List of usage examples for javax.servlet.http HttpSession invalidate
public void invalidate();
From source file:com.elecnor.ecosystem.controller.NavigationController.java
/** * This method will return "belcoLogin" OR "staticPageHome" view. * @return/*from www . ja v a 2 s.c om*/ */ @RequestMapping("/userLogout") public String logout(HttpSession session, HttpServletRequest request) { try { String redirectPage; if ((Boolean) session.getAttribute("isBelcoUser")) { redirectPage = "belcoLogin"; } else { redirectPage = "staticPageHome"; } session = request.getSession(false); session.setAttribute("selectedUser", null); session.setAttribute("isTemporaryUser", null); session.setAttribute("isBelcoUser", null); session.invalidate(); return redirectPage; } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); return "error"; } }
From source file:com.pool.rest.CarPoolRestService.java
@POST @Path("/logout") public Response logout() { try {/*w ww. j a v a2 s. c om*/ // _validateSession(); HttpSession session = request.getSession(false); if (session != null) { session.invalidate(); } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } return Response.status(Response.Status.OK).build(); }
From source file:org.apache.wiki.auth.AuthenticationManager.java
/** * Logs the user out by retrieving the WikiSession associated with the * HttpServletRequest and unbinding all of the Subject's Principals, * except for {@link Role#ALL}, {@link Role#ANONYMOUS}. * is a cheap-and-cheerful way to do it without invoking JAAS LoginModules. * The logout operation will also flush the JSESSIONID cookie from * the user's browser session, if it was set. * @param request the current HTTP request *//*ww w.j av a 2 s . c om*/ public void logout(HttpServletRequest request) { if (request == null) { log.error("No HTTP reqest provided; cannot log out."); return; } HttpSession session = request.getSession(); String sid = (session == null) ? "(null)" : session.getId(); if (log.isDebugEnabled()) { log.debug("Invalidating WikiSession for session ID=" + sid); } // Retrieve the associated WikiSession and clear the Principal set WikiSession wikiSession = WikiSession.getWikiSession(m_engine, request); Principal originalPrincipal = wikiSession.getLoginPrincipal(); wikiSession.invalidate(); // Remove the wikiSession from the WikiSession cache WikiSession.removeWikiSession(m_engine, request); // We need to flush the HTTP session too if (session != null) { session.invalidate(); } // Log the event fireEvent(WikiSecurityEvent.LOGOUT, originalPrincipal, null); }
From source file:controllers.controller.java
private void clearNCloseSession(HttpSession session, HttpServletRequest request, HttpServletResponse response, QUID quid, PrintWriter out) throws Exception { String param = ""; Enumeration enu = session.getAttributeNames(); while (enu.hasMoreElements()) { param = enu.nextElement().toString(); session.setAttribute(param, null); session.removeAttribute(param);/*from w w w .j av a 2 s .com*/ } session.invalidate(); session = null; }
From source file:org.apache.accumulo.monitor.servlets.ShellServlet.java
@Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { // Verify that this is the active Monitor instance if (!isActiveMonitor()) { resp.sendError(HttpURLConnection.HTTP_UNAVAILABLE, STANDBY_MONITOR_MESSAGE); return;/* w ww . j a va 2 s . c om*/ } final HttpSession session = req.getSession(true); String user = (String) session.getAttribute("user"); if (user == null || !userShells().containsKey(session.getId())) { // no existing shell for user, re-authenticate doGet(req, resp); return; } final String CSRF_TOKEN = (String) session.getAttribute(CSRF_KEY); if (null == CSRF_TOKEN) { // no csrf token, need to re-auth doGet(req, resp); } ShellExecutionThread shellThread = userShells().get(session.getId()); String cmd = req.getParameter("cmd"); if (cmd == null) { // the command is null, just print prompt resp.getWriter().append(shellThread.getPrompt()); resp.getWriter().flush(); return; } shellThread.addInputString(cmd); shellThread.waitUntilReady(); if (shellThread.isDone()) { // the command was exit, invalidate session userShells().remove(session.getId()); session.invalidate(); return; } // get the shell's output StringBuilder sb = new StringBuilder(); sb.append(shellThread.getOutput().replace("<", "<").replace(">", ">")); if (sb.length() == 0 || !(sb.charAt(sb.length() - 1) == '\n')) sb.append("\n"); // check if shell is waiting for input if (!shellThread.isWaitingForInput()) sb.append(shellThread.getPrompt()); // check if shell is waiting for password input if (shellThread.isMasking()) sb.append("*"); resp.getWriter().append(sb.toString()); resp.getWriter().flush(); }
