Java Code Examples for org.apache.catalina.connector.Request#getCookies()

The following examples show how to use org.apache.catalina.connector.Request#getCookies() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: CrossSubdomainSessionValve.java    From scipio-erp with Apache License 2.0 6 votes vote down vote up
public @Override void invoke(Request request, Response response) throws IOException, ServletException {

        // this will cause Request.doGetSession to create the session cookie if necessary
        request.getSession(true);

        // replace any Tomcat-generated session cookies with our own
        Cookie[] cookies = request.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (SessionConfig.getSessionCookieName(null).equals(cookie.getName())) {
                    replaceCookie(request, response, cookie);
                }
            }
        }

        // process the next valve
        getNext().invoke(request, response);
    }
 
Example 2
Source File: AbstractAccessLogValve.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
public void addElement(CharArrayWriter buf, Date date, Request request,
        Response response, long time) {
    String value = "-";
    Cookie[] c = request.getCookies();
    if (c != null) {
        for (int i = 0; i < c.length; i++) {
            if (header.equals(c[i].getName())) {
                value = c[i].getValue();
                break;
            }
        }
    }
    buf.append(value);
}
 
Example 3
Source File: ExtendedAccessLogValve.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
public void addElement(CharArrayWriter buf, Date date, Request request,
        Response response, long time) {
    Cookie[] c = request.getCookies();
    for (int i = 0; c != null && i < c.length; i++) {
        if (name.equals(c[i].getName())) {
            buf.append(wrap(c[i].getValue()));
        }
    }
}
 
Example 4
Source File: ExtendedAccessLogValve.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request,
        Response response, long time) {
    Cookie[] c = request.getCookies();
    for (int i = 0; c != null && i < c.length; i++) {
        if (name.equals(c[i].getName())) {
            buf.append(wrap(c[i].getValue()));
        }
    }
}
 
Example 5
Source File: AccessLogValve.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request,
        Response response, long time) {
    String value = "-";
    Cookie[] c = request.getCookies();
    if (c != null) {
        for (int i = 0; i < c.length; i++) {
            if (header.equals(c[i].getName())) {
                value = c[i].getValue();
                break;
            }
        }
    }
    buf.append(value);
}
 
Example 6
Source File: ExtendedAccessLogValve.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request,
        Response response, long time) {
    Cookie[] c = request.getCookies();
    for (int i = 0; c != null && i < c.length; i++) {
        if (name.equals(c[i].getName())) {
            buf.append(wrap(c[i].getValue()));
        }
    }
}
 
Example 7
Source File: AccessLogValve.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request,
        Response response, long time) {
    String value = "-";
    Cookie[] c = request.getCookies();
    if (c != null) {
        for (int i = 0; i < c.length; i++) {
            if (header.equals(c[i].getName())) {
                value = c[i].getValue();
                break;
            }
        }
    }
    buf.append(value);
}
 
Example 8
Source File: SingleSignOn.java    From Tomcat8-Source-Read with MIT License 4 votes vote down vote up
/**
 * Perform single-sign-on support processing for this request.
 *
 * @param request The servlet request we are processing
 * @param response The servlet response we are creating
 *
 * @exception IOException if an input/output error occurs
 * @exception ServletException if a servlet error occurs
 */
@Override
public void invoke(Request request, Response response)
    throws IOException, ServletException {

    request.removeNote(Constants.REQ_SSOID_NOTE);

    // Has a valid user already been authenticated?
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.invoke", request.getRequestURI()));
    }
    if (request.getUserPrincipal() != null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.hasPrincipal",
                    request.getUserPrincipal().getName()));
        }
        getNext().invoke(request, response);
        return;
    }

    // Check for the single sign on cookie
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.cookieCheck"));
    }
    Cookie cookie = null;
    Cookie cookies[] = request.getCookies();
    if (cookies != null) {
        for (int i = 0; i < cookies.length; i++) {
            if (Constants.SINGLE_SIGN_ON_COOKIE.equals(cookies[i].getName())) {
                cookie = cookies[i];
                break;
            }
        }
    }
    if (cookie == null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.cookieNotFound"));
        }
        getNext().invoke(request, response);
        return;
    }

