javax.servlet.SessionCookieConfig Java Examples
The following examples show how to use
javax.servlet.SessionCookieConfig.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SessionConfig.java From Tomcat7.0.67 with Apache License 2.0 | 6 votes |
|
private static String getConfiguredSessionCookieName(Context context) {
// Priority is:
// 1. Cookie name defined in context
// 2. Cookie name configured for app
// 3. Default defined by spec
if (context != null) {
String cookieName = context.getSessionCookieName();
if (cookieName != null && cookieName.length() > 0) {
return cookieName;
}
SessionCookieConfig scc =
context.getServletContext().getSessionCookieConfig();
cookieName = scc.getName();
if (cookieName != null && cookieName.length() > 0) {
return cookieName;
}
}
return null;
}
Example #2
| Source File: SessionConfig.java From Tomcat8-Source-Read with MIT License | 6 votes |
|
private static String getConfiguredSessionCookieName(Context context) {
// Priority is:
// 1. Cookie name defined in context
// 2. Cookie name configured for app
// 3. Default defined by spec
if (context != null) {
String cookieName = context.getSessionCookieName();
if (cookieName != null && cookieName.length() > 0) {
return cookieName;
}
SessionCookieConfig scc =
context.getServletContext().getSessionCookieConfig();
cookieName = scc.getName();
if (cookieName != null && cookieName.length() > 0) {
return cookieName;
}
}
return null;
}
Example #3
| Source File: SessionConfig.java From tomcatsrc with Apache License 2.0 | 6 votes |
|
private static String getConfiguredSessionCookieName(Context context) {
// Priority is:
// 1. Cookie name defined in context
// 2. Cookie name configured for app
// 3. Default defined by spec
if (context != null) {
String cookieName = context.getSessionCookieName();
if (cookieName != null && cookieName.length() > 0) {
return cookieName;
}
SessionCookieConfig scc =
context.getServletContext().getSessionCookieConfig();
cookieName = scc.getName();
if (cookieName != null && cookieName.length() > 0) {
return cookieName;
}
}
return null;
}
Example #4
| Source File: Jetty9ServerTest.java From gocd with Apache License 2.0 | 6 votes |
|
@Test
public void shouldSetSessionCookieConfig() throws Exception {
when(systemEnvironment.isSessionCookieSecure()).thenReturn(true);
jetty9Server.configure();
jetty9Server.setSessionConfig();
jetty9Server.startHandlers();
WebAppContext webAppContext = (WebAppContext) getLoadedHandlers().get(WebAppContext.class);
SessionCookieConfig sessionCookieConfig = webAppContext.getSessionHandler().getSessionCookieConfig();
assertThat(sessionCookieConfig.isHttpOnly(), is(true));
assertThat(sessionCookieConfig.isSecure(), is(true));
assertThat(sessionCookieConfig.getMaxAge(), is(5678));
when(systemEnvironment.isSessionCookieSecure()).thenReturn(false);
jetty9Server.setSessionConfig();
assertThat(sessionCookieConfig.isSecure(), is(false));
}
Example #5
| Source File: GatewayServer.java From knox with Apache License 2.0 | 6 votes |
|
private WebAppContext createWebAppContext( Topology topology, File warFile, String warPath ) {
String topoName = topology.getName();
WebAppContext context = new WebAppContext();
String contextPath;
contextPath = "/" + Urls.trimLeadingAndTrailingSlashJoin( config.getGatewayPath(), topoName, warPath );
context.setContextPath( contextPath );
SessionCookieConfig sessionCookieConfig = context.getServletContext().getSessionCookieConfig();
sessionCookieConfig.setName(KNOXSESSIONCOOKIENAME);
context.setWar( warFile.getAbsolutePath() );
context.setAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE, topoName );
context.setAttribute( "org.apache.knox.gateway.frontend.uri", getFrontendUri( context, config ) );
context.setAttribute( GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE, config );
// Add support for JSPs.
context.setAttribute(
"org.eclipse.jetty.server.webapp.ContainerIncludeJarPattern",
".*/[^/]*servlet-api-[^/]*\\.jar$|.*/javax.servlet.jsp.jstl-.*\\.jar$|.*/[^/]*taglibs.*\\.jar$" );
context.setTempDirectory( FileUtils.getFile( warFile, "META-INF", "temp" ) );
context.setErrorHandler( createErrorHandler() );
context.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false");
ClassLoader jspClassLoader = new URLClassLoader(new URL[0], this.getClass().getClassLoader());
context.setClassLoader(jspClassLoader);
return context;
}
Example #6
| Source File: SessionConfig.java From Tomcat8-Source-Read with MIT License | 5 votes |
|
/**
* Determine the value to use for the session cookie path for the provided
* context.
