Java Code Examples for javax.servlet.http.HttpServletRequest#changeSessionId()
The following examples show how to use
javax.servlet.http.HttpServletRequest#changeSessionId() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: WebSessionFilter.java From ignite with Apache License 2.0 | 6 votes |
|
/** {@inheritDoc} */
@Override public String changeSessionId() {
final HttpServletRequest req = (HttpServletRequest) getRequest();
final String newId = req.changeSessionId();
if (!F.eq(newId, ses.getId())) {
try {
ses = createSessionV2(ses, newId);
}
catch (IOException e) {
throw new IgniteException(e);
}
}
return newId;
}
Example 2
| Source File: ChangeSessionIdServlet.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
HttpSession session = req.getSession(true);
String old = session.getId();
req.changeSessionId();
String newId = session.getId();
resp.getWriter().write(old + " "+ newId);
}
Example 3
| Source File: RequestedSessionIdServlet.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
switch (req.getParameter("action")) {
case "create":
req.getSession(true);
resp.getWriter().write(req.getRequestedSessionId());
break;
case "destroy":
req.getSession().invalidate();
resp.getWriter().write(req.getRequestedSessionId());
break;
case "destroycreate":
req.getSession().invalidate();
req.getSession(true);
resp.getWriter().write(req.getRequestedSessionId());
break;
case "change":
req.changeSessionId();
resp.getWriter().write(req.getRequestedSessionId());
break;
case "timeout":
req.getSession(true).setMaxInactiveInterval(1);
resp.getWriter().write(req.getRequestedSessionId());
break;
case "isvalid":
resp.getWriter().write(req.isRequestedSessionIdValid() + "");
break;
case "default":
resp.getWriter().write(req.getRequestedSessionId());
break;
}
}
Example 4
| Source File: SwitchServlet.java From HttpSessionReplacer with MIT License | 5 votes |
|
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
* response)
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
log(request);
PrintWriter w = response.getWriter();
request.changeSessionId();
w.println("Previous value of attribute: " + request.getSession().getAttribute("A"));
request.getSession(true).setAttribute("A", "S");
w.println("New value of attribute: " + request.getSession().getAttribute("A"));
w.println("Encoded url: " + response.encodeURL("/"));
w.append("Served at: ").append(request.getContextPath()).append(" ");
}
Example 5
| Source File: MCRLoginServlet.java From mycore with GNU General Public License v3.0 | 5 votes |
|
protected void presentLoginForm(MCRServletJob job)
throws IOException, TransformerException, SAXException, JAXBException {
HttpServletRequest req = job.getRequest();
HttpServletResponse res = job.getResponse();
if (LOCAL_LOGIN_SECURE_ONLY && !req.isSecure()) {
res.sendError(HttpServletResponse.SC_FORBIDDEN, getErrorI18N("component.user2.login", "httpsOnly"));
return;
}
String returnURL = getReturnURL(req);
String formAction = req.getRequestURI();
MCRLogin loginForm = new MCRLogin(MCRSessionMgr.getCurrentSession().getUserInformation(), returnURL,
formAction);
String uid = getProperty(req, "uid");
String pwd = getProperty(req, "pwd");
if (uid != null) {
MCRUser user = MCRUserManager.login(uid, pwd);
if (user == null) {
res.setStatus(HttpServletResponse.SC_BAD_REQUEST);
loginForm.setLoginFailed(true);
} else {
//user logged in
// MCR-1154
req.changeSessionId();
LOGGER.info("user {} logged in successfully.", uid);
res.sendRedirect(res.encodeRedirectURL(getReturnURL(req)));
return;
}
}
addFormFields(loginForm, job.getRequest().getParameter(REALM_URL_PARAMETER));
getLayoutService().doLayout(req, res, new MCRJAXBContent<>(JAXBContext.newInstance(MCRLogin.class), loginForm));
}
Example 6
| Source File: MCRCASServlet.java From mycore with GNU General Public License v3.0 | 5 votes |
|
public void doGetPost(MCRServletJob job) throws Exception {
HttpServletRequest req = job.getRequest();
HttpServletResponse res = job.getResponse();
String ticket = req.getParameter("ticket");
if ((ticket == null) || (ticket.trim().length() == 0)) {
res.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
}
// Validate ticket at CAS server
Cas20ProxyTicketValidator sv = new Cas20ProxyTicketValidator(serverURL);
sv.setAcceptAnyProxy(true);
Assertion a = sv.validate(ticket, clientURL);
AttributePrincipal principal = a.getPrincipal();
// Get user name logged in
String userName = principal.getName();
LOGGER.info("Login {}", userName);
MCRUser user;
boolean userExists = MCRUserManager.exists(userName, realmID);
if (userExists) {
user = MCRUserManager.getUser(userName, realmID);
} else {
user = new MCRUser(userName, realmID);
}
// Get user properties from LDAP server
boolean userChanged = MCRLDAPClient.instance().updateUserProperties(user);
if (userChanged && userExists) {
MCRUserManager.updateUser(user);
}
// Store login user in session and redirect browser to target url
MCRSessionMgr.getCurrentSession().setUserInformation(user);
// MCR-1154
req.changeSessionId();
MCRLoginServlet.redirect(res);
}
Example 7
| Source File: WebSessionFilter.java From ignite with Apache License 2.0 | 5 votes |
|
/** {@inheritDoc} */
@Override public String changeSessionId() {
