Java Code Examples for io.undertow.server.handlers.Cookie#getValue()

The following examples show how to use io.undertow.server.handlers.Cookie#getValue() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: HttpServerExchange.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Sets a response cookie
 *
 * @param cookie The cookie
 */
public HttpServerExchange setResponseCookie(final Cookie cookie) {
    if(getConnection().getUndertowOptions().get(UndertowOptions.ENABLE_RFC6265_COOKIE_VALIDATION, UndertowOptions.DEFAULT_ENABLE_RFC6265_COOKIE_VALIDATION)) {
        if (cookie.getValue() != null && !cookie.getValue().isEmpty()) {
            Rfc6265CookieSupport.validateCookieValue(cookie.getValue());
        }
        if (cookie.getPath() != null && !cookie.getPath().isEmpty()) {
            Rfc6265CookieSupport.validatePath(cookie.getPath());
        }
        if (cookie.getDomain() != null && !cookie.getDomain().isEmpty()) {
            Rfc6265CookieSupport.validateDomain(cookie.getDomain());
        }
    }
    if (responseCookies == null) {
        responseCookies = new TreeMap<>(); //hashmap is slow to allocate in JDK7
    }
    responseCookies.put(cookie.getName(), cookie);
    return this;
}
 
Example 2
Source File: HttpServerExchange.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
/**
 * Sets a response cookie
 *
 * @param cookie The cookie
 */
public HttpServerExchange setResponseCookie(final Cookie cookie) {
    if (delegate.getUndertowOptions().get(UndertowOptions.ENABLE_RFC6265_COOKIE_VALIDATION, UndertowOptions.DEFAULT_ENABLE_RFC6265_COOKIE_VALIDATION)) {
        if (cookie.getValue() != null && !cookie.getValue().isEmpty()) {
            Rfc6265CookieSupport.validateCookieValue(cookie.getValue());
        }
        if (cookie.getPath() != null && !cookie.getPath().isEmpty()) {
            Rfc6265CookieSupport.validatePath(cookie.getPath());
        }
        if (cookie.getDomain() != null && !cookie.getDomain().isEmpty()) {
            Rfc6265CookieSupport.validateDomain(cookie.getDomain());
        }
    }
    if (responseCookies == null) {
        responseCookies = new TreeMap<>(); //hashmap is slow to allocate in JDK7
    }
    responseCookies.put(cookie.getName(), cookie);
    return this;
}
 
Example 3
Source File: SingleSignOnAuthenticationMechanism.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) {
    Cookie cookie = exchange.getRequestCookies().get(cookieName);
    if (cookie != null) {
        final String ssoId = cookie.getValue();
        log.tracef("Found SSO cookie %s", ssoId);
        try (SingleSignOn sso = this.singleSignOnManager.findSingleSignOn(ssoId)) {
            if (sso != null) {
                if(log.isTraceEnabled()) {
                    log.tracef("SSO session with ID: %s found.", ssoId);
                }
                Account verified = getIdentityManager(securityContext).verify(sso.getAccount());
                if (verified == null) {
                    if(log.isTraceEnabled()) {
                        log.tracef("Account not found. Returning 'not attempted' here.");
                    }
                    //we return not attempted here to allow other mechanisms to proceed as normal
                    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
                }
                final Session session = getSession(exchange);
                registerSessionIfRequired(sso, session);
                securityContext.authenticationComplete(verified, sso.getMechanismName(), false);
                securityContext.registerNotificationReceiver(new NotificationReceiver() {
                    @Override
                    public void handleNotification(SecurityNotification notification) {
                        if (notification.getEventType() == SecurityNotification.EventType.LOGGED_OUT) {
                            singleSignOnManager.removeSingleSignOn(sso);
                        }
                    }
                });
                log.tracef("Authenticated account %s using SSO", verified.getPrincipal().getName());
                return AuthenticationMechanismOutcome.AUTHENTICATED;
            }
        }
        clearSsoCookie(exchange);
    }
    exchange.addResponseWrapper(responseListener);
    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
 
