List of usage examples for javax.servlet.http HttpServletRequest isRequestedSessionIdFromUrl
@Deprecated public boolean isRequestedSessionIdFromUrl();
From source file:se.trillian.goodies.web.DisableSessionIdInUrlFilterTest.java
public void testSessionIdInRequestUrlIsRemoved() throws Exception { request.setServerName("www.example.com"); request.setRequestURI("/index.html;jsessionid=1047kv5xa62lf"); request.setRequestedSessionIdFromURL(true); final boolean[] called = new boolean[] { false }; filter.doFilter(request, response, new FilterChain() { public void doFilter(ServletRequest req, ServletResponse res) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; assertFalse(request.isRequestedSessionIdFromURL()); assertEquals("/index.html", request.getRequestURI()); assertEquals("http://www.example.com:80/index.html", request.getRequestURL().toString()); called[0] = true;// w w w . ja va 2 s. c om } }); assertTrue(called[0]); }
From source file:com.fiveamsolutions.nci.commons.web.filter.SessionFixationProtectionFilter.java
/** * {@inheritDoc}//w w w. j ava 2s. co m */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest hReq = (HttpServletRequest) request; HttpServletResponse hResp = (HttpServletResponse) response; if (hReq.isRequestedSessionIdFromURL()) { String requestUrl = hReq.getRequestURL().toString(); String queryStr = hReq.getQueryString(); StringBuilder url = new StringBuilder(JSESSIONID_REGEX.matcher(requestUrl).replaceAll("")); if (!StringUtils.isEmpty(queryStr)) { url.append("?").append(JSESSIONID_REGEX.matcher(queryStr).replaceAll("")); } hResp.setHeader("Location", url.toString()); hResp.sendError(HttpServletResponse.SC_MOVED_PERMANENTLY); return; } SessionIdBlockingResponse wrapped = new SessionIdBlockingResponse((HttpServletResponse) response); chain.doFilter(request, wrapped); }
From source file:com.mirantis.cachemod.filter.CacheFilter.java
private boolean isCacheable(ServletRequest request) { if (request instanceof HttpServletRequest) { HttpServletRequest httpRequest = (HttpServletRequest) request; if (conf.getEscapeMethods().contains(httpRequest.getMethod())) { return false; }// w w w. j a va 2 s. c om if (conf.isEscapeSessionId() && httpRequest.isRequestedSessionIdFromURL()) { return false; } } return true; }
From source file:org.owasp.webgoat.service.SessionService.java
/** * Returns hints for current lesson/*from w ww .j a v a 2 s .c o m*/ * * @param session a {@link javax.servlet.http.HttpSession} object. * @param request a {@link javax.servlet.http.HttpServletRequest} object. * @return a {@link java.lang.String} object. */ @RequestMapping(value = "/session.mvc", produces = "application/json") public @ResponseBody String showSession(HttpServletRequest request, HttpSession session) { StringBuilder sb = new StringBuilder(); sb.append("id").append(" = ").append(session.getId()).append("\n"); sb.append("created").append(" = ").append(new Date(session.getCreationTime())).append("\n"); sb.append("last access").append(" = ").append(new Date(session.getLastAccessedTime())).append("\n"); sb.append("timeout (secs)").append(" = ").append(session.getMaxInactiveInterval()).append("\n"); sb.append("session from cookie?").append(" = ").append(request.isRequestedSessionIdFromCookie()) .append("\n"); sb.append("session from url?").append(" = ").append(request.isRequestedSessionIdFromURL()).append("\n"); sb.append("=====================================\n"); // get attributes List<String> attributes = new ArrayList<String>(); Enumeration keys = session.getAttributeNames(); while (keys.hasMoreElements()) { String name = (String) keys.nextElement(); attributes.add(name); } Collections.sort(attributes); for (String attribute : attributes) { String value = session.getAttribute(attribute) + ""; sb.append(attribute).append(" = ").append(value).append("\n"); } return sb.toString(); }