    // Look up the cached Principal associated with this cookie value
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.principalCheck",
                cookie.getValue()));
    }
    SingleSignOnEntry entry = cache.get(cookie.getValue());
    if (entry != null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.principalFound",
                    entry.getPrincipal() != null ? entry.getPrincipal().getName() : "",
                    entry.getAuthType()));
        }
        request.setNote(Constants.REQ_SSOID_NOTE, cookie.getValue());
        // Only set security elements if reauthentication is not required
        if (!getRequireReauthentication()) {
            request.setAuthType(entry.getAuthType());
            request.setUserPrincipal(entry.getPrincipal());
        }
    } else {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.principalNotFound",
                    cookie.getValue()));
        }
        // No need to return a valid SSO session ID
        cookie.setValue("REMOVE");
        // Age of zero will trigger removal
        cookie.setMaxAge(0);
        // Domain and path have to match the original cookie to 'replace'
        // the original cookie
        cookie.setPath("/");
        String domain = getCookieDomain();
        if (domain != null) {
            cookie.setDomain(domain);
        }
        // This is going to trigger a Set-Cookie header. While the value is
        // not security sensitive, ensure that expectations for secure and
        // httpOnly are met
        cookie.setSecure(request.isSecure());
        if (request.getServletContext().getSessionCookieConfig().isHttpOnly() ||
                request.getContext().getUseHttpOnly()) {
            cookie.setHttpOnly(true);
        }

        response.addCookie(cookie);
    }

    // Invoke the next Valve in our pipeline
    getNext().invoke(request, response);
}
 
Example 9
Source File: FormAuthenticator.java    From Tomcat8-Source-Read with MIT License 4 votes vote down vote up
/**
 * Save the original request information into our session.
 *
 * @param request The request to be saved
 * @param session The session to contain the saved information
 * @throws IOException if an IO error occurred during the process
 */
protected void saveRequest(Request request, Session session)
    throws IOException {

    // Create and populate a SavedRequest object for this request
    SavedRequest saved = new SavedRequest();
    Cookie cookies[] = request.getCookies();
    if (cookies != null) {
        for (int i = 0; i < cookies.length; i++) {
            saved.addCookie(cookies[i]);
        }
    }
    Enumeration<String> names = request.getHeaderNames();
    while (names.hasMoreElements()) {
        String name = names.nextElement();
        Enumeration<String> values = request.getHeaders(name);
        while (values.hasMoreElements()) {
            String value = values.nextElement();
            saved.addHeader(name, value);
        }
    }
    Enumeration<Locale> locales = request.getLocales();
    while (locales.hasMoreElements()) {
        Locale locale = locales.nextElement();
        saved.addLocale(locale);
    }

    // May need to acknowledge a 100-continue expectation
    request.getResponse().sendAcknowledgement();

    int maxSavePostSize = request.getConnector().getMaxSavePostSize();
    if (maxSavePostSize != 0) {
        ByteChunk body = new ByteChunk();
        body.setLimit(maxSavePostSize);

        byte[] buffer = new byte[4096];
        int bytesRead;
        InputStream is = request.getInputStream();

        while ( (bytesRead = is.read(buffer) ) >= 0) {
            body.append(buffer, 0, bytesRead);
        }

        // Only save the request body if there is something to save
        if (body.getLength() > 0) {
            saved.setContentType(request.getContentType());
            saved.setBody(body);
        }
    }

    saved.setMethod(request.getMethod());
    saved.setQueryString(request.getQueryString());
    saved.setRequestURI(request.getRequestURI());
    saved.setDecodedRequestURI(request.getDecodedRequestURI());

    // Stash the SavedRequest in our session for later use
    session.setNote(Constants.FORM_REQUEST_NOTE, saved);
}
 