*
* @param context The context
* @return the parameter name for the session
*/
public static String getSessionCookiePath(Context context) {
SessionCookieConfig scc = context.getServletContext().getSessionCookieConfig();
String contextPath = context.getSessionCookiePath();
if (contextPath == null || contextPath.length() == 0) {
contextPath = scc.getPath();
}
if (contextPath == null || contextPath.length() == 0) {
contextPath = context.getEncodedPath();
}
if (context.getSessionCookiePathUsesTrailingSlash()) {
// Handle special case of ROOT context where cookies require a path of
// '/' but the servlet spec uses an empty string
// Also ensure the cookies for a context with a path of /foo don't get
// sent for requests with a path of /foobar
if (!contextPath.endsWith("/")) {
contextPath = contextPath + "/";
}
} else {
// Only handle special case of ROOT context where cookies require a
// path of '/' but the servlet spec uses an empty string
if (contextPath.length() == 0) {
contextPath = "/";
}
}
return contextPath;
}
Example #7
| Source File: ApplicationContextFacade.java From Tomcat7.0.67 with Apache License 2.0 | 5 votes |
|
@Override
public SessionCookieConfig getSessionCookieConfig() {
if (SecurityUtil.isPackageProtectionEnabled()) {
return (SessionCookieConfig)
doPrivileged("getSessionCookieConfig", null);
} else {
return context.getSessionCookieConfig();
}
}
Example #8
| Source File: AppLauncher.java From VulnerableJavaWebApplication with MIT License | 5 votes |
|
@SuppressWarnings("deprecation")
@Bean
public ServletContextInitializer servletContextInitializer() {
return new ServletContextInitializer() {
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
servletContext.setSessionTrackingModes(Collections.singleton(SessionTrackingMode.COOKIE));
SessionCookieConfig sessionCookieConfig = servletContext.getSessionCookieConfig();
sessionCookieConfig.setHttpOnly(true);
}
};
}
Example #9
| Source File: SpringHttpSessionConfiguration.java From spring-session with Apache License 2.0 | 5 votes |
|
private CookieSerializer createDefaultCookieSerializer() {
DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
if (this.servletContext != null) {
SessionCookieConfig sessionCookieConfig = null;
try {
sessionCookieConfig = this.servletContext.getSessionCookieConfig();
}
catch (UnsupportedOperationException ex) {
this.logger.warn("Unable to obtain SessionCookieConfig: " + ex.getMessage());
}
if (sessionCookieConfig != null) {
if (sessionCookieConfig.getName() != null) {
cookieSerializer.setCookieName(sessionCookieConfig.getName());
}
if (sessionCookieConfig.getDomain() != null) {
cookieSerializer.setDomainName(sessionCookieConfig.getDomain());
}
if (sessionCookieConfig.getPath() != null) {
cookieSerializer.setCookiePath(sessionCookieConfig.getPath());
}
if (sessionCookieConfig.getMaxAge() != -1) {
cookieSerializer.setCookieMaxAge(sessionCookieConfig.getMaxAge());
}
}
}
if (this.usesSpringSessionRememberMeServices) {
cookieSerializer.setRememberMeRequestAttribute(SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR);
}
return cookieSerializer;
}
Example #10
| Source File: SpringBootInitializer.java From alf.io with GNU General Public License v3.0 | 5 votes |
|
@Bean
public ServletContextInitializer servletContextInitializer() {
return servletContext -> {
WebApplicationContext ctx = getRequiredWebApplicationContext(servletContext);
ConfigurableEnvironment environment = ctx.getBean(ConfigurableEnvironment.class);
SessionCookieConfig config = servletContext.getSessionCookieConfig();
config.setHttpOnly(true);
config.setSecure(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_LIVE)));
// force log initialization, then disable it
XRLog.setLevel(XRLog.EXCEPTION, Level.WARNING);
XRLog.setLoggingEnabled(false);
};
}
Example #11
| Source File: Initializer.java From alf.io with GNU General Public License v3.0 | 5 votes |
|
private void configureSessionCookie(ServletContext servletContext) {
SessionCookieConfig config = servletContext.getSessionCookieConfig();
config.setHttpOnly(true);
Validate.notNull(environment, "environment cannot be null!");
// set secure cookie only if current environment doesn't strictly need HTTP
config.setSecure(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_LIVE)));
// https://issues.jboss.org/browse/WFLY-3448 ?