From source file:com.google.ie.web.controller.UserController.java
/** * Log off the user.Inavidate the current session and remove the cookies * //from w w w .jav a 2 s.c o m * @param request {@link HttpServletRequest} object * @param response {@link HttpServletResponse} object */ @RequestMapping("/logoff") private void logOffUser(HttpServletRequest request, HttpServletResponse response, HttpSession httpSession) { /* Invalidate the session if exists */ if (httpSession != null) { httpSession.setAttribute(WebConstants.USER, null); LOGGER.info("Removing cookies from the browser"); // Clean up stale session state if any for (Step2.AxSchema schema : Step2.AxSchema.values()) { httpSession.removeAttribute(schema.getShortName()); } httpSession.removeAttribute(OpenIdConstants.REQUEST_TOKEN); httpSession.removeAttribute(OpenIdConstants.ACCESS_TOKEN); httpSession.removeAttribute(OpenIdConstants.ACCESS_TOKEN_SECRET); httpSession.removeAttribute(OpenIdConstants.ACCESSOR); /* Remove the cookies */ removeCookieFromSystem(request, response); /* Invalidate the session */ httpSession.invalidate(); } }
From source file:com.konakart.actions.BaseAction.java
/** * Creates a new session when we switch to SSL to avoid hackers using the current session id * (which may have been visible on the URL) to log into the application * //from w ww. j ava 2 s . c o m * @param request * HttpServletRequest */ private void changeSession(HttpServletRequest request) { /* Used to temporarily store objects from current session */ HashMap<String, Object> currentSessionMap = new HashMap<String, Object>(); /* Loop through all objects saved in the current session and place them in the hash map */ HttpSession currentSession = request.getSession(); Enumeration<String> atrNameEnum = currentSession.getAttributeNames(); while (atrNameEnum.hasMoreElements()) { String attrName = atrNameEnum.nextElement(); currentSessionMap.put(attrName, currentSession.getAttribute(attrName)); } /* Invalidate the current session */ currentSession.invalidate(); currentSession = null; /* Create a new session */ HttpSession newSession = request.getSession(true); /* Load the new session with objects saved in the hash map */ Set<String> atrNameSet = currentSessionMap.keySet(); for (String attrName : atrNameSet) { newSession.setAttribute(attrName, currentSessionMap.get(attrName)); } return; }
From source file:nl.strohalm.cyclos.controls.mobile.MobileLoginAction.java
@SuppressWarnings("unchecked") private ActionForward doLogin(final ActionMapping actionMapping, final ActionForm actionForm, final HttpServletRequest request, final HttpServletResponse response) { HttpSession session = request.getSession(); try {//from w w w. j av a2 s .c o m final String channelName = MobileHelper.mobileChannel(request); final Channel channel = channelService.loadByInternalName(channelName); final LoginForm form = (LoginForm) actionForm; final String principal = form.getPrincipal(); // Resolve the credentials String credentials = form.getPassword(); if (channel.getCredentials() == Credentials.TRANSACTION_PASSWORD) { // Ensure transaction password is uppercased credentials = credentials.toUpperCase(); } // Do the login User user; try { user = loginHelper.login(MemberUser.class, form.getPrincipalType(), null, principal, credentials, channelName, request, response); // Get the session again, as a new one might be generated after logging in session = request.getSession(); } catch (final AccessDeniedException e) { session.invalidate(); throw new InvalidUserForMobileException(); } catch (final AlreadyConnectedException e) { return MobileHelper.sendException(actionMapping, request, new MobileException("login.error.alreadyConnected")); } catch (final InvalidUserForChannelException e) { session.invalidate(); return MobileHelper.sendException(actionMapping, request, new InvalidUserForMobileException()); } // Prepare account related data final Member member = ((MemberUser) user).getMember(); final MemberGroup memberGroup = member.getMemberGroup(); final MemberAccountTypeQuery atQuery = new MemberAccountTypeQuery(); atQuery.fetch(AccountType.Relationships.CURRENCY); atQuery.setRelatedToGroup(memberGroup); final List<MemberAccountType> accountTypes = (List<MemberAccountType>) accountTypeService .search(atQuery); // Validate that the user has an account if (accountTypes.isEmpty()) { session.invalidate(); throw new MobileException("mobile.error.inactiveUser"); } boolean multipleAccounts = false; if (accountTypes.size() > 1) { multipleAccounts = true; final Map<Long, MemberAccountType> accountTypesById = new HashMap<Long, MemberAccountType>(); for (final