List of usage examples for javax.servlet.http HttpSession getId
public String getId();
From source file:at.gv.egiz.pdfas.web.helper.PdfAsHelper.java
public static void setInvokeURL(HttpServletRequest request, HttpServletResponse response, String url) { HttpSession session = request.getSession(); logger.debug("[" + session.getId() + "]: Setting Invoke URL to: " + url); session.setAttribute(PDF_INVOKE_URL, url); }
From source file:com.curl.orb.servlet.NewInstanceServlet.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException { super.doPost(request, response); NewInstanceRequest newInstanceRequest = (NewInstanceRequest) InstanceManagementUtil.getRequest(request); try {//from www . ja v a 2s .c o m String className = newInstanceRequest.getClassName(); Class<?> cls = Class.forName(className); // security RemoteServiceAnnotationChecker.check(cls, environment); // new instance HttpSession session = request.getSession(false); if (session == null) session = request.getSession(true); Object obj = InstanceManagementUtil.newInstance(cls, switchRemoteObject(newInstanceRequest.getArguments(), session)); // NOTE: objectId is HttpSession.getId() + Object.hashCode() String objectId = session.getId() + (new StringBuilder(String.valueOf(obj.hashCode()))).toString(); session.setAttribute(objectId, obj); InstanceManagementUtil.setResponse(request, objectId, null); // debug (LogFactory.getLog(getClass())).debug("Request new instance"); } // IOException, SerializerException ...etc catch (Exception e) { InstanceManagementUtil.setResponse(request, e, null); } }
From source file:servlet.SecurityServlet.java
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { System.out.println("*** Called SecurityServlet"); HttpSession httpSession = request.getSession(); String faceCode = request.getParameter("code"); String state = request.getParameter("state"); String accessToken = getFacebookAccessToken(faceCode); String email = getUserMailAddressFromJsonResponse(accessToken, httpSession); String sessionID = httpSession.getId(); if (state.equals(sessionID)) { try {/*from ww w. j a va 2 s. c om*/ //do some specific user data operation like saving to DB or login user //request.login(email, "somedefaultpassword"); } catch (Exception e) { e.printStackTrace(); response.sendRedirect(request.getContextPath() + "/facebookError.html"); return; } response.sendRedirect(request.getContextPath() + "/welcomePrimefaces.xhtml"); } else { System.err.println("CSRF protection validation"); } }
From source file:de.itsvs.cwtrpc.security.DefaultRpcHttpSessionStrategy.java
protected RpcSessionInvalidationPolicy prepareUnpreparedSession(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { final HttpSession existingSession; final RpcSessionInvalidationPolicy policy; boolean createdSession = false; existingSession = request.getSession(false); if ((existingSession != null) && log.isDebugEnabled()) { log.debug("Existing session " + existingSession.getId()); }//w ww. j a v a 2s .c o m if (isClearSession() && (existingSession != null)) { if (log.isDebugEnabled()) { log.debug("Clearing attributes of existing session " + existingSession.getId()); } clearSession(request, response, existingSession); } if (isCreateSession() && (existingSession == null)) { final HttpSession newSession; newSession = request.getSession(true); if (log.isDebugEnabled()) { log.debug("Created new session " + newSession.getId()); } createdSession = true; } policy = createRpcSessionInvalidationPolicy(request, response, createdSession); CwtRpcUtils.saveRpcSessionInvalidationPolicy(request, policy); return policy; }
From source file:dk.itst.oiosaml.sp.service.SAMLAssertionConsumerHandler.java