Example 10
Source File: LoadBalancerDrainingValve.java    From Tomcat8-Source-Read with MIT License 4 votes vote down vote up
@Override
public void invoke(Request request, Response response) throws IOException, ServletException {
    if  ("DIS".equals(request.getAttribute(ATTRIBUTE_KEY_JK_LB_ACTIVATION)) &&
            !request.isRequestedSessionIdValid()) {

        if (containerLog.isDebugEnabled()) {
            containerLog.debug("Load-balancer is in DISABLED state; draining this node");
        }

        boolean ignoreRebalance = false;
        Cookie sessionCookie = null;

        final Cookie[] cookies = request.getCookies();

        final String sessionCookieName = SessionConfig.getSessionCookieName(request.getContext());

        if (null != cookies) {
            for (Cookie cookie : cookies) {
                final String cookieName = cookie.getName();
                if (containerLog.isTraceEnabled()) {
                    containerLog.trace("Checking cookie " + cookieName + "=" + cookie.getValue());
                }

                if (sessionCookieName.equals(cookieName) &&
                        request.getRequestedSessionId().equals(cookie.getValue())) {
                    sessionCookie = cookie;
                } else if (null != _ignoreCookieName &&
                        _ignoreCookieName.equals(cookieName) &&
                        null != _ignoreCookieValue &&
                        _ignoreCookieValue.equals(cookie.getValue())) {
                    // The client presenting a valid ignore-cookie value?
                    ignoreRebalance = true;
                }
            }
        }

        if (ignoreRebalance) {
            if (containerLog.isDebugEnabled()) {
                containerLog.debug("Client is presenting a valid " + _ignoreCookieName +
                        " cookie, re-balancing is being skipped");
            }

            getNext().invoke(request, response);

            return;
        }

        // Kill any session cookie that was found
        // TODO: Consider implications of SSO cookies
        if (null != sessionCookie) {
            sessionCookie.setPath(SessionConfig.getSessionCookiePath(request.getContext()));
            sessionCookie.setMaxAge(0); // Delete
            sessionCookie.setValue(""); // Purge the cookie's value
            response.addCookie(sessionCookie);
        }

        // Re-write the URI if it contains a ;jsessionid parameter
        String uri = request.getRequestURI();
        String sessionURIParamName = SessionConfig.getSessionUriParamName(request.getContext());
        if (uri.contains(";" + sessionURIParamName + "=")) {
            uri = uri.replaceFirst(";" + sessionURIParamName + "=[^&?]*", "");
        }

        String queryString = request.getQueryString();

        if (null != queryString) {
            uri = uri + "?" + queryString;
        }

        // NOTE: Do not call response.encodeRedirectURL or the bad
        // sessionid will be restored
        response.setHeader("Location", uri);
        response.setStatus(_redirectStatusCode);
    } else {
        getNext().invoke(request, response);
    }
}
 
Example 11
Source File: SingleSignOn.java    From Tomcat7.0.67 with Apache License 2.0 4 votes vote down vote up
/**
 * Perform single-sign-on support processing for this request.
 *
 * @param request The servlet request we are processing
 * @param response The servlet response we are creating
 *
 * @exception IOException if an input/output error occurs
 * @exception ServletException if a servlet error occurs
 */
@Override
public void invoke(Request request, Response response)
    throws IOException, ServletException {

    request.removeNote(Constants.REQ_SSOID_NOTE);

    // Has a valid user already been authenticated?
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.invoke", request.getRequestURI()));
    }
    if (request.getUserPrincipal() != null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.hasPrincipal",
                    request.getUserPrincipal().getName()));
        }
        getNext().invoke(request, response);
        return;
    }

    // Check for the single sign on cookie
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.cookieCheck"));
    }
    Cookie cookie = null;
    Cookie cookies[] = request.getCookies();
    if (cookies != null) {
        for (int i = 0; i < cookies.length; i++) {
            if (Constants.SINGLE_SIGN_ON_COOKIE.equals(cookies[i].getName())) {
                cookie = cookies[i];
                break;
            }
        }
    }
    if (cookie == null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.cookieNotFound"));
        }
        getNext().invoke(request, response);
        return;
    }

