb.append("request=").append(req).append("\n"); sb.append(title).append(":\n"); while (names.hasMoreElements()) { String key = (String) names.nextElement(); String val = req.getParameter(key); sb.append(" ").append(key).append(" = \"").append(val).append("\"").append("\n"); } sb.append("Request attributes:\n"); for (Enumeration<String> e = req.getAttributeNames(); e.hasMoreElements();) { String key = (String) e.nextElement(); Object val = req.getAttribute(key); sb.append(" ").append(key).append(" = \"").append(val).append("\"").append("\n"); } } catch (Exception e) { LOG.error("Error on dumpRequest class StandardRequestHandler " + e); } sb.append("------------------------ End dump of request -------------------"); //Fix Log Forging - java fortify //Writing unvalidated user input to log files can allow an attacker to forge log entries or //inject malicious content into the logs. LOG.trace(sb.toString()); }
From source file:org.wings.session.PortletWingServlet.java
public final PortletSessionServlet getSessionServlet(HttpServletRequest request, HttpServletResponse response, boolean createSessionServlet) throws ServletException { // WingS-Portlet-Bridge: for the bridge we are using the portletSession to // seperate between the instances of one portlet through the portlet scope RenderRequest renderRequest = (RenderRequest) request.getAttribute(Const.REQUEST_ATTR_RENDER_REQUEST); if (renderRequest == null) { log.error("WingS-Portlet-Bridge: cant get RenderRequest because " + "the request attribute " + Const.REQUEST_ATTR_RENDER_REQUEST + " is null!"); }/*from w ww .ja v a2s .c o m*/ final PortletSession portletSession = renderRequest.getPortletSession(); // WingS-Portlet-Bridge: get the wings mainclass for current mode String lookupName = "SessionServlet"; lookupName = "SessionServlet:" + (String) renderRequest.getAttribute(Const.REQUEST_ATTR_WINGS_CLASS); log.info("WingS-Portlet-Bridge: loaded mainclass " + lookupName + " for PortletSessionServlet identificaction"); // it should be enough to synchronize on the http session object... synchronized (portletSession) { PortletSessionServlet sessionServlet = null; if (portletSession != null) { // WingS-Portlet-Bridge: changed for portlet scope sessionServlet = (PortletSessionServlet) portletSession.getAttribute(lookupName, PortletSession.PORTLET_SCOPE); } // Sanity check - maybe this is a stored/deserialized session servlet? if (sessionServlet != null && !sessionServlet.isValid()) { sessionServlet.destroy(); sessionServlet = null; log.debug("session servlet exists but is not valid"); } /* * we are only interested in a new session, if the response is * not null. If it is null, then we just called getSessionServlet() * for lookup purposes and are satisfied, if we don't get anything. */ if (sessionServlet == null) { if (createSessionServlet) { log.info("no session servlet, create new one"); sessionServlet = newSession(request, response); portletSession.setAttribute(lookupName, sessionServlet, PortletSession.PORTLET_SCOPE); } else { return null; } } if (log.isDebugEnabled()) { StringBuilder message = new StringBuilder().append("session id: ") .append(request.getRequestedSessionId()).append(", created at: ") .append(DateFormat.getDateTimeInstance(DateFormat.SHORT, DateFormat.SHORT) .format(new java.util.Date(portletSession.getCreationTime()))) .append(", identified via:") .append(request.isRequestedSessionIdFromCookie() ? " cookie" : "") .append(request.isRequestedSessionIdFromURL() ? " URL" : "").append(", expiring after: ") .append(portletSession.getMaxInactiveInterval()).append("s "); log.debug(message.toString()); //log.debug("session valid " + request.isRequestedSessionIdValid()); //log.debug("session httpsession id " + httpSession.getId()); //log.debug("session httpsession new " + httpSession.isNew()); //log.debug("session last accessed at " + // new java.util.Date(httpSession.getLastAccessedTime())); //log.debug("session expiration timeout (s) " + // httpSession.getMaxInactiveInterval()); //log.debug("session contains wings session " + // (httpSession.getAttribute(lookupName) != null)); } sessionServlet.getSession().getExternalizeManager().setResponse(response); /* Handling of the requests character encoding. * -------------------------------------------- * The following block is needed for a correct handling of * non-ISO-8859-1 data: * * Using LocaleCharacterSet and/or charset.properties we can * advise the client to use i.e. UTF-8 as character encoding. * Once told the browser consequently also encodes his requests * in the choosen characterset of the sings session. This is * achieved by adding the HTML code * <meta http-equiv="Content-Type" content="text/html;charset="<charset>"> * to the generated pages. * * If the user hasn't overridden the encoding in their browser, * then all form data (e.g. mueller) is submitted with data encoded * like m%C3%BCller because byte pair C3 BC is how the german * u-umlaut is represented in UTF-8. If the form is * iso-8859-1 encoded then you get m%FCller, because byte FC is * how it is presented in iso-8859-1. * * So the browser behaves correctly by sending his form input * correctly encoded in the advised character encoding. The issue * is that the servlet container is typically unable to determine * the correct