Example 4
Source File: InboundCookiesHandler.java    From mangooio with Apache License 2.0 5 votes vote down vote up
/**
 * Retrieves the value of a cookie with a given name from a HttpServerExchange
 * 
 * @param exchange The exchange containing the cookie
 * @param cookieName The name of the cookie
 * 
 * @return The value of the cookie or null if none found
 */
private String getCookieValue(HttpServerExchange exchange, String cookieName) {
    String value = null;
    Map<String, Cookie> requestCookies = exchange.getRequestCookies();
    if (requestCookies != null) {
        Cookie cookie = exchange.getRequestCookies().get(cookieName);
        if (cookie != null) {
            value = cookie.getValue();
        }  
    }

    return value;
}
 
Example 5
Source File: AdminFilter.java    From mangooio with Apache License 2.0 5 votes vote down vote up
@Override
public Response execute(Request request, Response response) {
    Config config = Application.getInstance(Config.class);
    Cookie cookie = request.getCookie(Default.ADMIN_COOKIE_NAME.toString());
    
    if (cookie != null) {
        String value = cookie.getValue();
        if (StringUtils.isNotBlank(value)) {
            try {
                Paseto paseto = Pasetos.parserBuilder()
                        .setSharedSecret(config.getApplicationSecret().getBytes(StandardCharsets.UTF_8))
                        .build()
                        .parse(value);

                LocalDateTime expiration = LocalDateTime.ofInstant(paseto.getClaims().getExpiration(), ZoneOffset.UTC);

                if (expiration.isAfter(LocalDateTime.now())) {
                    if (paseto.getClaims().containsKey("twofactor") && paseto.getClaims().get("twofactor", Boolean.class)) {
                        return Response.withRedirect("/@admin/twofactor").andEndResponse();
                    }
                    
                    return response;
                }
            } catch (PasetoException e) {
                //NOSONAR Ignore catch
            }
        }
    }
    
    return Response.withRedirect("/@admin/login").andEndResponse();
}
 
Example 6
Source File: JvmRouteHandler.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public StreamSinkConduit wrap(ConduitFactory<StreamSinkConduit> factory, HttpServerExchange exchange) {

    Map<String, Cookie> cookies = exchange.getResponseCookiesInternal();
    if (cookies != null) {
        Cookie sessionId = cookies.get(sessionCookieName);
        if (sessionId != null) {
            StringBuilder sb = new StringBuilder(sessionId.getValue());
            sb.append('.');
            sb.append(jvmRoute);
            sessionId.setValue(sb.toString());
        }
    }
    return factory.create();
}
 
Example 7
Source File: SessionCookieConfig.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public String findSessionId(final HttpServerExchange exchange) {
    Map<String, Cookie> cookies = exchange.getRequestCookies();
    if (cookies != null) {
        Cookie sessionId = cookies.get(cookieName);
        if (sessionId != null) {
            UndertowLogger.SESSION_LOGGER.tracef("Found session cookie session id %s on %s", sessionId, exchange);
            return sessionId.getValue();
        }
    }
    return null;
}
 
Example 8
Source File: CookieAttribute.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public String readAttribute(final HttpServerExchange exchange) {
    Cookie cookie = exchange.getRequestCookies().get(cookieName);
    if (cookie == null) {
        return null;
    }
    return cookie.getValue();
}
 
Example 9
Source File: GenericHeaderAuthenticationMechanism.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
private String getSession(HttpServerExchange exchange) {
    for(String header : sessionCookieNames) {
        Cookie cookie = exchange.getRequestCookies().get(header);
        if(cookie != null) {
            return cookie.getValue();
        }
    }
    return null;
}
 