    // Look up the cached Principal associated with this cookie value
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.principalCheck",
                cookie.getValue()));
    }
    SingleSignOnEntry entry = cache.get(cookie.getValue());
    if (entry != null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.principalFound",
                    entry.getPrincipal() != null ? entry.getPrincipal().getName() : "",
                    entry.getAuthType()));
        }
        request.setNote(Constants.REQ_SSOID_NOTE, cookie.getValue());
        // Only set security elements if reauthentication is not required
        if (!getRequireReauthentication()) {
            request.setAuthType(entry.getAuthType());
            request.setUserPrincipal(entry.getPrincipal());
        }
    } else {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.principalNotFound",
                    cookie.getValue()));
        }
        // No need to return a valid SSO session ID
        cookie.setValue("REMOVE");
        // Age of zero will trigger removal
        cookie.setMaxAge(0);
        // Domain and path have to match the original cookie to 'replace'
        // the original cookie
        cookie.setPath("/");
        String domain = getCookieDomain();
        if (domain != null) {
            cookie.setDomain(domain);
        }
        // This is going to trigger a Set-Cookie header. While the value is
        // not security sensitive, ensure that expectations for secure and
        // httpOnly are met
        cookie.setSecure(request.isSecure());
        if (request.getServletContext().getSessionCookieConfig().isHttpOnly() ||
                request.getContext().getUseHttpOnly()) {
            cookie.setHttpOnly(true);
        }

        response.addCookie(cookie);
    }

    // Invoke the next Valve in our pipeline
    getNext().invoke(request, response);
}
 
Example 12
Source File: FormAuthenticator.java    From Tomcat7.0.67 with Apache License 2.0 4 votes vote down vote up
/**
 * Save the original request information into our session.
 *
 * @param request The request to be saved
 * @param session The session to contain the saved information
 * @throws IOException
 */
protected void saveRequest(Request request, Session session)
    throws IOException {

    // Create and populate a SavedRequest object for this request
    SavedRequest saved = new SavedRequest();
    Cookie cookies[] = request.getCookies();
    if (cookies != null) {
        for (int i = 0; i < cookies.length; i++) {
            saved.addCookie(cookies[i]);
        }
    }
    Enumeration<String> names = request.getHeaderNames();
    while (names.hasMoreElements()) {
        String name = names.nextElement();
        Enumeration<String> values = request.getHeaders(name);
        while (values.hasMoreElements()) {
            String value = values.nextElement();
            saved.addHeader(name, value);
        }
    }
    Enumeration<Locale> locales = request.getLocales();
    while (locales.hasMoreElements()) {
        Locale locale = locales.nextElement();
        saved.addLocale(locale);
    }

    // May need to acknowledge a 100-continue expectation
    request.getResponse().sendAcknowledgement();

    ByteChunk body = new ByteChunk();
    body.setLimit(request.getConnector().getMaxSavePostSize());

    byte[] buffer = new byte[4096];
    int bytesRead;
    InputStream is = request.getInputStream();

    while ( (bytesRead = is.read(buffer) ) >= 0) {
        body.append(buffer, 0, bytesRead);
    }

    // Only save the request body if there is something to save
    if (body.getLength() > 0) {
        saved.setContentType(request.getContentType());
        saved.setBody(body);
    }

    saved.setMethod(request.getMethod());
    saved.setQueryString(request.getQueryString());
    saved.setRequestURI(request.getRequestURI());
    saved.setDecodedRequestURI(request.getDecodedRequestURI());

    // Stash the SavedRequest in our session for later use
    session.setNote(Constants.FORM_REQUEST_NOTE, saved);
}
 
Example 13
Source File: SingleSignOn.java    From tomcatsrc with Apache License 2.0 4 votes vote down vote up
/**
 * Perform single-sign-on support processing for this request.
 *
 * @param request The servlet request we are processing
 * @param response The servlet response we are creating
 *
 * @exception IOException if an input/output error occurs
 * @exception ServletException if a servlet error occurs
 */
@Override
public void invoke(Request request, Response response)
    throws IOException, ServletException {

    request.removeNote(Constants.REQ_SSOID_NOTE);

    // Has a valid user already been authenticated?
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.invoke", request.getRequestURI()));
    }
    if (request.getUserPrincipal() != null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.hasPrincipal",
                    request.getUserPrincipal().getName()));
        }
        getNext().invoke(request, response);
        return;
    }

