Java Code Examples for java.net.HttpCookie#setHttpOnly()

The following examples show how to use java.net.HttpCookie#setHttpOnly() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: HttpResultCoder.java    From redkale with Apache License 2.0 6 votes vote down vote up 
public static List<HttpCookie> getCookieList(ByteBuffer buffer) {
    int len = buffer.getChar();
    if (len == 0) return null;
    final List<HttpCookie> list = new ArrayList<>(len);
    for (int i = 0; i < len; i++) {
        HttpCookie cookie = new HttpCookie(getShortString(buffer), getShortString(buffer));
        cookie.setDomain(getShortString(buffer));
        cookie.setPath(getShortString(buffer));
        cookie.setPortlist(getShortString(buffer));
        cookie.setMaxAge(buffer.getLong());
        cookie.setSecure(buffer.get() == 1);
        cookie.setHttpOnly(buffer.get() == 1);
        list.add(cookie);
    }
    return list;
}
Example 2
Source File: UserServlet.java    From redkale-demo with Apache License 2.0 6 votes vote down vote up 
/**
 * 用户登陆
 *
 * @param req
 * @param resp
 *
 * @throws IOException
 */
@HttpMapping(url = "/user/login", auth = false)
public void login(HttpRequest req, HttpResponse resp) throws IOException {
    LoginBean bean = req.getJsonParameter(LoginBean.class, "bean");
    if (bean == null) bean = new LoginBean();
    if (!bean.emptyPassword()) bean.setPassword(UserService.secondPasswordMD5(bean.getPassword()));
    bean.setLoginagent(req.getHeader("User-Agent"));
    bean.setLoginip(req.getRemoteAddr());
    String oldsessionid = req.getSessionid(false);
    if (oldsessionid != null && !oldsessionid.isEmpty()) service.logout(oldsessionid);
    bean.setSessionid(req.changeSessionid());
    RetResult<UserInfo> result = service.login(bean);
    if (result.isSuccess() && !bean.emptyPassword()) { //必须是密码登录类
        if (bean.getCacheday() > 0 && bean.emptyCookieinfo()) {  //保存N天 
            UserInfo info = result.getResult();
            int age = bean.getCacheday() * 24 * 60 * 60;
            String key = (bean.emptyApptoken() ? "" : (bean.getApptoken() + "#")) + info.getUser36id() + "$0" + bean.getPassword() + "?" + age + "-" + System.currentTimeMillis();
            HttpCookie cookie = new HttpCookie(COOKIE_AUTOLOGIN, UserService.encryptAES(key));
            cookie.setHttpOnly(true);
            cookie.setPath("/");
            cookie.setMaxAge(age);
            resp.addCookie(cookie);
        }
    }
    resp.finishJson(result);
}
Example 3
Source File: ZosmfScheme.java    From api-layer with Eclipse Public License 2.0 5 votes vote down vote up 
private void createCookie(Cookies cookies, String name, String token) {
    HttpCookie jwtCookie = new HttpCookie(name, token);
    jwtCookie.setSecure(true);
    jwtCookie.setHttpOnly(true);
    jwtCookie.setVersion(0);
    cookies.set(jwtCookie);
}
Example 4
Source File: JsonCookie.java    From keywhiz with Apache License 2.0 5 votes vote down vote up 
public static HttpCookie toHttpCookie(JsonCookie cookieContents) {
  HttpCookie cookie = new HttpCookie(cookieContents.name(), cookieContents.value());
  cookie.setDomain(cookieContents.domain());
  cookie.setPath(cookieContents.path());
  cookie.setSecure(cookieContents.isSecure());
  cookie.setHttpOnly(cookieContents.isHttpOnly());
  cookie.setVersion(1); // Always set version to 1 or important fields will be dropped
  return cookie;
}
Example 5
Source File: UserServlet.java    From redkale-demo with Apache License 2.0 5 votes vote down vote up 
@HttpMapping(url = "/user/qqlogin", auth = false)
public void qqlogin(HttpRequest req, HttpResponse resp) throws IOException {
    String access_token = req.getParameter("access_token");
    String openid = req.getParameter("openid");
    if (finest) logger.finest("/user/qqlogin :  " + openid + "," + access_token);
    LoginQQBean bean = new LoginQQBean();
    bean.setAccesstoken(access_token);
    bean.setApptoken(req.getParameter("apptoken", ""));
    bean.setOpenid(openid);
    bean.setLoginaddr(req.getRemoteAddr());
    bean.setLoginagent(req.getHeader("User-Agent"));
    bean.setSessionid(req.changeSessionid());
    RetResult<UserInfo> rr = service.qqlogin(bean);
    if (rr.isSuccess()) {
        UserInfo info = rr.getResult();
        int age = 1000 * 24 * 60 * 60;
        String key = info.getUser36id() + "$2" + info.getQqopenid() + "?" + age + "-" + System.currentTimeMillis();
        HttpCookie cookie = new HttpCookie(COOKIE_AUTOLOGIN, UserService.encryptAES(key));
        cookie.setHttpOnly(true);
        cookie.setPath("/");
        cookie.setMaxAge(age);
        resp.addCookie(cookie);
    }
    if (access_token == null || access_token.isEmpty()) {
        resp.setHeader("Location", req.getParameter("url", "/"));
        resp.finish(302, null);
    } else { //APP 模式
        resp.finishJson(rr);
    }
}
Example 6
Source File: UserServlet.java    From redkale-demo with Apache License 2.0 5 votes vote down vote up 
/**
 * 修改密码
 *
 * @param req
 * @param resp
 *
 * @throws IOException
 */
@HttpMapping(url = "/user/updatepwd")
public void updatepwd(HttpRequest req, HttpResponse resp) throws IOException {
    UserPwdBean bean = req.getJsonParameter(UserPwdBean.class, "bean");
    UserInfo curr = req.currentUser();
    if (curr != null) bean.setSessionid(req.getSessionid(false));
    RetResult<UserInfo> result = service.updatePwd(bean);
    if (result.isSuccess() && curr == null) { //找回的密码
        curr = result.getResult();
        LoginBean loginbean = new LoginBean();
        loginbean.setAccount(curr.getEmail().isEmpty() ? curr.getMobile() : curr.getEmail());
        loginbean.setPassword(UserService.secondPasswordMD5(bean.getNewpwd()));
        loginbean.setSessionid(req.changeSessionid());
        loginbean.setLoginagent(req.getHeader("User-Agent"));
        loginbean.setLoginip(req.getRemoteAddr());
        result = service.login(loginbean);
    }
    String autologin = req.getCookie(COOKIE_AUTOLOGIN);
    if (result.isSuccess() && autologin != null) {
        autologin = UserService.decryptAES(autologin);
        if (autologin.contains("$0")) { //表示COOKIE_AUTOLOGIN 为密码类型存储
            String newpwd = UserService.secondPasswordMD5(bean.getNewpwd());
            int wen = autologin.indexOf('?');
            int mei = autologin.indexOf('$');
            String key = autologin.substring(0, mei + 2) + newpwd + autologin.substring(wen);
            HttpCookie cookie = new HttpCookie(COOKIE_AUTOLOGIN, UserService.encryptAES(key));
            cookie.setHttpOnly(true);
            cookie.setPath("/");
            String time = autologin.substring(wen + 1);
            int fen = time.indexOf('-');
            int age = Integer.parseInt(time.substring(0, fen)); //秒数
            long point = Long.parseLong(time.substring(fen + 1)); //毫秒数
            cookie.setMaxAge(age - (System.currentTimeMillis() - point) / 1000);
            resp.addCookie(cookie);
        }
    }
    resp.finishJson(result);
}
Example 7
Source File: UserServlet.java    From redkale-demo with Apache License 2.0 4 votes vote down vote up 
/**
 * 微信登陆 https://open.weixin.qq.com/connect/qrconnect?appid=wx微信ID&redirect_uri=xxxxx&response_type=code&scope=snsapi_login&state=wx微信ID_1#wechat_redirect
 * 接收两种形式:
 * WEB端微信登录: /user/wxlogin?code=XXXXXX&state=wx微信ID_1&apptoken=XXX
 * APP端微信登录: /user/wxlogin?openid=XXXX&state=1&access_token=XXX&apptoken=XXX
 * <p>
 * @param req
 * @param resp
 *
 * @throws IOException
 */
@HttpMapping(url = "/user/wxlogin", auth = false)
public void wxlogin(HttpRequest req, HttpResponse resp) throws IOException {
    String code = req.getParameter("code");
    String state = req.getParameter("state");  //state值格式: appid_autoregflag