private void handleSAMLResponse(RequestContext ctx, OIOResponse response) throws IOException, ServletException { Audit.log(Operation.AUTHNREQUEST_SEND, false, response.getInResponseTo(), response.toXML()); HttpSession session = ctx.getSession(); if (log.isDebugEnabled()) { log.debug("Calling URL.:" + ctx.getRequest().getRequestURI() + "?" + ctx.getRequest().getQueryString()); log.debug("SessionId..:" + session.getId()); }/*from w w w . j a v a 2 s . c om*/ RelayState relayState = RelayState.fromRequest(ctx.getRequest()); if (log.isDebugEnabled()) log.debug("Got relayState..:" + relayState); String idpEntityId = response.getOriginatingIdpEntityId(ctx.getSessionHandler()); if (log.isDebugEnabled()) log.debug("Received SAML Response from " + idpEntityId + ": " + response.toXML()); boolean allowPassive = ctx.getConfiguration().getBoolean(Constants.PROP_PASSIVE, false); Metadata metadata = ctx.getIdpMetadata().getMetadata(idpEntityId); response.decryptAssertion(ctx.getCredential(), !ctx.getConfiguration().getBoolean(Constants.PROP_REQUIRE_ENCRYPTION, false)); response.validateResponse(ctx.getSpMetadata().getAssertionConsumerServiceLocation(0), metadata.getCertificates(), allowPassive); if (allowPassive && response.isPassive()) { log.debug("Received passive response, setting passive userassertion"); Assertion assertion = SAMLUtil.buildXMLObject(Assertion.class); assertion.setID("" + System.currentTimeMillis()); ctx.getSessionHandler().setAssertion(session.getId(), new OIOAssertion(assertion)); PassiveUserAssertion passiveUserAssertion = new PassiveUserAssertion( ctx.getConfiguration().getString(Constants.PROP_PASSIVE_USER_ID)); session.setAttribute(Constants.SESSION_USER_ASSERTION, passiveUserAssertion); Audit.log(Operation.LOGIN, passiveUserAssertion.getSubject()); } else { OIOAssertion assertion = response.getAssertion(); assertion.validateAssertion(validator, ctx.getSpMetadata().getEntityID(), ctx.getSpMetadata().getAssertionConsumerServiceLocation(0)); UserAssertion userAssertion = new UserAssertionImpl(assertion); if (!invokeAuthenticationHandler(ctx, userAssertion)) { Audit.logError(Operation.LOGIN, false, response.getInResponseTo(), "Authentication handler stopped authentication"); log.error("Authentication handler stopped authentication"); return; } Audit.setAssertionId(assertion.getID()); Audit.log(Operation.LOGIN, assertion.getSubjectNameIDValue() + "/" + assertion.getAssuranceLevel() + " via " + assertion.getIssuer()); Audit.log(Operation.LOGIN_SESSION, Integer.toString(session.getMaxInactiveInterval())); // Store the assertion in the session store // release the DOM tree now the signature is validated - due to large memory consumption Assertion assertion2 = assertion.getAssertion(); assertion2.releaseChildrenDOM(true); assertion2.releaseDOM(); assertion2.detach(); ctx.getSessionHandler().setAssertion(session.getId(), assertion); session.setAttribute(Constants.SESSION_USER_ASSERTION, userAssertion); } if (relayState.getRelayState() != null) { HTTPUtils.sendResponse(ctx.getSessionHandler().getRequest(relayState.getRelayState()), ctx); } else { HTTPUtils.sendResponse(null, ctx); } }
From source file:org.opencron.server.controller.HomeController.java
@RequestMapping("/logout") public String logout(HttpSession httpSession) throws IOException { //??.//from w w w. j ava2s .c o m TerminalSession.exit(httpSession.getId()); httpSession.removeAttribute(OpencronTools.LOGIN_USER); httpSession.removeAttribute(OpencronTools.LOGIN_MSG); return "redirect:/"; }
From source file:com.xpn.xwiki.stats.impl.StatsUtil.java
/** * Indicate of the provided visit object has to be recreated. * /* w w w. j a v a2 s . co m*/ * @param visitObject the visit object to validate. * @param context the XWiki context. * @return false if the visit object has to be recreated, true otherwise. * @since 1.4M1 */ private static boolean isVisitObjectValid(VisitStats visitObject, XWikiContext context) { boolean valid = true; XWikiRequest request = context.getRequest(); HttpSession session = request.getSession(true); Cookie cookie = (Cookie) context.get(CONTPROP_STATS_COOKIE); Date nowDate = new Date(); if (visitObject != null) { // Let's verify if the