From source file:com.liferay.portal.util.HttpImpl.java
public String getCompleteURL(HttpServletRequest request) { StringBuffer sb = request.getRequestURL(); if (sb == null) { sb = new StringBuffer(); }//from www . j a va2 s . c om if (request.getQueryString() != null) { sb.append(StringPool.QUESTION); sb.append(request.getQueryString()); } String proxyPath = PortalUtil.getPathProxy(); if (Validator.isNotNull(proxyPath)) { int x = sb.indexOf(Http.PROTOCOL_DELIMITER) + Http.PROTOCOL_DELIMITER.length(); int y = sb.indexOf(StringPool.SLASH, x); sb.insert(y, proxyPath); } String completeURL = sb.toString(); if (request.isRequestedSessionIdFromURL()) { HttpSession session = request.getSession(); String sessionId = session.getId(); completeURL = PortalUtil.getURLWithSessionId(completeURL, sessionId); } if (_log.isWarnEnabled()) { if (completeURL.contains("?&")) { _log.warn("Invalid url " + completeURL); } } return completeURL; }
From source file:SessionSnoop.java
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); HttpSession session = req.getSession(); Integer count = (Integer) session.getAttribute("count"); if (count == null) count = new Integer(1); else//from w w w . j a v a 2 s . c om count = new Integer(count.intValue() + 1); session.setAttribute("count", count); out.println("<HTML><HEAD><TITLE>Session Count</TITLE></HEAD>"); out.println("<BODY><H1>Session Count</H1>"); out.println("You've visited this page " + count + ((count == 1) ? " time." : " times.")); out.println("<P>"); out.println("<H3>Here is your saved session data:</H3>"); Enumeration e = session.getAttributeNames(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); out.println(name + ": " + session.getAttribute(name) + "<BR>"); } out.println("<H3>Here are some vital stats on your session:</H3>"); out.println("Session id: " + session.getId() + " <I>(keep it secret)</I><BR>"); out.println("New session: " + session.isNew() + "<BR>"); out.println("Timeout: " + session.getMaxInactiveInterval()); out.println("<I>(" + session.getMaxInactiveInterval() / 60 + " minutes)</I><BR>"); out.println("Creation time: " + session.getCreationTime()); out.println("<I>(" + new Date(session.getCreationTime()) + ")</I><BR>"); out.println("Last access time: " + session.getLastAccessedTime()); out.println("<I>(" + new Date(session.getLastAccessedTime()) + ")</I><BR>"); out.println("Requested session ID from cookie: " + req.isRequestedSessionIdFromCookie() + "<BR>"); out.println("Requested session ID from URL: " + req.isRequestedSessionIdFromURL() + "<BR>"); out.println("Requested session ID valid: " + req.isRequestedSessionIdValid() + "<BR>"); out.println("<H3>Test URL Rewriting</H3>"); out.println("Click <A HREF=\"" + res.encodeURL(req.getRequestURI()) + "\">here</A>"); out.println("to test that session tracking works via URL"); out.println("rewriting even when cookies aren't supported."); out.println("</BODY></HTML>"); }
From source file:MyServlet.java