config.setPath(servletContext.getContextPath() + "/");
}
Example #12
| Source File: BootstrapUtil.java From ldp4j with Apache License 2.0 | 5 votes |
|
private static void addSessionCookieConfigMessages(Map<String, Object> messages, SessionCookieConfig sessionCookieConfig) {
if(sessionCookieConfig==null) {
return;
}
StringBuilder builder=new StringBuilder();
builder.append(NEW_LINE).append(VALUE_PREFIX).append("Name").append(VALUE_SEPARATOR).append(sessionCookieConfig.getName());
builder.append(NEW_LINE).append(VALUE_PREFIX).append("Comment").append(VALUE_SEPARATOR).append(sessionCookieConfig.getComment());
builder.append(NEW_LINE).append(VALUE_PREFIX).append("Domain").append(VALUE_SEPARATOR).append(sessionCookieConfig.getDomain());
builder.append(NEW_LINE).append(VALUE_PREFIX).append("Path").append(VALUE_SEPARATOR).append(sessionCookieConfig.getPath());
builder.append(NEW_LINE).append(VALUE_PREFIX).append("Max age").append(VALUE_SEPARATOR).append(sessionCookieConfig.getMaxAge());
addMessage(messages,"Session cookie config",builder.toString());
}
Example #13
| Source File: ApplicationContextFacade.java From tomcatsrc with Apache License 2.0 | 5 votes |
|
@Override
public SessionCookieConfig getSessionCookieConfig() {
if (SecurityUtil.isPackageProtectionEnabled()) {
return (SessionCookieConfig)
doPrivileged("getSessionCookieConfig", null);
} else {
return context.getSessionCookieConfig();
}
}
Example #14
| Source File: Jetty9Server.java From gocd with Apache License 2.0 | 5 votes |
|
@Override
public void setSessionConfig() {
SessionHandler sessionHandler = webAppContext.getSessionHandler();
SessionCookieConfig sessionCookieConfig = sessionHandler.getSessionCookieConfig();
sessionCookieConfig.setHttpOnly(true);
sessionCookieConfig.setSecure(systemEnvironment.isSessionCookieSecure());
sessionCookieConfig.setMaxAge(systemEnvironment.sessionCookieMaxAgeInSeconds());
sessionHandler.setMaxInactiveInterval(systemEnvironment.sessionTimeoutInSeconds());
}
Example #15
| Source File: SeedServletContainerInitializer.java From seed with Mozilla Public License 2.0 | 5 votes |
|
private void copyConfig(WebConfig.SessionsConfig.CookieConfig src, SessionCookieConfig dest) {
Optional.ofNullable(src.getComment()).ifPresent(dest::setComment);
Optional.ofNullable(src.getDomain()).ifPresent(dest::setDomain);
Optional.ofNullable(src.getName()).ifPresent(dest::setName);
Optional.ofNullable(src.getPath()).ifPresent(dest::setPath);
dest.setHttpOnly(src.isHttpOnly());
dest.setSecure(src.isSecure());
dest.setMaxAge(src.getMaxAge());
}
Example #16
| Source File: ApplicationContextFacade.java From Tomcat8-Source-Read with MIT License | 5 votes |
|
@Override
public SessionCookieConfig getSessionCookieConfig() {
if (SecurityUtil.isPackageProtectionEnabled()) {
return (SessionCookieConfig)
doPrivileged("getSessionCookieConfig", null);
} else {
return context.getSessionCookieConfig();
}
}
Example #17
| Source File: MockServletContext.java From pulsar with Apache License 2.0 | 4 votes |
|
@Override
public SessionCookieConfig getSessionCookieConfig() {
return null;
}
Example #18
| Source File: MockServletContext.java From everrest with Eclipse Public License 2.0 | 4 votes |
|
@Override
public SessionCookieConfig getSessionCookieConfig() {
throw new UnsupportedOperationException("not supported");
}
Example #19
| Source File: MockServletContext.java From knox with Apache License 2.0 | 4 votes |
|
@Override
public SessionCookieConfig getSessionCookieConfig() {
return null;
}
Example #20
| Source File: ServletContextSimulator.java From birt with Eclipse Public License 1.0 | 4 votes |
|
@Override
public SessionCookieConfig getSessionCookieConfig( )
{
// TODO Auto-generated method stub
return null;
}
Example #21
| Source File: MockServletContext.java From para with Apache License 2.0 | 4 votes |
|
@Override