    // Check for the single sign on cookie
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.cookieCheck"));
    }
    Cookie cookie = null;
    Cookie cookies[] = request.getCookies();
    if (cookies != null) {
        for (int i = 0; i < cookies.length; i++) {
            if (Constants.SINGLE_SIGN_ON_COOKIE.equals(cookies[i].getName())) {
                cookie = cookies[i];
                break;
            }
        }
    }
    if (cookie == null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.cookieNotFound"));
        }
        getNext().invoke(request, response);
        return;
    }

    // Look up the cached Principal associated with this cookie value
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.principalCheck",
                cookie.getValue()));
    }
    SingleSignOnEntry entry = cache.get(cookie.getValue());
    if (entry != null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.principalFound",
                    entry.getPrincipal() != null ? entry.getPrincipal().getName() : "",
                    entry.getAuthType()));
        }
        request.setNote(Constants.REQ_SSOID_NOTE, cookie.getValue());
        // Only set security elements if reauthentication is not required
        if (!getRequireReauthentication()) {
            request.setAuthType(entry.getAuthType());
            request.setUserPrincipal(entry.getPrincipal());
        }
    } else {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.principalNotFound",
                    cookie.getValue()));
        }
        // No need to return a valid SSO session ID
        cookie.setValue("REMOVE");
        // Age of zero will trigger removal
        cookie.setMaxAge(0);
        // Domain and path have to match the original cookie to 'replace'
        // the original cookie
        cookie.setPath("/");
        String domain = getCookieDomain();
        if (domain != null) {
            cookie.setDomain(domain);
        }
        // This is going to trigger a Set-Cookie header. While the value is
        // not security sensitive, ensure that expectations for secure and
        // httpOnly are met
        cookie.setSecure(request.isSecure());
        if (request.getServletContext().getSessionCookieConfig().isHttpOnly() ||
                request.getContext().getUseHttpOnly()) {
            cookie.setHttpOnly(true);
        }

        response.addCookie(cookie);
    }

    // Invoke the next Valve in our pipeline
    getNext().invoke(request, response);
}
 
Example 14
Source File: FormAuthenticator.java    From tomcatsrc with Apache License 2.0 4 votes vote down vote up
/**
 * Save the original request information into our session.
 *
 * @param request The request to be saved
 * @param session The session to contain the saved information
 * @throws IOException
 */
protected void saveRequest(Request request, Session session)
    throws IOException {

    // Create and populate a SavedRequest object for this request
    SavedRequest saved = new SavedRequest();
    Cookie cookies[] = request.getCookies();
    if (cookies != null) {
        for (int i = 0; i < cookies.length; i++) {
            saved.addCookie(cookies[i]);
        }
    }
    Enumeration<String> names = request.getHeaderNames();
    while (names.hasMoreElements()) {
        String name = names.nextElement();
        Enumeration<String> values = request.getHeaders(name);
        while (values.hasMoreElements()) {
            String value = values.nextElement();
            saved.addHeader(name, value);
        }
    }
    Enumeration<Locale> locales = request.getLocales();
    while (locales.hasMoreElements()) {
        Locale locale = locales.nextElement();
        saved.addLocale(locale);
    }

    // May need to acknowledge a 100-continue expectation
    request.getResponse().sendAcknowledgement();

    ByteChunk body = new ByteChunk();
    body.setLimit(request.getConnector().getMaxSavePostSize());

    byte[] buffer = new byte[4096];
    int bytesRead;
    InputStream is = request.getInputStream();

    while ( (bytesRead = is.read(buffer) ) >= 0) {
        body.append(buffer, 0, bytesRead);
    }

    // Only save the request body if there is something to save
    if (body.getLength() > 0) {
        saved.setContentType(request.getContentType());
        saved.setBody(body);
    }

    saved.setMethod(request.getMethod());
    saved.setQueryString(request.getQueryString());
    saved.setRequestURI(request.getRequestURI());
    saved.setDecodedRequestURI(request.getDecodedRequestURI());

    // Stash the SavedRequest in our session for later use
    session.setNote(Constants.FORM_REQUEST_NOTE, saved);
}