encoding of this form data. By proposal the browser * should als declare the used character encoding for his data. * But actual browsers omit this information and hence the servlet * container is unable to guess the right encoding (Tomcat actually * thenalways guesses ISO 8859-1). This results in totally * scrumbled up data for all non ISO-8859-1 character encodings. * With the block below we tell the servlet container about the * character encoding we expect in the browsers request and hence * the servlet container can do the correct decoding. * This has to be done at very first, otherwise the servlet * container will ignore this setting. */ if ((request.getCharacterEncoding() == null)) { // was servlet container able to identify encoding? try { String sessionCharacterEncoding = sessionServlet.getSession().getCharacterEncoding(); // We know better about the used character encoding than tomcat log.debug("Advising servlet container to interpret request as " + sessionCharacterEncoding); request.setCharacterEncoding(sessionCharacterEncoding); } catch (UnsupportedEncodingException e) { log.warn("Problem on applying current session character encoding", e); } } return sessionServlet; } }
From source file:org.wings.session.WingServlet.java
public final SessionServlet getSessionServlet(HttpServletRequest request, HttpServletResponse response, boolean createSessionServlet) throws ServletException { final HttpSession httpSession = request.getSession(true); // it should be enough to synchronize on the http session object... synchronized (httpSession) { SessionServlet sessionServlet = null; if (httpSession != null) { sessionServlet = (SessionServlet) httpSession.getAttribute(lookupName); }//from w w w .ja v a2s . co m // Sanity check - maybe this is a stored/deserialized session servlet? if (sessionServlet != null && !sessionServlet.isValid()) { sessionServlet.destroy(); sessionServlet = null; } /* * we are only interested in a new session, if the response is * not null. If it is null, then we just called getSessionServlet() * for lookup purposes and are satisfied, if we don't get anything. */ if (sessionServlet == null) { if (createSessionServlet) { log.info("no session servlet, create new one"); sessionServlet = newSession(request, response); httpSession.setAttribute(lookupName, sessionServlet); } else { return null; } } if (log.isDebugEnabled()) { StringBuilder message = new StringBuilder().append("session id: ") .append(request.getRequestedSessionId()).append(", created at: ") .append(DateFormat.getDateTimeInstance(DateFormat.SHORT, DateFormat.SHORT) .format(new java.util.Date(httpSession.getCreationTime()))) .append(", identified via:") .append(request.isRequestedSessionIdFromCookie() ? " cookie" : "") .append(request.isRequestedSessionIdFromURL() ? " URL" : "").append(", expiring after: ") .append(httpSession.getMaxInactiveInterval()).append("s "); log.debug(message.toString()); //log.debug("session valid " + request.isRequestedSessionIdValid()); //log.debug("session httpsession id " + httpSession.getId()); //log.debug("session httpsession new " + httpSession.isNew()); //log.debug("session last accessed at " + // new java.util.Date(httpSession.getLastAccessedTime())); //log.debug("session expiration timeout (s) " + // httpSession.getMaxInactiveInterval()); //log.debug("session contains wings session " + // (httpSession.getAttribute(lookupName) != null)); } sessionServlet.getSession().getExternalizeManager().setResponse(response); /* Handling of the requests character encoding. * -------------------------------------------- * The following block is needed for a correct handling of * non-ISO-8859-1 data: * * Using LocaleCharacterSet and/or charset.properties we can * advise the client to use i.e. UTF-8 as character encoding. * Once told the browser consequently also encodes his requests * in the choosen characterset of the sings session. This is * achieved by adding the HTML code * <meta http-equiv="Content-Type" content="text/html;charset="<charset>"> * to the generated pages. * * If the user hasn't overridden the encoding in their browser, * then all form data (e.g. mueller) is submitted with data encoded * like m%C3%BCller because byte pair C3 BC is how the german * u-umlaut is represented in UTF-8. If the form is * iso-8859-1 encoded then you get m%FCller, because byte FC is * how it is presented in iso-8859-1. * * So the browser behaves correctly by sending his form input * correctly encoded in the advised character encoding. The issue * is that the servlet container is typically unable to determine * the correct encoding of this form data. By proposal the browser * should als declare the used character encoding for his data. * But actual browsers omit this information and hence the servlet * container is unable to guess the right encoding (Tomcat actually * thenalways guesses ISO 8859-1). This results in totally * scrumbled up data for all non ISO-8859-1 character encodings. * With the block below we tell the servlet container about the * character encoding we expect in the browsers request and hence * the servlet container can do the correct decoding. * This has to be done at very first, otherwise the servlet * container will ignore this setting. */ if ((request.getCharacterEncoding() == null)) { // was servlet container able to identify encoding? try { String sessionCharacterEncoding = sessionServlet.getSession().getCharacterEncoding(); // We know better about the used character encoding than tomcat log.debug("Advising servlet container to interpret request as " + sessionCharacterEncoding); request.setCharacterEncoding(sessionCharacterEncoding); } catch (UnsupportedEncodingException e) { log.warn("Problem on applying current session character encoding", e); } } return sessionServlet; } }