MemberAccountType accountType : accountTypes) { accountTypesById.put(accountType.getId(), accountType); } session.setAttribute("accountTypes", accountTypes); session.setAttribute("accountTypesById", accountTypesById); } MemberAccountType accountType = accountTypeService.getDefault(memberGroup, AccountType.Relationships.CURRENCY); if (accountType == null) { // When no account is the default, use the first one accountType = accountTypes.get(0); } final AccountDTO accountDto = new AccountDTO(); accountDto.setOwner(member); accountDto.setType(accountType); final MemberAccount account = (MemberAccount) accountService.getAccount(accountDto); session.setAttribute("mobileAccount", account); session.setAttribute("mobileAccountType", accountType); session.setAttribute("multipleAccounts", multipleAccounts); return actionMapping.findForward("success"); } catch (final InactiveMemberException e) { throw new MobileException("login.error.inactive"); } catch (final BlockedCredentialsException e) { final String key = e.getCredentialsType() == Credentials.TRANSACTION_PASSWORD ? "transactionPassword.error.blockedByTrials" : "login.error.blocked"; throw new MobileException(key); } catch (final InvalidCredentialsException e) { final String key = e.getCredentialsType() == Credentials.TRANSACTION_PASSWORD ? "transactionPassword.error.invalid" : "login.error"; throw new MobileException(key); } catch (final LoginException e) { throw new MobileException("login.error"); } catch (final PermissionDeniedException e) { throw new MobileException("error.accessDenied"); } catch (final MobileException e) { throw e; } catch (final Exception e) { actionHelper.generateLog(request, getServlet().getServletContext(), e); LOG.error("Application error on mobile login action", e); throw new MobileException(); } }
From source file:org.josso.alfresco.agent.AlfrescoSSOAgentFilter.java
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest hReq = (HttpServletRequest) request; HttpServletResponse hRes = (HttpServletResponse) response; HttpSession hSession = hReq.getSession(); Cookie jCookie = getJossoCookie(hReq); // token is jossoSessionId String token = ""; if (jCookie != null && !jCookie.getValue().equals("-")) token = jCookie.getValue();/*from w w w. j a v a 2 s . c o m*/ boolean isLoginRequest = isLoginRequest(hReq); boolean isLogoutRequest = isLogoutRequest(hReq); boolean isGuestRequest = (("").equals(token) && !isLoginRequest && !isLogoutRequest); boolean isNormalRequest = (!("").equals(token) && !isLoginRequest && !isLogoutRequest); String alfrescoContext = hReq.getContextPath(); if (isLoginRequest) { String alfRedirect = (String) hSession.getAttribute("_alfRedirect"); if (alfRedirect == null) { alfRedirect = ""; } _agent.setAttribute(hReq, hRes, WebAccessControlUtil.KEY_JOSSO_SAVED_REQUEST_URI, alfRedirect); //set non cache headers _agent.prepareNonCacheResponse(hRes); hRes.sendRedirect(alfrescoContext + _agent.getJossoLoginUri()); } if (isLogoutRequest) { hSession.invalidate(); hRes.sendRedirect(alfrescoContext + _agent.getJossoLogoutUri()); } if (isGuestRequest) { filterChain.doFilter(hReq, hRes); } if (isNormalRequest) { try { SSOIdentityManagerService im = Lookup.getInstance().lookupSSOAgent().getSSOIdentityManager(); SSOUser ssoUser = im.findUserInSession(token, token); String principal = ""; if (ssoUser != null) principal = ssoUser.getName(); if (!existUser(principal)) { //user does not exist, create new one HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>(); properties.put(ContentModel.PROP_USERNAME, principal); for (SSONameValuePair nameValuePair : ssoUser.getProperties()) { if (nameValuePair.getName().equals("user.name")) { properties.put(ContentModel.PROP_FIRSTNAME, nameValuePair.getValue()); } else if (nameValuePair.getName() .equals("urn:org:atricore:idbus:user:property:firstName")) { properties.put(ContentModel.PROP_FIRSTNAME, nameValuePair.getValue()); } else if (nameValuePair.getName().equals("user.lastName")) { properties.put(ContentModel.PROP_LASTNAME, nameValuePair.getValue()); } else if (nameValuePair.getName() .equals("urn:org:atricore:idbus:user:property:lastName")) { properties.put(ContentModel.PROP_LASTNAME, nameValuePair.getValue()); } else if (nameValuePair.getName().equals("email")) { properties.put(ContentModel.PROP_EMAIL, nameValuePair.getValue()); } else if (nameValuePair.getName().equals("urn:org:atricore:idbus:user:property:email")) { properties.put(ContentModel.PROP_EMAIL, nameValuePair.getValue()); } } createUser(principal, properties); } setAuthenticatedUser(hReq, hRes, hSession, principal); filterChain.doFilter(hReq, hRes); } catch (Exception e) { logger.error(e, e); } } }