Example 10
Source File: UndertowServerHttpRequest.java    From spring-analysis-note with MIT License 5 votes vote down vote up
@Override
protected MultiValueMap<String, HttpCookie> initCookies() {
	MultiValueMap<String, HttpCookie> cookies = new LinkedMultiValueMap<>();
	for (String name : this.exchange.getRequestCookies().keySet()) {
		Cookie cookie = this.exchange.getRequestCookies().get(name);
		HttpCookie httpCookie = new HttpCookie(name, cookie.getValue());
		cookies.add(name, httpCookie);
	}
	return cookies;
}
 
Example 11
Source File: UndertowServerHttpRequest.java    From java-technology-stack with MIT License 5 votes vote down vote up
@Override
protected MultiValueMap<String, HttpCookie> initCookies() {
	MultiValueMap<String, HttpCookie> cookies = new LinkedMultiValueMap<>();
	for (String name : this.exchange.getRequestCookies().keySet()) {
		Cookie cookie = this.exchange.getRequestCookies().get(name);
		HttpCookie httpCookie = new HttpCookie(name, cookie.getValue());
		cookies.add(name, httpCookie);
	}
	return cookies;
}
 
Example 12
Source File: JvmRouteHandler.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public void beforeCommit(HttpServerExchange exchange) {

    Map<String, Cookie> cookies = exchange.getResponseCookiesInternal();
    if (cookies != null) {
        Cookie sessionId = cookies.get(sessionCookieName);
        if (sessionId != null) {
            StringBuilder sb = new StringBuilder(sessionId.getValue());
            sb.append('.');
            sb.append(jvmRoute);
            sessionId.setValue(sb.toString());
        }
    }
}
 
Example 13
Source File: SessionCookieConfig.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public String findSessionId(final HttpServerExchange exchange) {
    Map<String, Cookie> cookies = exchange.getRequestCookies();
    if (cookies != null) {
        Cookie sessionId = cookies.get(cookieName);
        if (sessionId != null) {
            UndertowLogger.SESSION_LOGGER.tracef("Found session cookie session id %s on %s", sessionId, exchange);
            return sessionId.getValue();
        }
    }
    return null;
}
 
Example 14
Source File: CookieAttribute.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public String readAttribute(final HttpServerExchange exchange) {
    Cookie cookie = exchange.getRequestCookies().get(cookieName);
    if (cookie == null) {
        return null;
    }
    return cookie.getValue();
}
 
Example 15
Source File: GenericHeaderAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
private String getSession(HttpServerExchange exchange) {
    for (String header : sessionCookieNames) {
        Cookie cookie = exchange.getRequestCookies().get(header);
        if (cookie != null) {
            return cookie.getValue();
        }
    }
    return null;
}
 
Example 16
Source File: SingleSignOnAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) {
    Cookie cookie = exchange.getRequestCookies().get(cookieName);
    if (cookie != null) {
        final String ssoId = cookie.getValue();
        log.tracef("Found SSO cookie %s", ssoId);
        try (SingleSignOn sso = this.singleSignOnManager.findSingleSignOn(ssoId)) {
            if (sso != null) {
                if (log.isTraceEnabled()) {
                    log.tracef("SSO session with ID: %s found.", ssoId);
                }
                Account verified = getIdentityManager(securityContext).verify(sso.getAccount());
                if (verified == null) {
                    if (log.isTraceEnabled()) {
                        log.tracef("Account not found. Returning 'not attempted' here.");
                    }
                    //we return not attempted here to allow other mechanisms to proceed as normal
                    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
                }
                final Session session = getSession(exchange);
                registerSessionIfRequired(sso, session);
                securityContext.authenticationComplete(verified, sso.getMechanismName(), false);
                securityContext.registerNotificationReceiver(new NotificationReceiver() {
                    @Override
                    public void handleNotification(SecurityNotification notification) {
                        if (notification.getEventType() == SecurityNotification.EventType.LOGGED_OUT) {
                            singleSignOnManager.removeSingleSignOn(sso);
                        }
                    }
                });
                log.tracef("Authenticated account %s using SSO", verified.getPrincipal().getName());
                return AuthenticationMechanismOutcome.AUTHENTICATED;
            }
        }
        clearSsoCookie(exchange);
    }
    exchange.addResponseCommitListener(responseListener);
    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
 
