Example usage for javax.servlet.http HttpServletRequest isRequestedSessionIdFromUrl

List of usage examples for javax.servlet.http HttpServletRequest isRequestedSessionIdFromUrl

Introduction

In this page you can find the example usage for javax.servlet.http HttpServletRequest isRequestedSessionIdFromUrl.

Prototype

@Deprecated
public boolean isRequestedSessionIdFromUrl();

Source Link

Usage

From source file:se.trillian.goodies.web.DisableSessionIdInUrlFilterTest.java

public void testSessionIdInRequestUrlIsRemoved() throws Exception {
    request.setServerName("www.example.com");
    request.setRequestURI("/index.html;jsessionid=1047kv5xa62lf");
    request.setRequestedSessionIdFromURL(true);
    final boolean[] called = new boolean[] { false };

    filter.doFilter(request, response, new FilterChain() {
        public void doFilter(ServletRequest req, ServletResponse res) throws IOException, ServletException {

            HttpServletRequest request = (HttpServletRequest) req;
            assertFalse(request.isRequestedSessionIdFromURL());
            assertEquals("/index.html", request.getRequestURI());
            assertEquals("http://www.example.com:80/index.html", request.getRequestURL().toString());
            called[0] = true;// w w  w .  ja va  2 s.  c  om
        }
    });

    assertTrue(called[0]);
}

From source file:com.fiveamsolutions.nci.commons.web.filter.SessionFixationProtectionFilter.java

/**
 * {@inheritDoc}//w w w. j  ava  2s. co  m
 */
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {

    HttpServletRequest hReq = (HttpServletRequest) request;
    HttpServletResponse hResp = (HttpServletResponse) response;
    if (hReq.isRequestedSessionIdFromURL()) {
        String requestUrl = hReq.getRequestURL().toString();
        String queryStr = hReq.getQueryString();
        StringBuilder url = new StringBuilder(JSESSIONID_REGEX.matcher(requestUrl).replaceAll(""));
        if (!StringUtils.isEmpty(queryStr)) {
            url.append("?").append(JSESSIONID_REGEX.matcher(queryStr).replaceAll(""));
        }
        hResp.setHeader("Location", url.toString());
        hResp.sendError(HttpServletResponse.SC_MOVED_PERMANENTLY);
        return;
    }

    SessionIdBlockingResponse wrapped = new SessionIdBlockingResponse((HttpServletResponse) response);
    chain.doFilter(request, wrapped);
}

From source file:com.mirantis.cachemod.filter.CacheFilter.java

private boolean isCacheable(ServletRequest request) {
    if (request instanceof HttpServletRequest) {
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        if (conf.getEscapeMethods().contains(httpRequest.getMethod())) {
            return false;
        }//  w  w  w. j  a  va  2 s. c  om
        if (conf.isEscapeSessionId() && httpRequest.isRequestedSessionIdFromURL()) {
            return false;
        }
    }
    return true;
}

From source file:org.owasp.webgoat.service.SessionService.java

/**
 * Returns hints for current lesson/*from w  ww  .j  a  v a 2 s .c  o  m*/
 *
 * @param session a {@link javax.servlet.http.HttpSession} object.
 * @param request a {@link javax.servlet.http.HttpServletRequest} object.
 * @return a {@link java.lang.String} object.
 */
@RequestMapping(value = "/session.mvc", produces = "application/json")
public @ResponseBody String showSession(HttpServletRequest request, HttpSession session) {
    StringBuilder sb = new StringBuilder();
    sb.append("id").append(" = ").append(session.getId()).append("\n");
    sb.append("created").append(" = ").append(new Date(session.getCreationTime())).append("\n");
    sb.append("last access").append(" = ").append(new Date(session.getLastAccessedTime())).append("\n");
    sb.append("timeout (secs)").append(" = ").append(session.getMaxInactiveInterval()).append("\n");
    sb.append("session from cookie?").append(" = ").append(request.isRequestedSessionIdFromCookie())
            .append("\n");
    sb.append("session from url?").append(" = ").append(request.isRequestedSessionIdFromURL()).append("\n");
    sb.append("=====================================\n");
    // get attributes
    List<String> attributes = new ArrayList<String>();
    Enumeration keys = session.getAttributeNames();
    while (keys.hasMoreElements()) {
        String name = (String) keys.nextElement();
        attributes.add(name);
    }
    Collections.sort(attributes);
    for (String attribute : attributes) {
        String value = session.getAttribute(attribute) + "";
        sb.append(attribute).append(" = ").append(value).append("\n");
    }
    return sb.toString();
}

