Java Code Examples for io.vertx.ext.web.RoutingContext#addCookie()

The following examples show how to use io.vertx.ext.web.RoutingContext#addCookie() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: CSRFHandlerImpl.java    From vertx-web with Apache License 2.0 6 votes vote down vote up
private String generateAndStoreToken(RoutingContext ctx) {
  byte[] salt = new byte[32];
  random.nextBytes(salt);

  String saltPlusToken = BASE64.encodeToString(salt) + "." + System.currentTimeMillis();
  String signature = BASE64.encodeToString(mac.doFinal(saltPlusToken.getBytes()));

  final String token = saltPlusToken + "." + signature;
  // a new token was generated add it to the cookie
  ctx.addCookie(
    Cookie.cookie(cookieName, token)
      .setPath(cookiePath)
      .setHttpOnly(httpOnly)
      // it's not an option to change the same site policy
      .setSameSite(CookieSameSite.STRICT));

  return token;
}
 
Example 2
Source File: PersistentLoginManager.java    From quarkus with Apache License 2.0 5 votes vote down vote up
public void save(SecurityIdentity identity, RoutingContext context, RestoreResult restoreResult) {
    if (restoreResult != null) {
        if (!restoreResult.newCookieNeeded) {
            return;
        }
    }
    try {
        Cipher cipher = Cipher.getInstance(ENC_ALGORITHM);
        byte[] iv = new byte[12];
        secureRandom.nextBytes(iv);
        cipher.init(Cipher.ENCRYPT_MODE, secretKey, new GCMParameterSpec(ENC_TAG_LENGTH, iv));
        StringBuilder contents = new StringBuilder();
        long timeout = System.currentTimeMillis() + timeoutMillis;
        log.debugf("The new cookie will expire at %s", new Date(timeout).toString());
        contents.append(timeout);
        contents.append(":");
        contents.append(identity.getPrincipal().getName());
        byte[] encrypted = cipher.doFinal(contents.toString().getBytes(StandardCharsets.UTF_8));
        ByteBuffer message = ByteBuffer.allocate(1 + iv.length + encrypted.length);
        message.put((byte) iv.length);
        message.put(iv);
        message.put(encrypted);
        String cookieValue = Base64.getEncoder().encodeToString(message.array());
        context.addCookie(Cookie.cookie(cookieName, cookieValue).setPath("/"));
    } catch (Exception e) {
        throw new RuntimeException(e);
    }

}
 
Example 3
Source File: SessionHandlerImpl.java    From graviteeio-access-management with Apache License 2.0 5 votes vote down vote up
private void createNewSession(RoutingContext context) {
    Session session = sessionStore.createSession(sessionTimeout, minLength);
    context.setSession(session);
    Cookie cookie = Cookie.cookie(sessionCookieName, session.value());
    cookie.setPath(sessionCookiePath);
    cookie.setSecure(sessionCookieSecure);
    cookie.setHttpOnly(sessionCookieHttpOnly);
    // Don't set max age - it's a session cookie
    context.addCookie(cookie);
    // only store the user if there's a auth provider
    addStoreSessionHandler(context, authProvider != null);
}
 
Example 4
Source File: SessionHandlerImpl.java    From vertx-web with Apache License 2.0 5 votes vote down vote up
private Cookie sessionCookie(final RoutingContext context, final Session session) {
  Cookie cookie = context.getCookie(sessionCookieName);
  if (cookie != null) {
    return cookie;
  }
  cookie = Cookie.cookie(sessionCookieName, session.value());
  cookie.setPath(sessionCookiePath);
  cookie.setSecure(sessionCookieSecure);
  cookie.setHttpOnly(sessionCookieHttpOnly);
  cookie.setSameSite(cookieSameSite);
  // Don't set max age - it's a session cookie
  context.addCookie(cookie);
  return cookie;
}
 
Example 5
Source File: CookieTestController.java    From nubes with Apache License 2.0 4 votes vote down vote up
@GET("setCookie")
@Cookies
public void setCookie(RoutingContext context) {
	context.addCookie(Cookie.cookie("dog", "Rantanplan"));
	context.response().end();
}