session is valid // If the cookie is not the same if (!visitObject.getCookie().equals(cookie.getValue())) { // Let's log a message here // Since the session is also maintained using a cookie // then there is something wrong here if (LOGGER.isDebugEnabled()) { LOGGER.debug("Found visit with cookie " + visitObject.getCookie() + " in session " + session.getId() + " for request with cookie " + cookie.getValue()); } valid = false; } else if ((nowDate.getTime() - visitObject.getEndDate().getTime()) > 30 * 60 * 1000) { // If session is longer than 30 minutes we should invalidate it // and create a new one valid = false; } else if (visitObject != null && !context.getUser().equals(visitObject.getName())) { // If the user is not the same, we should invalidate the session // and create a new one valid = false; } } return valid; }
From source file:com.mirth.connect.server.servlets.UserServlet.java
private void logout(HttpServletRequest request, UserController userController, EventController eventController) throws ServletException { HttpSession session = request.getSession(); // save the session id before removing them from the session Integer userId = (Integer) session.getAttribute(SESSION_USER); String sessionId = session.getId(); // remove the sessions attributes session.removeAttribute(SESSION_USER); session.removeAttribute(SESSION_AUTHORIZED); // invalidate the current sessions session.invalidate();/*from w w w . j a va 2s . c om*/ // set the user status to logged out in the database User user = new User(); user.setId(userId); try { userController.logoutUser(user); } catch (ControllerException ce) { throw new ServletException(ce); } // delete any temp tables created for this session ControllerFactory.getFactory().createMessageObjectController().removeFilterTable(sessionId); eventController.removeFilterTable(sessionId); }
From source file:org.ambraproject.web.DummySSOFilter.java
private void handleLogin(HttpServletRequest request, HttpServletResponse response) throws IOException { String authId = request.getParameter("sso.auth.id"); String email = request.getParameter("sso.email"); if (authId == null) { handleLogout(request, response); return;//from w ww. j a v a2 s .c om } HttpSession session = ((HttpServletRequest) request).getSession(); if (log.isDebugEnabled()) log.debug("logging in as: auth-id='" + authId + "', email='" + email + "', on session " + session.getId()); CASReceipt receipt = new CASReceipt(); receipt.setPgtIou("foo" + System.currentTimeMillis()); session.setAttribute(Constants.AUTH_KEY, authId); // FIXME: storing non-serializable CASReceipt into HttpSession session.setAttribute(Constants.SINGLE_SIGNON_RECEIPT, receipt); session.setAttribute(Constants.SINGLE_SIGNON_EMAIL_KEY, email); redirToService(request, response); }
From source file:nz.co.fortytwo.signalk.processor.UploadProcessor.java
@Override public void process(Exchange exchange) throws Exception { logger.debug("UploadProcessor starts"); HttpServletRequest request = exchange.getIn(HttpMessage.class).getRequest(); logger.debug("Session = " + request.getSession().getId()); HttpSession session = request.getSession(); if (logger.isDebugEnabled()) { logger.debug("Request = " + exchange.getIn().getHeader(Exchange.HTTP_SERVLET_REQUEST).getClass()); logger.debug("Session = " + session.getId()); }//ww w. j a v a 2s. c o m if (session.getId() != null) { String remoteAddress = request.getRemoteAddr(); String localAddress = request.getLocalAddr(); if (Util.sameNetwork(localAddress, remoteAddress)) { exchange.getIn().setHeader(SignalKConstants.MSG_TYPE, SignalKConstants.INTERNAL_IP); } else { exchange.getIn().setHeader(SignalKConstants.MSG_TYPE, SignalKConstants.EXTERNAL_IP); } if (exchange.getIn().getHeader(Exchange.HTTP_METHOD).equals("POST")) { processUpload(exchange); } } else { exchange.getIn().setHeader("Location", SignalKConstants.SIGNALK_AUTH); exchange.getIn().setBody("Authentication Required"); } }