From source file:com.liferay.portal.util.HttpImpl.java

public String getCompleteURL(HttpServletRequest request) {
    StringBuffer sb = request.getRequestURL();

    if (sb == null) {
        sb = new StringBuffer();
    }//from  www  .  j  a va2  s  . c  om

    if (request.getQueryString() != null) {
        sb.append(StringPool.QUESTION);
        sb.append(request.getQueryString());
    }

    String proxyPath = PortalUtil.getPathProxy();

    if (Validator.isNotNull(proxyPath)) {
        int x = sb.indexOf(Http.PROTOCOL_DELIMITER) + Http.PROTOCOL_DELIMITER.length();
        int y = sb.indexOf(StringPool.SLASH, x);

        sb.insert(y, proxyPath);
    }

    String completeURL = sb.toString();

    if (request.isRequestedSessionIdFromURL()) {
        HttpSession session = request.getSession();

        String sessionId = session.getId();

        completeURL = PortalUtil.getURLWithSessionId(completeURL, sessionId);
    }

    if (_log.isWarnEnabled()) {
        if (completeURL.contains("?&")) {
            _log.warn("Invalid url " + completeURL);
        }
    }

    return completeURL;
}

From source file:SessionSnoop.java

public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
    res.setContentType("text/html");
    PrintWriter out = res.getWriter();

    HttpSession session = req.getSession();

    Integer count = (Integer) session.getAttribute("count");
    if (count == null)
        count = new Integer(1);
    else//from   w  w w .  j  a  v a 2 s . c  om
        count = new Integer(count.intValue() + 1);
    session.setAttribute("count", count);

    out.println("<HTML><HEAD><TITLE>Session Count</TITLE></HEAD>");
    out.println("<BODY><H1>Session Count</H1>");

    out.println("You've visited this page " + count + ((count == 1) ? " time." : " times."));

    out.println("<P>");

    out.println("<H3>Here is your saved session data:</H3>");
    Enumeration e = session.getAttributeNames();
    while (e.hasMoreElements()) {
        String name = (String) e.nextElement();
        out.println(name + ": " + session.getAttribute(name) + "<BR>");
    }

    out.println("<H3>Here are some vital stats on your session:</H3>");
    out.println("Session id: " + session.getId() + " <I>(keep it secret)</I><BR>");
    out.println("New session: " + session.isNew() + "<BR>");
    out.println("Timeout: " + session.getMaxInactiveInterval());
    out.println("<I>(" + session.getMaxInactiveInterval() / 60 + " minutes)</I><BR>");
    out.println("Creation time: " + session.getCreationTime());
    out.println("<I>(" + new Date(session.getCreationTime()) + ")</I><BR>");
    out.println("Last access time: " + session.getLastAccessedTime());
    out.println("<I>(" + new Date(session.getLastAccessedTime()) + ")</I><BR>");

    out.println("Requested session ID from cookie: " + req.isRequestedSessionIdFromCookie() + "<BR>");
    out.println("Requested session ID from URL: " + req.isRequestedSessionIdFromURL() + "<BR>");
    out.println("Requested session ID valid: " + req.isRequestedSessionIdValid() + "<BR>");

    out.println("<H3>Test URL Rewriting</H3>");
    out.println("Click <A HREF=\"" + res.encodeURL(req.getRequestURI()) + "\">here</A>");
    out.println("to test that session tracking works via URL");
    out.println("rewriting even when cookies aren't supported.");

    out.println("</BODY></HTML>");
}

From source file:MyServlet.java

public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
    res.setContentType("text/html");
    PrintWriter out = res.getWriter();

    HttpSession session = req.getSession();

