Java Code Examples for org.apache.shiro.web.servlet.Cookie#saveTo()

The following examples show how to use org.apache.shiro.web.servlet.Cookie#saveTo() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: AbstractIamAuthenticationFilter.java    From super-cloudops with Apache License 2.0 6 votes vote down vote up
/**
 * Puts principal authorization info(roles/permissions) and common security
 * headers to cookies.(if necessary)
 * 
 * @param token
 * @param request
 * @param response
 * @return
 */
protected Map<String, String> putAuthzInfoCookiesAndSecurityIfNecessary(AuthenticationToken token, ServletRequest request,
		ServletResponse response) {
	Map<String, String> authzInfo = new HashMap<>();

	// Gets permits URl.
	String permitUrl = getRFCBaseURI(toHttp(request), true) + URI_S_LOGIN_BASE + "/" + URI_S_LOGIN_PERMITS;
	authzInfo.put(config.getParam().getAuthzPermitsName(), permitUrl);
	if (isBrowser(toHttp(request))) {
		// Sets authorizes permits info.
		Cookie c = new IamCookie(config.getCookie());
		c.setName(config.getParam().getAuthzPermitsName());
		c.setValue(permitUrl);
		c.setMaxAge(60);
		c.saveTo(toHttp(request), toHttp(response));

		// Sets common security headers.
		setSecurityHeadersIfNecessary(token, request, response);
	}

	return authzInfo;
}
 
Example 2
Source File: SessionManager.java    From easyweb with Apache License 2.0 6 votes vote down vote up
@Override
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
	// 如果参数中包含“__sid”参数,则使用此sid会话。 例如:http://localhost/project?__sid=xxx&__cookie=true
	String sid = request.getParameter("__sid");
	if (StringUtils.isNotBlank(sid)) {
		// 是否将sid保存到cookie,浏览器模式下使用此参数。
		if (WebUtils.isTrue(request, "__cookie")){
	        HttpServletRequest rq = (HttpServletRequest)request;
	        HttpServletResponse rs = (HttpServletResponse)response;
			Cookie template = getSessionIdCookie();
	        Cookie cookie = new SimpleCookie(template);
			cookie.setValue(sid); cookie.saveTo(rq, rs);
		}
		// 设置当前session状态
           request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
                   ShiroHttpServletRequest.URL_SESSION_ID_SOURCE); // session来源与url
           request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, sid);
           request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
       	return sid;
	}else{
		return super.getSessionId(request, response);
	}
}
 
Example 3
Source File: CookieRememberMeManager.java    From nano-framework with Apache License 2.0 6 votes vote down vote up
@Override
protected void rememberSerializedIdentity(Subject subject, byte[] serialized) {
    if (!WebUtils.isHttp(subject)) {
        if (LOGGER.isDebugEnabled()) {
            String msg = "Subject argument is not an HTTP-aware instance.  This is required to obtain a servlet " +
                    "request and response in order to set the rememberMe cookie. Returning immediately and " +
                    "ignoring rememberMe operation.";
            LOGGER.debug(msg);
        }
        
        return;
    }


    HttpServletRequest request = WebUtils.getHttpRequest(subject);
    HttpServletResponse response = WebUtils.getHttpResponse(subject);

    // base 64 encode it and store as a cookie:
    String base64 = Base64.encodeToString(serialized);

    // the class attribute is really a template for the outgoing cookies
    Cookie cookie = getCookie(); 
    cookie.setValue(base64);
    cookie.saveTo(request, response);
}
 
Example 4
Source File: DefaultWebSessionManager.java    From nano-framework with Apache License 2.0 5 votes vote down vote up
private void storeSessionId(final Serializable currentId, final HttpServletRequest request, final HttpServletResponse response) {
    if (currentId == null) {
        String msg = "sessionId cannot be null when persisting for subsequent requests.";
        throw new IllegalArgumentException(msg);
    }
    
    final String idString = currentId.toString();
    final Cookie cookie = getSessionIdCookie();
    cookie.setValue(idString);
    cookie.saveTo(request, response);
    LOGGER.debug("Set session ID cookie for session with id {}", idString);
}
 
Example 5
Source File: CookieXsrfTokenRepository.java    From super-cloudops with Apache License 2.0 4 votes vote down vote up
@Override
public void saveXToken(XsrfToken xtoken, HttpServletRequest request, HttpServletResponse response) {
	String xtokenValue = isNull(xtoken) ? EMPTY : xtoken.getXsrfToken();

	// Delete older xsrf token from cookie.
	int version = -1;
	Cookie oldCookie = IamCookie.build(getCookie(request, getXsrfTokenCookieName(request)));
	if (!isNull(oldCookie)) {
		version = oldCookie.getVersion();
		oldCookie.removeFrom(request, response);
	}

	// New xsrf token to cookie.
	Cookie cookie = new IamCookie(coreConfig.getCookie());
	cookie.setName(getXsrfTokenCookieName(request));
	cookie.setSecure(request.isSecure());
	cookie.setValue(xtokenValue);
	cookie.setVersion(++version);
	if (!isBlank(xconfig.getCookiePath())) {
		cookie.setPath(xconfig.getCookiePath());
	} else {
		// When the root path of web application access is path='/' and the
		// front and back ends are separately deployed, the browser
		// document.cookie can only get cookie of path='/'
		cookie.setPath("/");
		// cookie.setPath(getRequestContext(request));
	}
	if (isNull(xtoken)) {
		cookie.setMaxAge(0);
	} else {
		cookie.setMaxAge(-1);
	}
	// For the implementation of xsrf token, for the front-end and back-end
	// separation architecture, generally JS obtains and appends the cookie
	// to the headers. At this time, httponly=true cannot be set
	cookie.setHttpOnly(xconfig.isCookieHttpOnly());

	// Note: due to the cross domain limitation of set cookie, it can only
	// be set to the current domain or parent domain.
	cookie.setDomain(getXsrfTokenCookieDomain(request));

	cookie.saveTo(request, response);
}
 
Example 6
Source File: AbstractIamSessionManager.java    From super-cloudops with Apache License 2.0 3 votes vote down vote up
/**
 * Do save sessionId to cookie. </br>
 * 
 * <p style='color:red'>
 * Note: Chrome80+ Cookie default by SameSite=Lax </br>
 * </br>
 * You can customize the extension to fit different browser restrictions.
 * </p>
 * 
 * @param request
 * @param response
 * @param sessionId
 */
protected void doStorageSessionIdToCookie(HttpServletRequest request, HttpServletResponse response, Serializable sessionId) {
	// Sets session cookie.
	Cookie sid = new IamCookie(getSessionIdCookie());
	// sid.setValue(valueOf(sessionId)+"; SameSite=None; Secure");
	sid.setValue(valueOf(sessionId));
	sid.saveTo(request, response);
}