    String access_token = req.getParameter("access_token");
    String openid = req.getParameter("openid");

    if (finest) logger.finest("/user/wxlogin :  code = " + code + ", access_token = " + access_token + ", openid = " + openid + ", state =" + state);
    int pos = state.indexOf('_');
    String appid = pos > 0 ? state.substring(0, pos) : state;
    if (appid.length() < 2) appid = "";
    boolean autoreg = (pos > 0 || "1".equals(state)) ? (state.charAt(pos + 1) == '1') : true;
    final boolean wxbrowser = req.getHeader("User-Agent", "").contains("MicroMessenger");
    LoginWXBean bean = new LoginWXBean();
    { //WEB方式
        bean.setAppid(appid);
        bean.setCode(code);
    }
    { //APP方式
        bean.setAccesstoken(access_token);
        bean.setOpenid(openid);
    }
    bean.setAutoreg(autoreg);
    bean.setApptoken(req.getParameter("apptoken", ""));
    bean.setLoginaddr(req.getRemoteAddr());
    bean.setLoginagent(req.getHeader("User-Agent"));
    if (autoreg) bean.setSessionid(req.changeSessionid());
    RetResult<UserInfo> rr = service.wxlogin(bean);
    if (autoreg && rr.isSuccess() && (wxbrowser || (access_token != null && !access_token.isEmpty()))) {
        UserInfo info = rr.getResult();
        int age = 1000 * 24 * 60 * 60;
        String key = (bean.emptyApptoken() ? "" : (bean.getApptoken() + "#")) + info.getUser36id() + "$1" + info.getWxunionid() + "?" + age + "-" + System.currentTimeMillis();
        HttpCookie cookie = new HttpCookie(COOKIE_AUTOLOGIN, UserService.encryptAES(key));
        cookie.setHttpOnly(true);
        cookie.setPath("/");
        cookie.setMaxAge(age);
        resp.addCookie(cookie);
    }
    if (access_token == null || access_token.isEmpty()) { //WEB登录
        resp.setHeader("Location", req.getParameter("url", "/"));
        resp.finish(302, null);
    } else { //APP 模式
        resp.finishJson(rr);
    }
}