    Integer count = (Integer) session.getAttribute("snoop.count");
    if (count == null)
        count = new Integer(1);
    else/*from   ww  w  .j a v a 2  s .com*/
        count = new Integer(count.intValue() + 1);
    session.setAttribute("snoop.count", count);

    out.println("<HTML><HEAD><TITLE>SessionSnoop</TITLE></HEAD>");
    out.println("<BODY><H1>Session Snoop</H1>");

    out.println("You've visited this page " + count + ((count.intValue() == 1) ? " time." : " times."));

    out.println("<P>");

    out.println("<H3>Here is your saved session data:</H3>");
    Enumeration e = session.getAttributeNames();
    while (e.hasMoreElements()) {
        String name = (String) e.nextElement();
        out.println(name + ": " + session.getAttribute(name) + "<BR>");
    }

    out.println("<H3>Here are some vital stats on your session:</H3>");
    out.println("Session id: " + session.getId() + " <I>(keep it secret)</I><BR>");
    out.println("New session: " + session.isNew() + "<BR>");
    out.println("Timeout: " + session.getMaxInactiveInterval());
    out.println("<I>(" + session.getMaxInactiveInterval() / 60 + " minutes)</I><BR>");
    out.println("Creation time: " + session.getCreationTime());
    out.println("<I>(" + new Date(session.getCreationTime()) + ")</I><BR>");
    out.println("Last access time: " + session.getLastAccessedTime());
    out.println("<I>(" + new Date(session.getLastAccessedTime()) + ")</I><BR>");

    out.println("Requested session ID from cookie: " + req.isRequestedSessionIdFromCookie() + "<BR>");
    out.println("Requested session ID from URL: " + req.isRequestedSessionIdFromURL() + "<BR>");
    out.println("Requested session ID valid: " + req.isRequestedSessionIdValid() + "<BR>");

    out.println("<H3>Test URL Rewriting</H3>");
    out.println("Click <A HREF=\"" + res.encodeURL(req.getRequestURI()) + "\">here</A>");
    out.println("to test that session tracking works via URL");
    out.println("rewriting even when cookies aren't supported.");

    out.println("</BODY></HTML>");
}

From source file:com.twelve.capital.external.feed.util.HttpImpl.java

@Override
public String getCompleteURL(HttpServletRequest request) {
    StringBuffer sb = request.getRequestURL();

    if (sb == null) {
        sb = new StringBuffer();
    }/* www  . ja  va 2  s .co m*/

    if (request.getQueryString() != null) {
        sb.append(StringPool.QUESTION);
        sb.append(request.getQueryString());
    }

    String proxyPath = PortalUtil.getPathProxy();

    if (Validator.isNotNull(proxyPath)) {
        int x = sb.indexOf(Http.PROTOCOL_DELIMITER) + Http.PROTOCOL_DELIMITER.length();
        int y = sb.indexOf(StringPool.SLASH, x);

        sb.insert(y, proxyPath);
    }

    String completeURL = sb.toString();

    if (request.isRequestedSessionIdFromURL()) {
        HttpSession session = request.getSession();

        String sessionId = session.getId();

        completeURL = PortalUtil.getURLWithSessionId(completeURL, sessionId);
    }

    if (_log.isWarnEnabled()) {
        if (completeURL.contains("?&")) {
            _log.warn("Invalid url " + completeURL);
        }
    }

    return completeURL;
}

From source file:net.lightbody.bmp.proxy.jetty.servlet.SessionDump.java

public void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    response.setContentType("text/html");
    Page page = new Page();

    HttpSession session = request.getSession(getURI(request).indexOf("new") > 0);

    page.title("Session Dump Servlet: ");

    TableForm tf = new TableForm(response.encodeURL(getURI(request)));
    tf.method("POST");

    if (session == null) {
        page.add("<H1>No Session</H1>");
        tf.addButton("Action", "New Session");
    } else {//w  w w.j  ava  2  s  .  c om
        try {
            tf.addText("ID", session.getId());
            tf.addText("State", session.isNew() ? "NEW" : "Valid");
            tf.addText("Creation", new Date(session.getCreationTime()).toString());
            tf.addText("Last Access", new Date(session.getLastAccessedTime()).toString());
            tf.addText("Max Inactive", "" + session.getMaxInactiveInterval());

            tf.addText("Context", "" + session.getServletContext());

            Enumeration keys = session.getAttributeNames();
            while (keys.hasMoreElements()) {
                String name = (String) keys.nextElement();
                String value = session.getAttribute(name).toString();
                tf.addText(name, value);
            }

            tf.addTextField("Name", "Property Name", 20, "name");
            tf.addTextField("Value", "Property Value", 20, "value");
            tf.addTextField("MaxAge", "MaxAge(s)", 5, "");
            tf.addButtonArea();
            tf.addButton("Action", "Set");
            tf.addButton("Action", "Remove");
            tf.addButton("Action", "Invalidate");

            page.add(tf);
            tf = null;
            if (request.isRequestedSessionIdFromCookie())
                page.add("<P>Turn off cookies in your browser to try url encoding<BR>");

            if (request.isRequestedSessionIdFromURL())
                page.add("<P>Turn on cookies in your browser to try cookie encoding<BR>");