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); HttpSession session = req.getSession(); Integer count = (Integer) session.getAttribute("snoop.count"); if (count == null) count = new Integer(1); else/*from ww w .j a v a 2 s .com*/ count = new Integer(count.intValue() + 1); session.setAttribute("snoop.count", count); out.println("<HTML><HEAD><TITLE>SessionSnoop</TITLE></HEAD>"); out.println("<BODY><H1>Session Snoop</H1>"); out.println("You've visited this page " + count + ((count.intValue() == 1) ? " time." : " times.")); out.println("<P>"); out.println("<H3>Here is your saved session data:</H3>"); Enumeration e = session.getAttributeNames(); while (e.hasMoreElements()) { String name = (String) e.nextElement(); out.println(name + ": " + session.getAttribute(name) + "<BR>"); } out.println("<H3>Here are some vital stats on your session:</H3>"); out.println("Session id: " + session.getId() + " <I>(keep it secret)</I><BR>"); out.println("New session: " + session.isNew() + "<BR>"); out.println("Timeout: " + session.getMaxInactiveInterval()); out.println("<I>(" + session.getMaxInactiveInterval() / 60 + " minutes)</I><BR>"); out.println("Creation time: " + session.getCreationTime()); out.println("<I>(" + new Date(session.getCreationTime()) + ")</I><BR>"); out.println("Last access time: " + session.getLastAccessedTime()); out.println("<I>(" + new Date(session.getLastAccessedTime()) + ")</I><BR>"); out.println("Requested session ID from cookie: " + req.isRequestedSessionIdFromCookie() + "<BR>"); out.println("Requested session ID from URL: " + req.isRequestedSessionIdFromURL() + "<BR>"); out.println("Requested session ID valid: " + req.isRequestedSessionIdValid() + "<BR>"); out.println("<H3>Test URL Rewriting</H3>"); out.println("Click <A HREF=\"" + res.encodeURL(req.getRequestURI()) + "\">here</A>"); out.println("to test that session tracking works via URL"); out.println("rewriting even when cookies aren't supported."); out.println("</BODY></HTML>"); }
From source file:com.twelve.capital.external.feed.util.HttpImpl.java
@Override public String getCompleteURL(HttpServletRequest request) { StringBuffer sb = request.getRequestURL(); if (sb == null) { sb = new StringBuffer(); }/* www . ja va 2 s .co m*/ if (request.getQueryString() != null) { sb.append(StringPool.QUESTION); sb.append(request.getQueryString()); } String proxyPath = PortalUtil.getPathProxy(); if (Validator.isNotNull(proxyPath)) { int x = sb.indexOf(Http.PROTOCOL_DELIMITER) + Http.PROTOCOL_DELIMITER.length(); int y = sb.indexOf(StringPool.SLASH, x); sb.insert(y, proxyPath); } String completeURL = sb.toString(); if (request.isRequestedSessionIdFromURL()) { HttpSession session = request.getSession(); String sessionId = session.getId(); completeURL = PortalUtil.getURLWithSessionId(completeURL, sessionId); } if (_log.isWarnEnabled()) { if (completeURL.contains("?&")) { _log.warn("Invalid url " + completeURL); } } return completeURL; }
From source file:net.lightbody.bmp.proxy.jetty.servlet.SessionDump.java
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); Page page = new Page(); HttpSession session = request.getSession(getURI(request).indexOf("new") > 0); page.title("Session Dump Servlet: "); TableForm tf = new TableForm(response.encodeURL(getURI(request))); tf.method("POST"); if (session == null) { page.add("<H1>No Session</H1>"); tf.addButton("Action", "New Session"); } else {//w w w.j ava 2 s . c om try { tf.addText("ID", session.getId()); tf.addText("State", session.isNew() ? "NEW" : "Valid"); tf.addText("Creation", new Date(session.getCreationTime()).toString()); tf.addText("Last Access", new Date(session.getLastAccessedTime()).toString()); tf.addText("Max Inactive", "" + session.getMaxInactiveInterval()); tf.addText("Context", "" + session.getServletContext()); Enumeration keys = session.getAttributeNames(); while (keys.hasMoreElements()) { String name = (String) keys.nextElement(); String value = session.getAttribute(name).toString(); tf.addText(name, value); } tf.addTextField("Name", "Property Name", 20, "name"); tf.addTextField("Value", "Property Value", 20, "value"); tf.addTextField("MaxAge", "MaxAge(s)", 