Example 17
Source File: LegacyCookieSupport.java    From quarkus-http with Apache License 2.0 4 votes vote down vote up
public static int adjustedCookieVersion(Cookie cookie) {

        /*
         * The spec allows some latitude on when to send the version attribute
         * with a Set-Cookie header. To be nice to clients, we'll make sure the
         * version attribute is first. That means checking the various things
         * that can cause us to switch to a v1 cookie first.
         *_
         * Note that by checking for tokens we will also throw an exception if a
         * control character is encountered.
         */

        int version = cookie.getVersion();

        String value = cookie.getValue();
        String path = cookie.getPath();
        String domain = cookie.getDomain();
        String comment = cookie.getComment();

        // If it is v0, check if we need to switch
        if (version == 0 &&
                (!ALLOW_HTTP_SEPARATORS_IN_V0 && isHttpToken(value) ||
                        ALLOW_HTTP_SEPARATORS_IN_V0 && isV0Token(value))) {
            // HTTP token in value - need to use v1
            version = 1;
        }

        if (version == 0 && comment != null) {
            // Using a comment makes it a v1 cookie
            version = 1;
        }

        if (version == 0 &&
                (!ALLOW_HTTP_SEPARATORS_IN_V0 && isHttpToken(path) ||
                        ALLOW_HTTP_SEPARATORS_IN_V0 && isV0Token(path))) {
            // HTTP token in path - need to use v1
            version = 1;
        }

        if (version == 0 &&
                (!ALLOW_HTTP_SEPARATORS_IN_V0 && isHttpToken(domain) ||
                        ALLOW_HTTP_SEPARATORS_IN_V0 && isV0Token(domain))) {
            // HTTP token in domain - need to use v1
            version = 1;
        }

        return version;
    }
 
Example 18
Source File: LegacyCookieSupport.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
public static int adjustedCookieVersion(Cookie cookie) {

        /*
         * The spec allows some latitude on when to send the version attribute
         * with a Set-Cookie header. To be nice to clients, we'll make sure the
         * version attribute is first. That means checking the various things
         * that can cause us to switch to a v1 cookie first.
         *_
         * Note that by checking for tokens we will also throw an exception if a
         * control character is encountered.
         */

        int version = cookie.getVersion();

        String value = cookie.getValue();
        String path = cookie.getPath();
        String domain = cookie.getDomain();
        String comment = cookie.getComment();

        // If it is v0, check if we need to switch
        if (version == 0 &&
                (!ALLOW_HTTP_SEPARATORS_IN_V0 && isHttpToken(value) ||
                        ALLOW_HTTP_SEPARATORS_IN_V0 && isV0Token(value))) {
            // HTTP token in value - need to use v1
            version = 1;
        }

        if (version == 0 && comment != null) {
            // Using a comment makes it a v1 cookie
            version = 1;
        }

        if (version == 0 &&
                (!ALLOW_HTTP_SEPARATORS_IN_V0 && isHttpToken(path) ||
                        ALLOW_HTTP_SEPARATORS_IN_V0 && isV0Token(path))) {
            // HTTP token in path - need to use v1
            version = 1;
        }

        if (version == 0 &&
                (!ALLOW_HTTP_SEPARATORS_IN_V0 && isHttpToken(domain) ||
                        ALLOW_HTTP_SEPARATORS_IN_V0 && isV0Token(domain))) {
            // HTTP token in domain - need to use v1
            version = 1;
        }

        return version;
    }
 
Example 19
Source File: JWTAuthMechanism.java    From thorntail with Apache License 2.0 4 votes vote down vote up
@Override
protected String getCookieValue(String cookieName) {
    Cookie cookie = httpExchange.getRequestCookies().get(cookieName);
    return cookie != null ? cookie.getValue() : null;
}