        } catch (IllegalStateException e) {
            log.debug(LogSupport.EXCEPTION, e);
            page.add("<H1>INVALID Session</H1>");
            tf = new TableForm(getURI(request));
            tf.addButton("Action", "New Session");
        }
    }

    if (tf != null)
        page.add(tf);

    Writer writer = response.getWriter();
    page.write(writer);
    writer.flush();
}

From source file:it.eng.spago.dispatching.httpchannel.AdapterHTTP.java

/**
 * Sets the http request data./*from   www.j  a  v  a 2s . c o  m*/
 * 
 * @param request the request
 * @param requestContainer the request container
 */
private void setHttpRequestData(HttpServletRequest request, RequestContainer requestContainer) {
    requestContainer.setAttribute(HTTP_REQUEST_AUTH_TYPE, request.getAuthType());
    requestContainer.setAttribute(HTTP_REQUEST_CHARACTER_ENCODING, request.getCharacterEncoding());
    requestContainer.setAttribute(HTTP_REQUEST_CONTENT_LENGTH, String.valueOf(request.getContentLength()));
    requestContainer.setAttribute(HTTP_REQUEST_CONTENT_TYPE, request.getContentType());
    requestContainer.setAttribute(HTTP_REQUEST_CONTEXT_PATH, request.getContextPath());
    requestContainer.setAttribute(HTTP_REQUEST_METHOD, request.getMethod());
    requestContainer.setAttribute(HTTP_REQUEST_PATH_INFO, request.getPathInfo());
    requestContainer.setAttribute(HTTP_REQUEST_PATH_TRANSLATED, request.getPathTranslated());
    requestContainer.setAttribute(HTTP_REQUEST_PROTOCOL, request.getProtocol());
    requestContainer.setAttribute(HTTP_REQUEST_QUERY_STRING, request.getQueryString());
    requestContainer.setAttribute(HTTP_REQUEST_REMOTE_ADDR, request.getRemoteAddr());
    requestContainer.setAttribute(HTTP_REQUEST_REMOTE_HOST, request.getRemoteHost());
    requestContainer.setAttribute(HTTP_REQUEST_REMOTE_USER, request.getRemoteUser());
    requestContainer.setAttribute(HTTP_REQUEST_REQUESTED_SESSION_ID, request.getRequestedSessionId());
    requestContainer.setAttribute(HTTP_REQUEST_REQUEST_URI, request.getRequestURI());
    requestContainer.setAttribute(HTTP_REQUEST_SCHEME, request.getScheme());
    requestContainer.setAttribute(HTTP_REQUEST_SERVER_NAME, request.getServerName());
    requestContainer.setAttribute(HTTP_REQUEST_SERVER_PORT, String.valueOf(request.getServerPort()));
    requestContainer.setAttribute(HTTP_REQUEST_SERVLET_PATH, request.getServletPath());
    if (request.getUserPrincipal() != null)
        requestContainer.setAttribute(HTTP_REQUEST_USER_PRINCIPAL, request.getUserPrincipal());
    requestContainer.setAttribute(HTTP_REQUEST_REQUESTED_SESSION_ID_FROM_COOKIE,
            String.valueOf(request.isRequestedSessionIdFromCookie()));
    requestContainer.setAttribute(HTTP_REQUEST_REQUESTED_SESSION_ID_FROM_URL,
            String.valueOf(request.isRequestedSessionIdFromURL()));
    requestContainer.setAttribute(HTTP_REQUEST_REQUESTED_SESSION_ID_VALID,
            String.valueOf(request.isRequestedSessionIdValid()));
    requestContainer.setAttribute(HTTP_REQUEST_SECURE, String.valueOf(request.isSecure()));
    Enumeration headerNames = request.getHeaderNames();
    while (headerNames.hasMoreElements()) {
        String headerName = (String) headerNames.nextElement();
        String headerValue = request.getHeader(headerName);
        requestContainer.setAttribute(headerName, headerValue);
    } // while (headerNames.hasMoreElements())
    requestContainer.setAttribute(HTTP_SESSION_ID, request.getSession().getId());
    requestContainer.setAttribute(Constants.HTTP_IS_XML_REQUEST, "FALSE");
}