HttpServletRequest req = (HttpServletRequest)getRequest();
String newId = req.changeSessionId();
this.ses.setId(newId);
this.ses = createSession(ses, newId);
this.ses.servletContext(ctx);
this.ses.filter(WebSessionFilter.this);
this.ses.resetUpdates();
return newId;
}
Example 8
| Source File: SecurityService.java From lutece-core with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
/**
* Register the user in the Http session
*
* @param request The Http request
* @param user The current user
*/
public void registerUser( HttpServletRequest request, LuteceUser user )
{
HttpSession session = request.getSession( true );
// change session Id
request.changeSessionId( );
session.setAttribute( ATTRIBUTE_LUTECE_USER, user );
}
Example 9
| Source File: LoginServlet.java From JavaSecurity with Apache License 2.0 | 5 votes |
|
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) {
String currentSessionId = request.getSession().getId();
log.info("Original session ID {}", currentSessionId);
// changes the session id in the session, returns the new one
String newSessionId = request.changeSessionId();
log.info("New session ID {}", newSessionId);
response.setContentType("text/html");
try (PrintWriter out = response.getWriter()) {
out.println("<html><head>");
out.println("<title>Session Handling</title>");
out.println("<link rel=\"stylesheet\" type=\"text/css\" href=\"resources/css/styles.css\" />");
out.println("</head>");
out.println("<body>");
out.println("<h1>Session Handling</h1>");
out.println("<p><strong>Original Session ID: </strong> " + currentSessionId + "</p>");
out.println("<p><strong>New Session ID: </strong> " + newSessionId + "</p>");
out.println("<p><a href=\"index.jsp\">Home</a></p>");
out.println("</body>");
out.println("</html>");
} catch (IOException ex) {
log.error(ex.getMessage(), ex);
}
}
Example 10
| Source File: MCRShibbolethLoginServlet.java From mycore with GNU General Public License v3.0 | 4 votes |
|
public void doGetPost(MCRServletJob job) throws Exception {
HttpServletRequest req = job.getRequest();
HttpServletResponse res = job.getResponse();
String msg = null;
String uid = (String) req.getAttribute("uid");
String userId = uid != null ? uid : req.getRemoteUser();
if (userId != null) {
final String realmId = userId.contains("@") ? userId.substring(userId.indexOf("@") + 1) : null;
if (realmId != null && MCRRealmFactory.getRealm(realmId) != null) {
userId = realmId != null ? userId.replace("@" + realmId, "") : userId;
final Map<String, Object> attributes = new HashMap<>();
final MCRUserAttributeMapper attributeMapper = MCRRealmFactory.getAttributeMapper(realmId);
for (final String key : attributeMapper.getAttributeNames()) {
final Object value = req.getAttribute(key);
if (value != null) {
LOGGER.info("received {}:{}", key, value);
attributes.put(key, value);
}
}
MCRUserInformation userinfo;
MCRUser user = MCRUserManager.getUser(userId, realmId);
if (user != null) {
LOGGER.debug("login existing user \"{}\"", user.getUserID());
attributeMapper.mapAttributes(user, attributes);
user.setLastLogin();
MCRUserManager.updateUser(user);
userinfo = user;
} else {
userinfo = new MCRShibbolethUserInformation(userId, realmId, attributes);
}
MCRSessionMgr.getCurrentSession().setUserInformation(userinfo);
// MCR-1154
req.changeSessionId();
res.sendRedirect(res.encodeRedirectURL(req.getParameter("url")));
return;
} else {
msg = "Login from realm \"" + realmId + "\" is not allowed.";
}
} else {
msg = "Principal could not be received from IDP.";
}
job.getResponse().sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
}
Example 11
| Source File: WebSessionSelfTest.java From ignite with Apache License 2.0 | 4 votes |
|
/** {@inheritDoc} */
@Override protected void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
HttpSession ses = req.getSession();
assertNotNull(ses);
if (req.getPathInfo().equals("/chngsesid")) {
ses.setAttribute("key1", "val1");
X.println(">>>", "Created session: " + ses.getId(), ">>>");
res.getWriter().println(req.getSession().getId());
String newId = req.changeSessionId();
// new id from genuine session.
res.getWriter().println(newId);
// new id from WebSession.
res.getWriter().println(req.getSession().getId());
res.getWriter().flush();
}
else if (req.getPathInfo().equals("/simple")) {
res.getWriter().println(req.getSession().getId());
res.getWriter().println(req.getSession().getAttribute("key1"));
res.getWriter().println(req.isRequestedSessionIdValid());
try {
req.getSession().invalidate();
res.getWriter().println(INVALIDATED);
}
catch (Exception ignored) {
res.getWriter().println(FAILED);
}
res.getWriter().flush();
}
else
throw new ServletException("Nonexisting path: " + req.getPathInfo());
}
Example 12
| Source File: HttpSessionIdListenerTest.java From piranha with BSD 3-Clause "New" or "Revised" License | 3 votes |
|
/**
* Process GET method.
*
* @param request the request.
* @param response the response.
* @throws IOException when an I/O error occurs.
* @throws ServletException when a Servlet error occurs.
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
request.getServletContext().setAttribute("originalSessionId",
request.getSession().getId());
request.changeSessionId();
}