public SessionCookieConfig getSessionCookieConfig() {
throw new UnsupportedOperationException("Not supported yet.");
}
Example #22
| Source File: ThreadLocalServletContext.java From cxf with Apache License 2.0 | 4 votes |
|
public SessionCookieConfig getSessionCookieConfig() {
return get().getSessionCookieConfig();
}
Example #23
| Source File: AttributeOnlyServletContext.java From lucene-solr with Apache License 2.0 | 4 votes |
|
@Override
public SessionCookieConfig getSessionCookieConfig() {
return null;
}
Example #24
| Source File: MockServletContext.java From live-chat-engine with Apache License 2.0 | 4 votes |
|
@Override
public SessionCookieConfig getSessionCookieConfig() {
// TODO Auto-generated method stub
return null;
}
Example #25
| Source File: JspCServletContext.java From packagedrone with Eclipse Public License 1.0 | 4 votes |
|
public SessionCookieConfig getSessionCookieConfig() {
throw new UnsupportedOperationException();
}
Example #26
| Source File: MockServletContext.java From deltaspike with Apache License 2.0 | 4 votes |
|
@Override
public SessionCookieConfig getSessionCookieConfig()
{
return null;
}
Example #27
| Source File: TesterServletContext.java From tomcatsrc with Apache License 2.0 | 4 votes |
|
@Override
public SessionCookieConfig getSessionCookieConfig() {
return sessionCookieConfig;
}
Example #28
| Source File: JspCServletContext.java From tomcatsrc with Apache License 2.0 | 4 votes |
|
@Override
public SessionCookieConfig getSessionCookieConfig() {
return null;
}
Example #29
| Source File: ApplicationSessionCookieConfig.java From tomcatsrc with Apache License 2.0 | 4 votes |
|
/**
* Creates a new session cookie for the given session ID
*
* @param context The Context for the web application
* @param sessionId The ID of the session for which the cookie will be
* created
* @param secure Should session cookie be configured as secure
*/
public static Cookie createSessionCookie(Context context,
String sessionId, boolean secure) {
SessionCookieConfig scc =
context.getServletContext().getSessionCookieConfig();
// NOTE: The priority order for session cookie configuration is:
// 1. Context level configuration
// 2. Values from SessionCookieConfig
// 3. Defaults
Cookie cookie = new Cookie(
SessionConfig.getSessionCookieName(context), sessionId);
// Just apply the defaults.
cookie.setMaxAge(scc.getMaxAge());
cookie.setComment(scc.getComment());
if (context.getSessionCookieDomain() == null) {
// Avoid possible NPE
if (scc.getDomain() != null) {
cookie.setDomain(scc.getDomain());
}
} else {
cookie.setDomain(context.getSessionCookieDomain());
}
// Always set secure if the request is secure
if (scc.isSecure() || secure) {
cookie.setSecure(true);
}
// Always set httpOnly if the context is configured for that
if (scc.isHttpOnly() || context.getUseHttpOnly()) {
cookie.setHttpOnly(true);
}
String contextPath = context.getSessionCookiePath();
if (contextPath == null || contextPath.length() == 0) {
contextPath = scc.getPath();
}
if (contextPath == null || contextPath.length() == 0) {
contextPath = context.getEncodedPath();
}
if (context.getSessionCookiePathUsesTrailingSlash()) {
// Handle special case of ROOT context where cookies require a path of
// '/' but the servlet spec uses an empty string
// Also ensure the cookies for a context with a path of /foo don't get
// sent for requests with a path of /foobar
if (!contextPath.endsWith("/")) {
contextPath = contextPath + "/";
}
} else {
// Only handle special case of ROOT context where cookies require a
// path of '/' but the servlet spec uses an empty string
if (contextPath.length() == 0) {
contextPath = "/";
}
}
cookie.setPath(contextPath);
return cookie;
}
Example #30
| Source File: ApplicationContext.java From tomcatsrc with Apache License 2.0 | 4 votes |
|
@Override
public SessionCookieConfig getSessionCookieConfig() {
return sessionCookieConfig;
}