5, ""); tf.addButtonArea(); tf.addButton("Action", "Set"); tf.addButton("Action", "Remove"); tf.addButton("Action", "Invalidate"); page.add(tf); tf = null; if (request.isRequestedSessionIdFromCookie()) page.add("<P>Turn off cookies in your browser to try url encoding<BR>"); if (request.isRequestedSessionIdFromURL()) page.add("<P>Turn on cookies in your browser to try cookie encoding<BR>"); } catch (IllegalStateException e) { log.debug(LogSupport.EXCEPTION, e); page.add("<H1>INVALID Session</H1>"); tf = new TableForm(getURI(request)); tf.addButton("Action", "New Session"); } } if (tf != null) page.add(tf); Writer writer = response.getWriter(); page.write(writer); writer.flush(); }
From source file:it.eng.spago.dispatching.httpchannel.AdapterHTTP.java
/** * Sets the http request data./*from www.j a v a 2s . c o m*/ * * @param request the request * @param requestContainer the request container */ private void setHttpRequestData(HttpServletRequest request, RequestContainer requestContainer) { requestContainer.setAttribute(HTTP_REQUEST_AUTH_TYPE, request.getAuthType()); requestContainer.setAttribute(HTTP_REQUEST_CHARACTER_ENCODING, request.getCharacterEncoding()); requestContainer.setAttribute(HTTP_REQUEST_CONTENT_LENGTH, String.valueOf(request.getContentLength())); requestContainer.setAttribute(HTTP_REQUEST_CONTENT_TYPE, request.getContentType()); requestContainer.setAttribute(HTTP_REQUEST_CONTEXT_PATH, request.getContextPath()); requestContainer.setAttribute(HTTP_REQUEST_METHOD, request.getMethod()); requestContainer.setAttribute(HTTP_REQUEST_PATH_INFO, request.getPathInfo()); requestContainer.setAttribute(HTTP_REQUEST_PATH_TRANSLATED, request.getPathTranslated()); requestContainer.setAttribute(HTTP_REQUEST_PROTOCOL, request.getProtocol()); requestContainer.setAttribute(HTTP_REQUEST_QUERY_STRING, request.getQueryString()); requestContainer.setAttribute(HTTP_REQUEST_REMOTE_ADDR, request.getRemoteAddr()); requestContainer.setAttribute(HTTP_REQUEST_REMOTE_HOST, request.getRemoteHost()); requestContainer.setAttribute(HTTP_REQUEST_REMOTE_USER, request.getRemoteUser()); requestContainer.setAttribute(HTTP_REQUEST_REQUESTED_SESSION_ID, request.getRequestedSessionId()); requestContainer.setAttribute(HTTP_REQUEST_REQUEST_URI, request.getRequestURI()); requestContainer.setAttribute(HTTP_REQUEST_SCHEME, request.getScheme()); requestContainer.setAttribute(HTTP_REQUEST_SERVER_NAME, request.getServerName()); requestContainer.setAttribute(HTTP_REQUEST_SERVER_PORT, String.valueOf(request.getServerPort())); requestContainer.setAttribute(HTTP_REQUEST_SERVLET_PATH, request.getServletPath()); if (request.getUserPrincipal() != null) requestContainer.setAttribute(HTTP_REQUEST_USER_PRINCIPAL, request.getUserPrincipal()); requestContainer.setAttribute(HTTP_REQUEST_REQUESTED_SESSION_ID_FROM_COOKIE, String.valueOf(request.isRequestedSessionIdFromCookie())); requestContainer.setAttribute(HTTP_REQUEST_REQUESTED_SESSION_ID_FROM_URL, String.valueOf(request.isRequestedSessionIdFromURL())); requestContainer.setAttribute(HTTP_REQUEST_REQUESTED_SESSION_ID_VALID, String.valueOf(request.isRequestedSessionIdValid())); requestContainer.setAttribute(HTTP_REQUEST_SECURE, String.valueOf(request.isSecure())); Enumeration headerNames = request.getHeaderNames(); while (headerNames.hasMoreElements()) { String headerName = (String) headerNames.nextElement(); String headerValue = request.getHeader(headerName); requestContainer.setAttribute(headerName, headerValue); } // while (headerNames.hasMoreElements()) requestContainer.setAttribute(HTTP_SESSION_ID, request.getSession().getId()); requestContainer.setAttribute(Constants.HTTP_IS_XML_REQUEST, "FALSE"); }