From source file:org.yawlfoundation.yawl.monitor.jsf.SessionTimeoutFilter.java
private boolean isInvalidSession(HttpServletRequest httpServletRequest) { return (httpServletRequest.getRequestedSessionId() != null) && !httpServletRequest.isRequestedSessionIdValid(); }
From source file:org.zilverline.web.RequestDumperFilter.java
/** * Time the processing that is performed by all subsequent filters in the current filter stack, including the ultimately invoked * servlet./*from w w w . j a va 2 s .c o m*/ * * @param request The servlet request we are processing * @param response The servlet response we are creating * @param chain The filter chain we are processing * * @exception IOException if an input/output error occurs * @exception ServletException if a servlet error occurs */ public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { if (filterConfig == null) { return; } log.debug("Request Received at " + (new Timestamp(System.currentTimeMillis()))); log.debug(" characterEncoding=" + request.getCharacterEncoding()); log.debug(" contentLength=" + request.getContentLength()); log.debug(" contentType=" + request.getContentType()); log.debug(" locale=" + request.getLocale()); Enumeration locales = request.getLocales(); StringBuffer localesBuffer = new StringBuffer(" locales="); boolean first = true; while (locales.hasMoreElements()) { Locale locale = (Locale) locales.nextElement(); if (first) { first = false; } else { localesBuffer.append(", "); } localesBuffer.append(locale.toString()); } log.debug(localesBuffer); Enumeration names = request.getParameterNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); StringBuffer paramsBuffer = new StringBuffer(); paramsBuffer.append(" parameter=" + name + "="); String[] values = request.getParameterValues(name); for (int i = 0; i < values.length; i++) { if (i > 0) { paramsBuffer.append(", "); } paramsBuffer.append(values[i]); } log.debug(paramsBuffer); } log.debug(" protocol=" + request.getProtocol()); log.debug(" remoteAddr=" + request.getRemoteAddr()); log.debug(" remoteHost=" + request.getRemoteHost()); log.debug(" scheme=" + request.getScheme()); log.debug(" serverName=" + request.getServerName()); log.debug(" serverPort=" + request.getServerPort()); log.debug(" isSecure=" + request.isSecure()); // Render the HTTP servlet request properties if (request instanceof HttpServletRequest) { log.debug("---------------------------------------------"); HttpServletRequest hrequest = (HttpServletRequest) request; log.debug(" contextPath=" + hrequest.getContextPath()); Cookie[] cookies = hrequest.getCookies(); if (cookies == null) { cookies = new Cookie[0]; } for (int i = 0; i < cookies.length; i++) { log.debug(" cookie=" + cookies[i].getName() + "=" + cookies[i].getValue()); } names = hrequest.getHeaderNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); String value = hrequest.getHeader(name); log.debug(" header=" + name + "=" + value); } log.debug(" method=" + hrequest.getMethod()); log.debug(" pathInfo=" + hrequest.getPathInfo()); log.debug(" queryString=" + hrequest.getQueryString()); log.debug(" remoteUser=" + hrequest.getRemoteUser()); log.debug("requestedSessionId=" + hrequest.getRequestedSessionId()); log.debug(" requestURI=" + hrequest.getRequestURI()); log.debug(" servletPath=" + hrequest.getServletPath()); } log.debug("============================================="); // Pass control on to the next filter chain.doFilter(request, response); }
From source file:unUtils.ActionError.java
@Override public Object doAction(WikittyPublicationContext context) { error.printStackTrace();// w ww. j av a 2 s .c o m HttpServletRequest req = context.getRequest(); String result = "<html><body>Error: " + "<br>context: " + context + "<br>" + "<br>getContextPath: " + req.getContextPath() + "<br>getMethod: " + req.getMethod() + "<br>getPathInfo: " + req.getPathInfo() + "<br>getPathTranslated: " + req.getPathTranslated() + "<br>getQueryString: " + req.getQueryString() + "<br>getRemoteUser: " + req.getRemoteUser() + "<br>getRequestURI: " + req.getRequestURI() + "<br>getRequestURI: " + req.getRequestURI() + "<br>getRequestedSessionId: " + req.getRequestedSessionId() + "<br>getServletPath: " + req.getServletPath() + "<br>getCharacterEncoding: " + req.getCharacterEncoding() + "<br>getContentType: " + req.getContentType() + "<br>getLocalAddr: " + req.getLocalAddr() + "<br>getLocalName: " + req.getLocalName() + "<br>getProtocol: " + req.getProtocol() + "<br>getRemoteAddr: " + req.getRemoteAddr() + "<br>getRemoteHost: " + req.getRemoteHost() + "<br>getScheme: " + req.getScheme() + "<br>getServerName: " + req.getServerName() + "<br>" + "<br>error:<pre>" + StringEscapeUtils.escapeHtml(ExceptionUtil.stackTrace(error)) + "</pre>" + "</body></html>"; return result; }